More About Logging In

Refer to "Logging In on the System" on page 83 for information about logging in on the system and changing your default desktop environment (KDE or GNOME).

Security: Always use a password

Unless you are the only user of a system; the system is not connected to any other systems, the Internet, or a modem; and you are the only one with physical access to the system, it is poor practice to allow any user to log in without a password.

The Login Screen

Four icon/word buttons appear below the Username/Password text box on the Login screen. Click these icons to change aspects of the session you are about to log in to. You can also press F10 to display a pop-up menu with similar choices.

Language Displays a window from which you can select the language for the session you are about to start. This change affects window titles, prompts, error messages, and other textual items displayed by GNOME, KDE, and many applications. Just after you log in, the system asks whether you want to make this change in languages permanent or if it is a one-time change.
Session Displays the Sessions dialog box, which presents several choices concerning the session you are about to start. Choose one of the following, click OK, and continue logging in:
- Last Session Brings up the same desktop environment you used the last time you logged in.
- Default System Session Brings up the default desktop environment.
- GNOME Brings up the GNOME desktop environment.
- KDE Brings up the KDE Desktop Environment.
- Failsafe GNOME Brings up a default GNOME session without running any startup scripts. Use this choice to fix problems that prevent you from logging in normally.
- Failsafe Terminal Brings up an xterm terminal emulator window without a desktop manager and without running any startup scripts. This setup allows you to log in on a minimal desktop when your standard login does not work well enough to allow you to log in to fix a login problem. Give the command exit from the xterm window to log out and display the Login screen.
RHEL

Any changes you make in the Sessions dialog box affect the current session only. The next time you log in, you will revert to your default desktop environment (KDE or GNOME). After you log in, use switchdesk (page 116) to change your default desktop environment.
FEDORA

Just after you log in, the system asks whether the change made in the Sessions dialog box is just for this session or if you want to make it permanent. The failsafe logins do not ask this question.
Restart Shuts down and reboots the system.
Shutdown Shuts down the system and turns off the power.

What to Do if You Cannot Log In

If you enter either your username or password incorrectly, the system displays an error message after you enter both your username and your password. This message indicates that you have entered either the username or the password incorrectly or that they are not valid. It does not differentiate between an unacceptable username and an unacceptable passworda strategy meant to discourage unauthorized people from guessing names and passwords to gain access to the system. Here are some common reasons why logins fail:

The username and password are case sensitive. Make sure the CAPS LOCK key is off and that you enter your username and password exactly as specified or as you set them up.
You are not logging in on the right machine. The login/password combination may not be valid if you are trying to log in on the wrong machine. On a larger, networked system, you may have to specify the machine that you want to connect to before you can log in.
Make sure your username is valid. The login/password combination may not be valid if you have not been set up as a user. If you are the system administrator, refer to "Configuring User and Group Accounts" on page 538. Otherwise, check with the system administrator.

Refer to "Changing Your Password" on page 114 when you want to change your password.

Logging Out

To log out of a KDE graphical environment, click the red hat or Centos Linux logo at the lower-left corner of the display and choose Logout from the pop-up menu. From GNOME, select System or Actions from the panel at the top of the screen and click Log Out. From a textual environment, press CONTROL-D or give the command exit in response to the shell prompt.

Using Virtual Consoles

When running Linux on a personal computer, you frequently work with the display and keyboard attached to the computer. Using this physical console, you can access as many as 63 virtual consoles (also called virtual terminals). Some are set up to allow logins; others act as graphical displays. To switch between virtual consoles, hold the CONTROL and ALT keys down and press the function key that corresponds to the console you want to view. For example, CONTROL-ALT-F5 displays the fifth virtual console. This book refers to the console that you see when you first boot a system (or press CONTROL-ALT-F1) as the system console (or just console).

By default, six virtual consoles are active and have text login sessions running. When you want to use both textual and graphical interfaces, you can set up a textual session on one virtual console and a graphical session on another. No matter which virtual console you start a graphical session from, the graphical session runs on the first unused virtual console (number seven by default).

