In this second Unix lesson, it’s time for you to log in to the system and try some commands. This hour focuses on learning the basics of interacting with your Unix machine.
This hour introduces many commands, so it’s very important that you have a Unix system available on which you can work through all the examples. Most examples have been taken from a PC running Solaris 11, a variant of Unix System V Release 4, and have been double-checked on both a BSD-based system and a Mac OS X command line. Any variance between the three is noted. If you have a Unix system available, odds are good that it’s based on either AT&T System V or Berkeley Unix.
Beginning Your Session
Before you can start interacting with the Unix command shell of your choice, you need to learn how to log in to your account. The good news is that it’s easy! Let’s have a look.
Task 2.1: Logging In to and Out of the System
Because Unix is a multiuser system, user authentication is always enforced: You always need to provide credentials (generally a username and a password) to the system so that it knows who you are. Some modern user-friendly flavors of Unix (such as Mac OS X) allow you to bypass this requirement by always booting into a single user’s desktop session, but this is just a convenience feature; under the hood, all Unix flavors are the same, and all require that you authenticate yourself at some stage of the process.
Old-school hardware terminals do still exist, or you might choose to boot a Linux or FreeBSD box directly to the textual console; but if you’re new to Unix, you’ll most likely need an application known as a terminal to access the command line. Most graphical operating systems include one. I use the Terminal app included with Mac OS X (in the Utilities folder) whether I’m accessing my local system or just opening an environment in which to connect to a remote system via ssh.
If you need to actually log in, the first thing you’ll see on the screen will look something like this:
GNU/Linux ado.aplonis.net 5:38pm on Tue, 8 Jul 2014 login:
The first line of this challenge prompt indicates what variant of Unix the system is running (GNU/Linux in this case), the hostname of the computer system, and the current time and date. The second line asks for your login, also known as your username or account name.
- Know your account name. It would be nice if computers could keep track of users by simply using full names so that I could enter Dave Taylor at the login prompt. Alas, like the Internal Revenue Service, the Department of Motor Vehicles, and many other agencies, Unix does not use names but instead assigns each user a unique identifier. This identifier, called an account name, has eight characters or fewer and is usually based on the user’s first or last name, although it can be any combination of letters and numbers. I have two account names, or logins, on the systems I use: taylor and, on another machine where someone already had that account name, d1taylor.
Know your password. Perhaps your account name is on a piece of paper with your initial password, both assigned by the Unix system administrator. If you do not have this information, you need to track it down before you can go further. Some accounts might not have an initial password; in that case, you won’t have to enter one the first time you log in to the system. If that’s the case, create a password for your own security. In a few minutes, you will learn how you can give yourself the password of your choice by using the Unix command passwd.
Note that a lot of systems are accessible only through the ssh function, and so a common way to connect to a modern system is to open up a local terminal app on your Mac or PC and type in something like:
$ ssh firstname.lastname@example.org
where taylor is the account name and intuitive.com is the name of the remote host. If that’s how you need to access your Unix system remotely, it’s actually easier than using the login/password sequence; you just need to make extra sure that you type in everything exactly as prompted.
At the login prompt, enter your account name if needed:
login: taylor Password:
Be particularly careful to use exactly what your administrator tells you to use (for example, the accounts taylor, Taylor, and TAYLOR are all different to Unix). After you’ve entered your account name, the system moves the cursor to the next line and prompts you for your password. If you’re using the ssh sequence, then the prompt will include your account name, as shown here:
Either way, when you enter your password, the system won’t echo it (that is, won’t display it) on the screen. That’s okay. Lack of an echo doesn’t mean anything is broken; instead, this is a security measure to ensure that even if people are looking over your shoulder, they can’t learn your secret password by watching your screen. Be certain to type your password correctly because you won’t see what you’ve typed and have a chance to correct it.
