The first time you install BSD, you face a huge learning curve. Unless you come from a UNIX environment, it's a totally new way of thinking. There are several things that people assume you know and therefore leave out of the documentation, or they have arranged the documentation in such a way that you have to know about it to find it.
This happens a lot in the UNIX world. The man(1) pages which are the primary source of UNIX online documentation, assume that you already know what command you are trying to learn about and how it is spelled. (Commands found in the manual are often tagged with their manual section in parenthesis like this: man(1). The 'man' command is found in section 1 of the manual. Try typing 'man man' for more information on the 'man' command.)
If you don't already know the command you are trying to learn, the man pages won't help much. Another place people seem to cut short on documentation is immediately after installation.
This happens a lot in the UNIX world. The man(1) pages which are the primary source of UNIX online documentation, assume that you already know what command you are trying to learn about and how it is spelled. (Commands found in the manual are often tagged with their manual section in parenthesis like this: man(1). The 'man' command is found in section 1 of the manual. Try typing 'man man' for more information on the 'man' command.)
If you don't already know the command you are trying to learn, the man pages won't help much. Another place people seem to cut short on documentation is immediately after installation.
The install process on BSD is getting easier and easier, therefore more people with fewer UNIX skills are getting through the install process. Because of this, there seems to be a growing number of people that get BSD installed, and have no clue what to do when presented with the first login prompt.
Darwin/BSD (localhost) (console) login:
Because BSD is a highly secure operating system, unless the new user knows the default login name and password, the newly installed BSD system is useless to them. The command line interface is also foreign to most new generation users.
The Default Login
On all BSD systems, the initial default user name is 'root'. It is the only user on the system that is allowed to login initially and generally; root is not allowed to login remotely.
Allowing root to login remotely would be a bad security policy, because root is also the superuser. The superuser has full administrative access to the system, and can cause the most harm through mistake or misuse.
For those who come from single user systems, such as Windows or Apple, not having an automatic login can be a bit frustrating. BSD is inherently multi-user, even on a desktop machine that only one person is using.
If you leave your computer on, there could be 5 different automated users performing scheduled functions. Things such as sending e-mail, logging events, task scheduling, and volume indexing. These tasks are performed by various internal users with different levels of security authorization.
If you leave your computer on, there could be 5 different automated users performing scheduled functions. Things such as sending e-mail, logging events, task scheduling, and volume indexing. These tasks are performed by various internal users with different levels of security authorization.
Root doesn't usually have a initial password by default and you may have been prompted to set the root password during the installation. If the root password is unset, it is important to set it now.
Setting the root password
The command 'passwd' will change a password. If you type 'passwd' by itself, it will change your password. If you are the root user, you can use it to change other people's passwords. To change another person's password, type 'passwd username', substituting the actual user's login name for 'username'.
# passwd
Changing local password for root
New Password:
Retype New Password:
When you type the new password, it will not be displayed on the screen; however, it will be recorded. It will make you retype the password to confirm that you really typed what you wanted to. If you do not enter a password of at least 6 characters, or the password only contains lowercase letters, it will make you start over and choose a more secure password.
Creating another user
BSD has a script, called adduser, that makes it easy to create a new user. All you have to know to create a new user is the name of the person, and what you want the login account to be - the script can take care of the rest. It does, however, allow you the option of overriding the default values with your own. For now, the defaults should be sufficient.
# adduser -silent
Use option ``-verbose'' if you want to see more warnings and questions
or try to repair bugs.
I used the -silent flag to tell it I didn't want the extra information and options that are available. You only have to use the -silent flag once and it will remember it until you use the -verbose flag to switch it back.
Enter username [a-z0-9_-]: maxh
Enter full name []: Max Headroom
Enter shell csh date no sh [sh]: sh
The shell is your command line interpreter. It reads in the commands you type and tries to decipher them. There are several different shells to choose from. Most people use either bash or tcsh as their shell, however only csh and sh are installed by default. If you want to use a different shell, and you don't have it installed now, you can change your shell later using the 'chpass' command.