Logging In Remotely: Terminal Emulation and `ssh` or `telnet`

When you are not using a console, terminal, or other device connected directly to the Linux system you are logging in on, you are probably connected to the Linux system using terminal emulation software on another system. Running on your local computer, this software connects to the Linux system via a network (Ethernet, asynchronous phone line, PPP, or other type) and allows you to log in on the Linux machine.

Tip: Make sure TERM is set correctly

No matter how you connect, make sure you have the TERM variable set to the type of terminal your emulator is emulating. For more information refer to "Specifying a Terminal" on page 984.

When you log in via a dial-up line, the connection is straightforward: You instruct the emulator program to contact the computer, it dials the phone, and you get a login prompt from the remote system. When you log in via a directly connected network, you use ssh (secure, page 585) or telnet (not secure, page 363) to connect to the computer. The ssh program has been implemented on many machines, not just on Linux systems. Many user interfaces to ssh include a terminal emulator. From an Apple, PC, or UNIX machine, open the program that runs ssh and give it the name or IP address (refer to "Host Address" on page 353) of the system you want to log in on. For examples and more detail on working with a terminal emulator, refer to "Running Commands from the Terminal Emulator/Shell" on page 93. For more information about logging in from a terminal emulator, see "Logging In on a Terminal" on page 116.

Changing Your Password

If someone else initially assigned your password, it is a good idea to give yourself a new one. A good password is seven or eight characters long and contains a combination of numbers, uppercase and lowercase letters, and punctuation characters. Avoid using control characters (such as CONTROL-H) because they may have a special meaning to the system, making it impossible for you to log in. Do not use names, words from English or other languages, or other familiar words that someone can easily guess.

For security reasons none of the passwords you enter is displayed by any utility.

Security: Protect your password

Do not allow someone to find out your password: Do not put your password in a file that is not encrypted, allow someone to watch you type your password, or give your password to someone you do not know (a system administrator never needs to know your password). You can always write your password down and keep it in a safe, private place.

Security: Choose a password that is difficult to guess

Do use phone numbers, names of pets or kids, birthdays, words a dictionary (not even a foreign language), and so forth. Do not use permutations of these items.

Security: Differentiate between important and less important passwords

It is a good idea to differentiate between important and less important passwords. For example, Web site passwords for blogs or download access are not very important; it is not bad if you choose the same password for these types of sites. However, your login, mail server, and bank account Web site passwords are critical: Never use these passwords for an unimportant Web site.

To change your password from a terminal emulator or other command line, give the command passwd. To change your password from KDE, select Main menu: Settings Password (RHEL uses Main menu: Preferences Password). From GNOME select System: Preferences About Me and click Change Password (RHEL uses Applications: Preferences Password).

The first item the system asks for is your current (old) password. This password is verified to ensure that an unauthorized user is not trying to alter your password. The system then requests the new password.

A password should meet the following criteria to be relatively secure. Only the first item is mandatory.

It must be at least six characters long (or longer if the system administrator sets it up that way).
It should not be a word in a dictionary of any language, no matter how seemingly obscure.
It should not be the name of a person, place, pet, or other thing that might be discovered easily.
It should contain at least two letters and one digit.
It should not be your username, the reverse of your username, or your username shifted by one or more characters.
If you are changing your password, the new password should differ from the old one by at least three characters. Changing the case of a character does not make it count as a different character.

Refer to "Keeping the System Secure" on page 556 for more information about choosing a password.

After you enter your new password, the system asks you to retype it to make sure you did not make a mistake when you entered it the first time. If the new password is the same both times you enter it, your password is changed. If the passwords differ, then you made an error in one of them. In this situation the system displays an error message or does not allow you to click the OK button.

If the password you enter is not long enough, the system displays the following message:

BAD PASSWORD: it is too short

If it is too simple, the system displays this message:

BAD PASSWORD: it is too simplistic/systematic

If the password is formed from words, the system displays this message:

BAD PASSWORD: it is based on a dictionary word

If the system displays one of these messages, enter a longer or more complex password in response to the New UNIX password: prompt.

When you successfully change your password, you change the way you log in. If you forget your password, Superuser can change it and tell you the new password.