After you’ve successfully entered your account name and password, you are shown some information about the system, some news for users, perhaps a fortune, and an indication of whether you have electronic mail. The specifics will vary, but here’s an example of what I see when I log in to my account:
login: taylor Password: Last login: Thu Jul 7 17:00:23 on ttyAe You have mail. $
Your system might be configured so that you have a slightly different prompt here. The possibilities include a % for the C shell, your current location in the file system, the current time, the command-index number (which you’ll learn about when you learn how to teach the Unix command-line interpreter to adapt to your work style rather than vice versa), and the name of the computer system itself. Here are some examples:
[/users/taylor] : (mentor) 33 : taylor@mentor %
Your prompt might not look exactly like any of these, but you know you’re looking at a prompt because it’s at the beginning of the line on which your cursor sits, and it reappears each time you’ve completed working with any Unix program. That’s how you know the program has completed its task.
At this point, you’re ready to enter your first Unix command, exit, to sign off from the computer system. Try it. On my system, entering exit shuts down all my programs and quits the terminal app. On other systems, it returns you to the login prompt. Many Unix systems offer a pithy quote as you leave, too.
% exit He who hesitates is lost. login:
If you have a direct connection to the computer because you’re using a shared system in a computer center, library, or similar, odds are very good that logging out causes the system to prompt for another account name, enabling the next person to use the system. If you manually connected to the system via the Internet, you probably will see something more like the following example. After being disconnected from the remote system, you’ll then be able to safely shut down your local computer:
% exit Did you lose your keys again? Connection to 22.214.171.124 closed.
At this point, you’ve stepped through the toughest parts of getting started with Unix. You have an account, know the password, have logged in to the system, and have entered a simple command telling the computer what you want to do, and the computer has done it!
Task 2.2: Changing Passwords with passwd
Having logged in to a Unix system, you can clearly see that many differences exist between Unix and a PC or Macintosh personal computer. Certainly the style of interaction is different. With Unix command lines, the keyboard becomes the exclusive method of instructing the computer what to do, and the mouse sits idle. One of the greatest differences is that Unix is a multiuser system, as you learned in the preceding hour. As you learn more about Unix, you’ll find that this characteristic has an impact on various tasks and commands. The next Unix command you’ll learn about is one that exists because of the multiuser nature of Unix: passwd.
With the passwd command, you can change the password associated with your individual account name. As with your personal identification number (PIN) for automated-teller machines, the value of your password is directly related to how secret it remains.
Consider what happens when I use the passwd command to change the password associated with my account:
% passwd Changing password for taylor. Old password: New passwd: Retype new passwd: %
Notice that I never received any visual confirmation that the password I actually entered was the same as the password I thought I entered. This is not as dangerous as it seems, though, because if I had made any typographical errors, the password I entered the second time (when the system said Retype new passwd:) wouldn’t have matched the first. In a no-match situation, the system would have warned me that the information I supplied was inconsistent:
% passwd Changing password for taylor. Old password: New passwd: Retype new passwd: Mismatch - password unchanged. %
Smart systems will complain if you pick a really bad password or one that’s just obviously too short. I tried cat on my Oracle Solaris system, and the passwd command complained:
passwd: Password too short - must be at least 6 characters.
Oops. In the next section you’ll learn about how to pick good, hard-to-guess but easy-to-remember passwords.
After you change the password, don’t forget it. Resetting it to a known value if you don’t know the current password requires the assistance of a system administrator or other operator. Using a trick to remember your password can be a Catch-22, though: You don’t want to write down the password because that reduces its secrecy and you don’t want to make it too easy to remember because someone else can then guess it, but you don’t want to forget it, because that can be all sorts of hassle. You want to be sure that you pick a good password, too, as described in Task 2.3.