Enter home directory (full path) [/home/maxh]:
Uid [1002]:
The uid is the User ID number that the system uses to keep track of people. These should be unique on the system and the default number here should be sufficient.
Enter login class: default []:
The login class is a new feature in some versions of BSD. It allows you to set up resource limits for groups of users.
Login group maxh [maxh]:
Login group is ``maxh''. Invite maxh into other groups: guest no
[no]: wheel
The login group tells UNIX what security group you belong to. The group 'wheel' is an important group that classes you with the superuser. If you aren't in the group 'wheel,' you can't gain root access remotely. You can invite special users into the group 'wheel,' or create a separate security group for people who need to work together.
Enter password []:
Enter password again []:
You will be asked for the user's password twice and it will not be displayed. Afterwards, it will display all of the user's information and ask if it is correct.
Name: maxh
Password: ****
Fullname: Max Headroom
Uid: 1002
Gid: 1002 (maxh)
Class:
Groups: maxh wheel
HOME: /home/maxh
Shell: /bin/sh
OK? (y/n) [y]:
If you make a mistake, you can start over, or its possible to correct most of this information using the 'chpass' command.
Editing User Information.
The command 'chpass' allows you to edit user information. Typed by itself, chpass will edit your personal information. As root, you can use it to modify anyone's information.
chpass uses your default editor to make changes to the user. If you haven't changed it, it is often set to use 'vi'. Vi is a powerful text editor, but it is often very difficult for a new user to understand. If you get started using 'vi', you can easily get stuck and not be able to get out of it.
You can change the default editor using 'setenv EDITOR vi' on some shells, and using 'set EDITOR=vi ; export EDITOR' on others. (Change 'vi' to the editor you feel most comfortable using, be careful of word wrap though!)
# chpass maxh
This will bring up information about the user 'maxh' in the 'vi' editor. The password line is encrypted, so dont change it, unless you are trying to disable the user. Then just add a '#' in front of the password string, so you can easily remove it later when you want to re-activate the user.
#Changing user database information for maxh. Login: maxh Password: $1$cFQcwB4t$/rMNdZRE0N./06hHYHJft0 Uid [#]: 1000 Gid [# or name]: 1000 Change [month day year]: Expire [month day year]: Class: Home directory: /home/maxh Shell: /bin/sh Full Name: Max Office Location: Office Phone: Home Phone: Other information: ~ ~ ~ ~ ~ ~ ~ ~ /etc/pw.yw5377: unmodified: line 1(The little '~' characters are a give away that this is vi. It indicates an empty section in the document. )
Quick and Dirty Vi Commands
Vi has two modes, a command mode and text entry mode. There are more things it can do besides those two modes, but we will save that for later. In command mode, you can use the letters 'j' and 'k' to move up and down lines. The letters 'h' and 'l' move the cursor left and right.
To change the shell for this user, use the 'j' key to move the cursor down to the correct line, then use the 'l' key to move the cursor to the left until it meets the first '/'. At this point, press 'C' and vi will enter text entry mode and modify everything from the cursor to the end of the line. Type in the location of the new shell. Something like '/usr/local/bin/tcsh', or '/usr/local/bin/bash'. When you are done typing in the path, press the 'ESC' key. This will return you to command mode.
When your change is complete, and you are back in command mode, press ':wq' to save and exit. If you make a mistake, return to command mode and press 'u'. It will undo one change. If you really screw things up and don't want to save your changes so you can start over, press ':q!' from command mode and it will force it to exit without saving.
That should be all you need to know to get in and make the necessary change. Please consult a complete vi tutorial to learn how to make it work for you. The man pages for vi are also helpful.
Mere Mortal Users
Now that you have created another user account, you should log out as root and log in as the new user. It's much safer to learn the new system as a 'mere mortal'. You run a much lower risk of screwing up the system beyond repair. While you are a mere-mortal, you can switch to root using the 'su' command. If you type 'su' by itself, it assumes that you want to become the superuser, however, you can use it to become any other user provided you know their password. The root user doesn't need to know any passwords to become other users.