`switchdesk`: Changes Your Default Desktop

RHEL

The switchdesk utility tells the system which desktop you want to log in to by default: KDE or GNOME. Initially your account is set up to log in to GNOME by default. To use switchdesk, give the command switchdesk followed by the name of the desktop you want to be the default (gnome or kde).

FEDORA

The switchdesk utility is not installed by default because it is not needed. It is part of the switchdesk package.

Logging In on a Terminal

Before you log in on a terminal, terminal emulator, or other textual device, the system displays a message called issue (stored in the /etc/issue file) that identifies the version of CentOS Linux running on the system. A sample issue message follows:

Centos Linux release 5 (Bordeaux
Kernel 2.6.15-1.2054_FC5 on an i686

The issue message is followed by a prompt to log in. Enter your username and password in response to the system prompts. If you are using a terminal (page 1059) and your screen does not display the login: prompt, check whether the terminal is plugged in and turned on, and then press the RETURN key a few times. If login: still does not appear, try pressing CONTROL-Q. If you are using a workstation (page 1064), make sure it is running. Run ssh (page 585), telnet (page 363), or whatever communications/emulation software you have to log in on the system. Try logging in, making sure that you enter your username and password as they were specified when your account was set up; the routine that verifies the username and password is case sensitive.

Security: Did you log in last?

As you are logging in to a textual environment, after you enter your username and password, the system displays information about the last login on this account, showing when it took place and where it originated. You can use this information to determine whether anyone else has accessed the account since you last used it. If someone has, perhaps an unauthorized user has learned your password and logged on as you. In the interest of security, advise the system administrator of any circumstances that make you suspicious and change your password (page 114).

Next the shell prompt (or just prompt) appears, indicating that you have successfully logged in; it indicates that the system is ready for you to give a command. The first shell prompt line may be preceded by a short message called the message of the day, or motd (page 453), which is stored in the /etc/motd file. The usual prompt is a dollar sign ($). CentOS Linux establishes a prompt of [user@host directory]$, where user is your username, host is the name of the local system, and directory is the name of the directory you are working in. For information on how to change the prompt, refer to page 293.

Bringing a GUI Up from a Character-Based Display

By default, Red Hat systems present a graphical interface when they first come up. If the system comes up with a textual interface, you can log in on a virtual console and start a graphical display by giving the following command to bring up your default desktop environment:

$ startx

If startx does not work, run system-config-display (page 70) to set up the graphics card and monitor configuration for the X Window System.

Correcting Mistakes

This section explains how to correct typographical and other errors you may make while you are logged in on a character-based display (either a virtual console or a terminal emulator). Because the shell and most other utilities do not interpret the command line or other text until after you press RETURN, you can readily correct typing mistakes before you press RETURN.

You can correct typing mistakes in several ways: erase one character at a time, back up a word at a time, or back up to the beginning of the command line in one step. After you press RETURN, it is too late to correct a mistake: You must either wait for the command to run to completion or abort execution of the program (page 118).

Erasing a Character

While entering characters from the keyboard, you can back up and erase a mistake by pressing the erase key once for each character you want to delete. The erase key backs over as many characters as you wish. It does not, in general, back up past the beginning of the line.

The default erase key is BACKSPACE. If this key does not work, try DELETE or CONTROL-H. If these keys do not work, give the following stty^[3] command to set the erase and line kill (see "Deleting a Line" on the next page) keys to their default values:

^[3] The command stty is an abbreviation for set teletypewriter, the first terminal that UNIX was run on. Today stty is commonly thought of as set terminal.

$ stty ek

Deleting a Word

You can delete a word you entered by pressing CONTROL-W. A word is any sequence of characters that does not contain a SPACE or TAB. When you press CONTROL-W, the cursor moves left to the beginning of the current word (as you are entering a word) or the previous word (when you have just entered a SPACE or TAB), removing the word.

Tip: CONTROL-Z suspends a program

Although it is not a way of correcting a mistake, you may press the suspend key (typically CONTROL-Z) by mistake and wonder what happened (you will see a message containing the word Stopped). You have just stopped your job, using job control (page 280). Give the command fg to continue your job in the foreground, and you should return to where you were before you pressed the suspend key. For more information refer to "bg: Sends a Job to the Background" on page 281.