Task 2.3: Picking a Secure Password
If you’re an aficionado of old movies, you are familiar with the thrillers in which the hoods break into an office and spin the dial on the safe a few times, snicker a bit about how the boss shouldn’t have chosen his daughter’s birthday as the combination, and crank open the safe. (If you’re really familiar with the genre, you recall films in which the criminals rifle the desk drawers and find the combination of the safe taped to the underside of a drawer as a fail-safe, or a failed safe, as the case may be. Hitchcock’s great film Marnie has just such a scene.) The moral is that even the best secret password is useful only if you keep it secret.
For computers, security is tougher because a fast computer system can test all the words in an English dictionary against your account password faster than you can say “don’t hack me, bro.” If your password is kitten or, worse yet, your account name, any semicompetent bad guy could be in your account and messing with your files in no time. This is called a dictionary attack.
Most modern Unix systems have some heuristics, or smarts, built in to the passwd command; the heuristics check to determine whether what you’ve entered is reasonably secure.
The tests performed typically answer these questions:
- Is the proposed password at least six characters long? (A longer password is more secure.)
- Does it have both digits and letters? (A mix of both is best.)
- Does it mix upper- and lowercase letters? (A mix is best.)
- Does it include at least one punctuation character? (adding a %, !, @, or even . is best)
- Is it in the online dictionary? (You should avoid common words.)
- Is it a name or word associated with the account? (Dave would be a bad password for my account taylor because my full name on the system is Dave Taylor).
Some versions of the passwd program are more sophisticated, and some less, but generally the following are good guidelines for picking a secure password:
- An easy way to choose memorable and secure passwords is to think of them as small sentences rather than as a single word with some characters surrounding it. If you’re a fan of Alexander Dumas and The Three Musketeers, then “All for one and one for all!” is a familiar cry, but it’s also the basis for a couple of great passwords. Easily remembered derivations might be the punnish awl4ONE? or a41&14A!.
- If you’ve been in the service, you might have the old U.S. Army jingle stuck in your head: “Be All You Can Be.” Try thinking of that phrase as a series of abbreviations and letters: ballucanb. Turn that into a good password with a few additional tweaks: 4ballu@canb. You might have a self-referential password: account4me or MySekrit would work. If you’re ex-Vice President Dan Quayle, 1Potatoe could be a memorable choice. (potatoe by itself wouldn’t be particularly secure because it lacks digits and lacks uppercase letters and because it’s a simple variation on a word in the online dictionary.)
- Another way to choose passwords is to find acronyms that have special meaning to you. Don’t choose simple ones. Remember, short ones aren’t going to be secure. But if you have always heard that “Real programmers don’t eat quiche!” then Rpdeq! could be a complex password that you’ll easily remember.
- Many systems you use every day require numeric passwords to verify your identity, including the automated-teller machine (with its PIN), government agencies (with the Social Security number), and the Department of Motor Vehicles (your driver’s license number or vehicle license). Each of these actually is a poor Unix password because it’s too easy for someone to find out your license number or Social Security number. And a series of nothing but numbers is a terrible password anyway!
Why be so paranoid? For a small Unix system that will sit on your desk and won’t have any other users, a high level of concern for security is, to be honest, unnecessary. As with driving a car, though, it’s never too early to learn good habits. Any system that has Internet access means that it’s probably accessible from the Internet, too, and that means it’s at risk of hackers trying to break in, a target for delinquents who relish the intellectual challenge of breaking into an account and then altering and destroying files and programs purely for amusement.
The best way to avoid trouble is to develop good security habits now, when you’re first learning about Unix. Learn how to recognize what makes a good, secure password, pick one for your account, and keep it a secret. Don’t write it down, or, if you must, keep that note secure too and notify your admin if it gets lost. A little prevention can be a lot easier than mopping up after a security breech.
With that in mind, log in again to your Unix system and try changing your password. First, change it to easy and see whether the program warns you that easy is too short or otherwise a poor choice. Then try entering two different secret passwords to see whether the program notices the difference. Finally, pick a good password, using the preceding guidelines and suggestions, and change your account password to be more secure.