There is a catch though, you can't switch to the root user if you are not included in the security group wheel. All group member lists are kept in the /etc/group file. If the login name is not listed in the /etc/group file as a member of the 'wheel' group, they can't 'su' to root.
To add a user to the wheel group, edit the /etc/group file and add the user name. The list of login names is delimited by commas.
# vi /etc/group
wheel:*:0:root,maxh
daemon:*:1:daemon
kmem:*:2:root
sys:*:3:root
tty:*:4:root
operator:*:5:root
maxh:*:1000:
ftp:*:1001:
nogroup:*:65533:
nobody:*:65534:
~
/etc/group: unmodified: line 1
In vi, the cursor should already be on the correct line. Just press 'A' to start appending to the end of the line and type a ', username'. The ',' separates the usernames. Then press 'ESC' to get back into command mode and type ':wq' to save and quit.
You can now 'su' to root using the user you just added to the wheel group in /etc/group.
# su
Password:
Very little exciting happens when you successfully 'su' to root. Your prompt will change to a '#' if it isn't one already. However, if you fail in your attempt to 'su' to root, it gets logged in the system logs.
Now if you need to log in remotely, you can log in as the normal user and use 'su' to switch to root. If you plan on using root remotely, it is advised that you install ssh to provide encryption during your connection.
At this point, you should be able to:
- Log in as the root user.
- Change passwords.
- Choose a shell.
- Create a user.
- Add a user to the 'wheel' group.
- Switch to the root user from a normal user.
- Get out into and out of vi safely.
Now you need to look around the system.
Learning about commands on your own
The BSD system comes with online documentation for all of its commands. This documentation is accessed throught the 'man' command and information about commands are referred to as 'man pages'. The BSD system keeps most of the commands that you need to learn in a few directories.
User commands are kept in /bin, /usr/bin and /usr/local/bin, while commands typically used for altering system status (reconfiguring a network interface, rebooting the system, mounting a new filesystem, etc.) are kept in /sbin, /usr/sbin, and /usr/local/sbin.
#cd /bin
#ls
[ dd kill ps sh
cat df link pwd sleep
chio domainname ln rcp stty
chmod echo ls red sync
cp ed mkdir rm test
csh expr mv rmail unlink
date hostname pax rmdir
The command 'cd' will change directories to the directory you want to look in, and 'ls' will give you a listing of the files in there. Each file in those directories is a command that you can learn more about. Type 'man' followed by the command that you want to learn about and it will bring up the documentation.
#man ls
LS(1) FreeBSD General Commands Manual LS(1)
NAME
ls - list directory contents
SYNOPSIS
ls [-ABCFHLPRTWabcdfgikloqrstu1] [file ...]
DESCRIPTION
For each operand that names a file of a type other than directory, ls
displays its name as well as any requested, associated information. For
each operand that names a file of type directory, ls displays the names
of files contained within that directory, as well as any requested, asso-
ciated information.
Pressing the SPACE bar will advance you a page and pressing 'q' will quit the man page. The way the man page is displayed is controlled by your pager, usually 'more'. You can learn more about how to make the man page scroll up and down by reading up on 'more'.
#man more
MORE(1) FreeBSD General Commands Manual MORE(1)
NAME
more - file perusal filter for crt viewing
SYNOPSIS
more [-ceinsu] [-t tag] [-x tabs] [-/ pattern] [file ...]
DESCRIPTION
More is a filter for paging through text one screenful at a time. It us-
es termcap(3) so it can run on a variety of terminals. There is even
limited support for hardcopy terminals. (On a hardcopy terminal, lines
which should be printed at the top of the screen are prefixed with an up-
arrow.) File may be a single dash (``-''), implying stdin.
This should be enough to get you started using the BSD system and learning about general commands. Take some time to look through all the directories listed above and try out the commands after you have read the man pages for them.
No comments:
Post a Comment