 Let's look at users on their system. Who am I? Remember who am I returns the current logged in user, the user for this terminal. If I run it in a different terminal, I'm a different person. I'm instructor on this terminal. Who am I for this terminal? I'm logged in as the instructor. And here the student user. So who am I returns the user? What users are on this computer? So we know we're logged in as student. You can guess as an instructor user, which other users have accounts on these computers? Can anyone tell me what other users are there? When you have the quiz question, how are you going to find the users? Well there's different ways. Remember think about your home directory. The normal case is each user has a home directory. I'm currently in slash home slash student. The student user's home directory is slash home slash student. So we'd expect other users would have slash home slash username. Let's look in the slash home directory, ls slash home and see what other directories are there and that may tell us about some of the other users. And I'll use less because I know there's a long list there. And we see there are a bunch of users. And we guess that these are users because they have home directories and you recognize some of the names. So that's a quick way to see something about users. Maybe a more precise way is that the operating system stores a list of users and when a user logs in, the operating system needs to check the username and password. So when you log in, you supply your username and password and the operating system checks what you supplied against who's already had an account created. So the operating system stores the list of users in a file. Let's have a look at that. For Linux, it's common that configuration files for the operating system are stored in the ETC directory, etc. That's a common place to store config files. So use less to look at, there's a text file in there to list. The text file that stores the list of users on this system is past WD, short for password, because the user names usually have passwords associated with them. So this is a text file that lists all the users and some information about them. Have a look at it. The format is one user per line. And on each line for each user, there's some fields separated by the colon character. And we'll go through one of the examples, the details. First, we know there are many users here. The root user, daemon user, bin user, sys user. The root user is the admin. So you can log in as the root user. They have a home directory, a special home directory, it's actually slash root. And you can do things as the root user if you know the password. The daemon user and many of these others are what we call system users. And they're not real or normal users that can log in. They use to run operating system programs or application servers usually. So normally we don't use these users. They're not something we can log in as. And you may note at the end it says something about no log in. So it's a special type of system user. If we scroll through. So system users are for special operating system tasks. I think somewhere you'll see MySQL, for example, there's a system user for running the MySQL database server. We don't log in as that user normally. It's just for running the server. So we want to focus on the normal users. There's a root user, system users, the normal users. There is instructor. You scroll down, you see somebody start to recognize. TA student. And then what I've done as you notice I've set up users for each of us or each of you based upon your name. So just some fake user or user accounts that we can use for testing. Let's look at the student user. The structure of this file is for every line. The first field is the user name. The second field is the password. The third field is the user number. So we have a name and a number, so unique number. Users belong to groups. And they must be in one group. So this is the default group they're in, but the group number. This information is some human friendly information about the user. Maybe they're full name. So note what's different here, the uppercase S. This may be displayed on the graphical login when you see your name there. Note for the named users, I haven't given the full name. I've just repeated the user name. But you could see the full name here, the email address, the phone number and so on. This is the home directory. Slash home slash student and you see most of them are slash home slash username. That's the default setup. And this is the software that runs when this user logs in. And we've said before bash is the software that interprets the commands on the command line. It understands what you type. So that's the normal setup. We care about the username and the password. Well, you notice that the password for all the users is X. It's not the actual password that X here means the password information is stored in another file. So it's not actually stored in this file. This is the operating system list of users. Where is the password information stored? It's in another file that's called in the shadow file. So let's have a look at that. Quit, queue to quit. Open up the shadow file. That stores the password information for those users. It will include the user names and then information about all their passwords. And you can see the password of all the other users. Well, no, you can't. So the normal user cannot see the password of other users. By default, the permissions are set up so that you cannot look at this file. It is a text file. I'll show you later. But the normal user, the student user in this case, cannot look inside this file. They can see the set of users in the past WD file, but they cannot see the password information in the shadow file. That's the security measure to do some access control. We can change between users. So we do everything as the student user, but you may have realized that I've created a separate user count based on your name. It's your first name followed by the first letter of your last name. And you can log in as that user just for doing some small tasks or demos. So to change users, we can switch between users using SU. And I'll just choose a random user from the list. You switch to U. Type in your name. SU switches users, switches to that user, and you need the password for that user. And for this I've set up, it's the same as your username. So I'm now logged in as a different user. If