Deleting a Line

Any time before you press RETURN, you can delete the line you are entering by pressing the line kill key (or kill key). When you press this key, the cursor moves to the left, erasing characters as it goes, back to the beginning of the line. The default line kill key is CONTROL-U. If this key does not work, try CONTROL-X. If these keys do not work, give the following command to set the erase and line kill keys to their default values:

$ stty ek

Aborting Execution

Sometimes you may want to terminate a running program. For example, you may want to stop a program that is performing a lengthy task such as displaying the contents of a file that is several hundred pages long or copying a file that is not the one you meant to copy.

To terminate a program from a character-based display, press the interrupt key (CONTROL-C or sometimes DELETE or DEL). When you press this key, the Linux operating system sends a terminal interrupt signal to the program you are running and to the shell. Exactly what effect this signal has depends on the particular program. Some programs stop execution immediately, some ignore the signal, and some take other actions. When it receives a terminal interrupt signal, the shell displays a prompt and waits for another command.

If these methods do not terminate the program, try stopping the program with the suspend key (typically CONTROL-Z), giving the jobs command to verify the job number of the program, and using kill to abort the program. The job number is the number within the brackets at the left end of the line that jobs displays ([1]). The kill command (page 395) uses TERM to send a termination signal^[4] to the job specified by the job number, which is preceded by a percent sign (%1):

^[4] When the terminal interrupt signal does not work, use the kill (KILL) signal. A running program cannot ignore a kill signal; it is sure to abort the program (page 395).

$ bigjob
^Z
[1]+  Stopped               bigjob
$ jobs
[1]+  Stopped               bigjob
$ kill -TERM %1
$ RETURN
[1]+  Killed                bigjob

The kill command returns a prompt; press RETURN again to see the confirmation message. For more information on job control, refer to "Running a Program in the Background" on page 219.

Killing a job that is running under a GUI is straightforward. At the upper-right corner of most windows is a button with an X on it (the close button in Figure 4-8 on page 89). Move the mouse pointer so that its tip is over the X. If you leave the mouse stationary for a moment, instructions on how to kill the window appear. With the mouse pointer over the X, kill the window by clicking the left mouse button. You may need to click several times.

Repeating/Editing Command Lines

To repeat a previously given command, press the UP ARROW key. Each time you press it, the shell displays an earlier command line. To reexecute the displayed command line, press RETURN. Press DOWN ARROW to browse through the command lines in the other direction.

The RIGHT and LEFT ARROW keys move the cursor back and forth along the displayed command line. At any point along the command line, you can add characters by typing them. Use the erase key to remove characters from the command line.

For information about more complex command line editing, see page 304.

Optional: Controlling Windows: Advanced Operations

Refer to "Controlling Windows" on page 88 for an introduction to working with windows under CentOS Linux. This section explores changing the input focus on the desktop, changing the resolution of the display, and understanding the window manager.

Changing the Input Focus

When you type on the keyboard, the window manager (page 121) directs the characters you type somewhere, usually to a window. The active window (the window accepting input from the keyboard) is said to have the input focus. Depending on how you set up your account, you can use the mouse in one of three ways to change the input focus (you can also use the keyboard; see page 90):

Click-to-focus (explicit focus) Gives the input focus to a window when you click the window. That window continues to accept input from the keyboard regardless of the position of the mouse pointer. The window loses the focus when you click another window. Although clicking the middle or the right mouse button also activates a window, use only the left mouse button for this purpose; other buttons may have unexpected effects when you use them to activate a window.
Focus-follows-mouse (sloppy focus, point to give focus, or enter-only) Gives the input focus to a window when you move the mouse pointer onto the window. That window maintains the input focus until you move the mouse pointer onto another window, at which point the new window gets the focus. Specifically, when you move the mouse pointer off a window and onto the root window, the window that had the focus does not lose it.
Focus-under-mouse Same as focus-follows-mouse (KDE).
Focus-strictly-under-mouse (enter-exit) Gives the input focus to a window when you move the mouse pointer onto the window. That window maintains the input focus until you move the mouse pointer off the window with the focus, at which point no window has the focus. Specifically, when you move the mouse pointer off a window and onto the root window, the window that had the focus loses it, and input from the keyboard is lost.

