home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam    

Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: II. User Responsibilities Chapter 3 Next: 3.2 Passwords

3. Users and Passwords

This chapter explains the UNIX user account and password systems. It also discusses what makes a good password.

Good password security is part of your first line of defenses against system abuse.[1] People trying to gain unauthorized access to your system often try to guess the passwords of legitimate users. Two common and related ways to do this are by trying many possible passwords from a database of common passwords, and by stealing a copy of your organization's password file and trying to crack the encrypted passwords that it contains.

[1] Another part of your first line of defense is physical security, which may prevent an attacker from simply carting your server through the lobby without being questioned. See Chapter 12, Physical Security for details.

After an attacker gains initial access, he or she is free to snoop around, looking for other security holes to exploit to attain successively higher privileges. The best way to keep your system secure is to keep unauthorized users out of the system in the first place. This means teaching your users what good password security means and making sure they adhere to good security practices.

Sometimes even good passwords aren't sufficient. This is especially true in cases where passwords need to travel across unprotected networks. With default network protocols and defenses, these passwords may be sniffed  - read from the network by someone not authorized to know the passwords. In cases of this kind, one-time passwords are necessary.

3.1 Usernames

Every person who uses a UNIX computer should have an account . An account is identified by a username. Traditionally, each account also has a secret password associated with it to prevent unauthorized use. Usernames are sometimes called account names . You need to know both your username and your password to log into a UNIX system. For example, Rachel Cohen has an account on her university's computer system. Her username is rachel. Her password is "Iluvfred." When she wants to log into the university's computer system, she types:

login: rachel
password: Iluvfred

The username is an identifier: it tells the computer who you are. The password is an authenticator : you use it to prove to the operating system that you are who you claim to be.

Standard UNIX usernames may be between one and eight characters long. Within a single UNIX computer, usernames must be unique: no two users can have the same one. (If two people did have the same username, then they would really be sharing the same account.) UNIX passwords are also between one and eight characters long, although some commercial UNIX systems now allow longer passwords. Longer passwords are usually more secure because they are harder to guess. More than one user can theoretically have the same password, although if they do, that indicates that both users have picked a bad password.

A single person can have more than one UNIX account on the same computer. In this case, each account would have its own username. A username can be any sequence of characters you want (with some exceptions), and does not necessarily correspond to a real person's name.

NOTE: Some versions of UNIX have problems with usernames that do not start with a lowercase letter or that contain special characters such as punctuation or control characters. Usernames containing certain unusual characters will also cause problems for various application programs, including some network mail programs. For this reason, many sites allow only usernames that contain lowercase letters and numbers and that start with a lowercase letter.

Your username identifies you to UNIX the same way your first name identifies you to your friends. When you log into the UNIX system, you tell it your username the same way you might say, "Hello, this is Sabrina," when you pick up the telephone.[2] When somebody sends you electronic mail, they send it addressed with your username. For this reason, organizations that have more than one computer often require people to have the same username on every machine, primarily to minimize confusion with electronic mail.

[2] Even if you aren't Sabrina, saying that you are Sabrina identifies you as Sabrina. Of course, if you are not Sabrina, your voice will probably not authenticate you as Sabrina, provided that the person you are speaking with knows what Sabrina sounds like.

There is considerable flexibility in choosing a username. For example, John Q. Random might have any of the following usernames; they are all potentially valid:

john johnqr johnr jqr jqrandom jrandom random randomjq

Alternatively, John might have a username that appears totally unrelated to his real name, like avocado or t42 . Having a username similar to your own name is merely a matter of convenience.

Most organizations require that usernames be at least three characters long. Usernames that are only one or two characters are valid, but they are usually discouraged. Single-character usernames are simply too confusing for most people to deal with, no matter how easy you might think it would be to be user "i" or "x". Usernames that are two characters long are easily confused between different sites: is the same person as ? Names with little intrinsic meaning, such as t42 and xp9uu6wl , can also cause confusion, because they are more difficult for correspondents to remember.

Some organizations assign usernames consisting of a person's last name (sometimes with an optional initial). Other organizations let users pick their own names. A few organizations and online services assign an apparently random string of characters as the usernames, although this is not often popular with users or their correspondents: user xp9uu6wl may get quite annoyed at continually getting mail misaddressed for xp9uu6wi , assuming that anyone can remember either username at all.

UNIX also has special accounts which are used for administrative purposes and special system functions. These accounts are not normally used by individual users, as you will see shortly.