I go home, CD, I'm now in the home directory of this second user I'm logged in as. So now everything I do, I do it as this named user, not as the student user. SU switches users. Very simple. Just note the password was the same as the username, just so we can easily switch between different users. Some of the tasks today I'll say use your named user. That is switch to the name, the user based on your name, not the student user. If you want to exit and go back to the other user, use exit. And now I'm back as the student user. So SU switches to the named user, exit comes back. I can switch to the root user, or if I just use SU, switch user on itself by default goes to the root user. The other meaning of SU is super user. Super user is like admin or root user. So SU on its own, we sometimes think means switch to super user. And I log in as the super user which is actually named the root user. Who am I, root, CD, note their home directory is slightly different. Their home directory is just slash root. Of course you need the password to switch to other users and you don't have the root password. So you can't switch to the root user. Probably wouldn't be too hard to guess it, but there's no need for. And as the root user I can do anything, including look in the shadow file. So the shadow file is the one we said stores the password information. And we see it's similar as the username and then some information about the password. Let's go down to our student user and look at the password information. The password information is this long field. The numbers at the end are something like when you last change your password, when you need to change your password in the future. But this is the long field which is the password information. You notice it's not the password. We know the password for student is student. This is not the password. We don't, in fact, we don't encrypt that, the password. We do something which has the similar purpose. We calculate the hash of the password. And we'll cover this in the security and cryptography course. What we do is we take the password. We attach another usually random number. This value here between the two dollars hines. It's called the salt. We take the password. We give it some salt to make it more tasty. And then we hash that salted password. We use a hash algorithm, hash algorithm number six. And the hash takes that input and generates a basically a random output that is for that particular input and that random hash value is here. So the idea is the password information, the password itself is not stored but a hash of the password is stored such that even though we can see this file now, you can't see the password. And to find the password given this hash value is practically impossible because the cryptographic nature of the hash algorithm is that if you have the hash value as output, it's practically impossible to find the original input. So that's a security measure so that no one can see the actual password even if they can see this file. The other security measure is that the normal users can't even see this file. When a student logs in, they supply their password, the system calculates the hash of the password and compares against this value and again another property of the hash function, the hash of two inputs which are the same will produce the same output if they match the user logs in. We will see the details of that in authentication in security and crypto. So you can see the hash B can't see the password. Q to quit. Exit out. Last command when we're talking about users and permissions. So we saw that some users cannot do some things. That is the student user couldn't look at the shadow file. We'll return later after the break about permissions on files. But similarly some users cannot run programs. Some programs are protected. Especially programs that give you special privileges or need special privileges on the operating system like network type programs. I'll just switch to my other terminal because I need to be logged in as the instructor or not to a different user. But you can do it as the student user. There's a program called IP traffic. It shows us the internet protocol traffic, the IP traffic. It's a networking program we'll use in later labs. It shows the packets being sent and received. Most networking programs or some of them are protected. Not any user can run them. So when I try to run IP traffic, it says this program can only be run by the system admin. We don't have permissions to run it. But I would like to allow everyone to run it so that we can actually see the network traffic. So the common way to do that is to set up the computer so that some programs, the student user and the instructor user can run these special programs. And I've set that up. What we want to do is we want to run this program as the system administrator. The other name of the system administrator is root. Or another name is the super user. So we'd like to do this program as the super user. Do IP traffic as the super user? Super user do IP traffic. And you've heard of pseudo I think before. The idea to do this program, run this program as a different user, as the super user by default. We can actually switch to a different user if we want. And that tries to run this program as the super user. And I've set up these computers so that you're allowed to do that. It asks for your password. You should be doing this as a student. Not as your named user. I'm doing it as instructor. I type in my instructor password. And I see that it returns an error in my case because I've zoomed in too far. Try it again. So pseudo, followed by the command tries to execute that command as the super user. Now it needs to be set up in advance as to which commands you can try. You can't do anything with pseudo. Try or return an error if you try other things. And just to demonstrate IP traffic just shows some statistics about packets being sent and received. There's not much happening on my computer. Just shows packets being sent and received on my computer. So pseudo allows us to run a command as the super user or as the root user when it's protected command. We'll use that later in some networking commands. If you don't have permissions, try pseudo first. Exit to exit. So we can switch users. We can run commands as super users using pseudo. We've seen a little bit about where passwords and user information is stored. Later we'll see permissions on files.