GNOME

Under GNOME select System: Preferences Windows (RHEL uses Applications: Preferences Windows) to change the focus policy. Put a mark in the check box next to Select windows when the mouse moves over them to select the focus-follows-mouse policy. When there is no mark in this check box, click-to-focus is in effect. Click Close.

KDE

Under KDE use the KDE Control Center to change the focus policy: Select Main menu: Control Center; from the KDE Control Center select Desktop Window Behavior and choose the desired focus policy. Click Apply.

To determine which window has the input focus, compare the window borders. The border color of the active window is different from the others or, on a monochrome display, is darker. Another indication that a window is active is that the keyboard cursor is a solid rectangle there; in windows that are not active, the cursor is an outline of a rectangle.

Use the following tests to determine which keyboard focus method you are using. If you position the mouse pointer in a window and that window does not get the input focus, your window manager is configured to use the click-to-focus method. If the border of the window changes, you are using the focus-follows-mouse/focus-under-mouse or focus-strictly-under-mouse method. To determine which of the latter methods you are using, start typing something, with the mouse pointer positioned on the active window. Then move the mouse pointer over the root window and continue typing. If characters continue to appear within the window, you are using focus-follows-mouse/focus-under-mouse. Otherwise, you are using focus-strictly-under-mouse.

Changing the Resolution of the Display

The X server (the basis for the Linux graphical interface, see page 234) starts at a specific display resolution and color depth. Although you can change the color depth only when you start an X server, you can change the resolution while the X server is running. The number of resolutions available depends both on the display hardware and on the configuration of the X server (see page 70 for details). Many users prefer to do most of their work at a higher resolution but might want to switch to a lower resolution for some tasks, such as playing games. You can switch between different display resolutions by pressing either CONTROL-ALT-KEYPAD-+ or CONTROL-ALT-KEYPAD-, using the + and on the keyboard's numeric keypad.

Changing to a lower resolution has the effect of zooming in on the display; as a result, you may no longer be able to view the entire workspace at once. You can scroll the display by pushing the mouse pointer against the edge of the screen.

The Window Manager

A window manager the program that controls the look and feel of the basic GUIruns under a desktop manager (typically KDE or GNOME) and controls all aspects of the windows in the X Window System environment. The window manager defines the appearance of the windows on the desktop and controls how you operate and position them: open, close, move, resize, iconify, and so on. It may also handle some session management functions, such as how a session is paused, resumed, restarted, or ended (page 94).

A window manager controls window decorationsthat is, the titlebar and border of a window. Aside from the aesthetic aspects of changing window decorations, you can alter their functionality by modifying the number and placement of buttons on the titlebar.

The window manager takes care of window manipulation so that the client programs do not need to. This setup is very different from that of many other operating systems, and the way that GNOME and KDE deal with window managers is different from how other desktop environments work. Window managers do more than simply manage windowsthey provide a useful, good-looking, graphical shell to work from. Their open design allows users to define their own policy down to the fine details.

Theoretically GNOME and KDE are not dependent on any particular window manager and can work with any of several window managers. Because of their flexibility, you would not see major parts of the desktop environment change if you were to switch from one window manager to another. These desktop managers collaborate with the window manager to make your work environment intuitive and easy to use. Although the desktop manager does not control window placement, it does get information from the window manager about window placement.

CentOS Linux Window Managers

Metacity, the default window manager for GNOME, provides window management and starts many components through GNOME panel commands. It also communicates with and facilitates access to other components in the environment. The kwin window manager is the default window manager for KDE.

Using the standard X libraries, programmers have created other window managers including blackbox, fluxbox, wmx, and WindowMaker. Under FEDORA you can use yum (page 478) to install any of these packages.

Using a Window Manager Without a Desktop Manager

It is interesting to see exactly where the line that separates the window manager and the desktop manager falls. Toward this end, you can run the Failsafe Terminal from the Login screen: Specify Session Failsafe Terminal and log in. You should see a clean screen with an undecorated window running xterm. You can give commands from this window to open other windows. Try xeyes, xterm, and xclock. Give the command exit to return to the Login screen.

Getting the Facts: Where to Find Documentation

Chapter Summary

More About Logging In