Root Login

  The ``problem'' with only having a ``root'' account on a machine, is that root can do whatever he/she wants. Delete files, format partitions, .... Potentially a lot of damage. The root account should only be used when absolutely necessary. Updating the operating system, adding or updating new system programs; those kind of tasks require a root login. For all other tasks, you should be logging in as some other user which has fewer privileges than root has. Looking through the /etc/passwd file doesn't really help, because there are lots of IDs there that should never be associated with an interactive shell.

We want a ``user'' login, one which has a ``home'' directory somewhere in the /home directory. To do this, we need to create an entry in the /etc/passwd file, and also set up some default files/directories. On most systems, there is a program which helps the root user to do this. Sometimes this program is called adduser, sometimes it is called useradd. On my SuSE 5.3 Linux system, it is called useradd.

Now, like just about every command, there are a whole slew of options available. Fortunately, for this purpose we probably don't need to use any of the options. If we are charged with administering a system for use by others, it is entirely possible that we may want to use some of these options. But for home use, where we just need some non-privileged ID for ordinary use, no options are likely to be needed.

What do we choose for a login ID? Generally, something convenient. Typically, a user ID is less than 9 characters long. It should contain at least 1 lower case letter. When you create a new user ID this way, the initial password is empty. Which is NOT a good thing! The first time someone logs in to the user ID, they will be prompted for a new password. For a home system not connected to the Internet, this isn't a problem. But, if you are connected to the Internet, please login soon to have some kind of password assigned.

The choice of password may not be left entirely up to you. Many operating systems require the user to pick a password which is not easy. Some examples of easy passwords are:

• the user ID,
• the user ID backwards,
• the user's first name,
• the user's last name,
• a word in the dictionary,

etc. Some systems go even further. They require that the password not be pronounceable, that the password not be a word after simple substitutions are done (substituting $ for s, 1 for l, etc.). You see, passwords are one of the least secure parts of this process, and it is in your best interest to pick something not obvious or easily guess-able. Of course, root can set anybody's password to anything at all.

Oh, the root login may or may not have a password associated with it. This will be documented somewhere. But it is VERY IMPORTANT, that the root password follow at least the rules I've outlined above. It should not be a ``trivial'' task to guess the root password. Having a trivial password for root is very much like walking around with a ``Kick Me'' sign on our backs.