source: BOOK/boot/common/pwdgroup.xml@ 2b54a63

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../../general.ent">
  %general-entities;
]>

<sect1 id="ch-boot-pwdgroup">
  <?dbhtml filename="pwdgroup.html"?>

  <title>Creating the passwd and group Files</title>

  <indexterm zone="ch-boot-pwdgroup">
    <primary sortas="e-/etc/passwd">/etc/passwd</primary>
  </indexterm>

  <indexterm zone="ch-boot-pwdgroup">
    <primary sortas="e-/etc/group">/etc/group</primary>
  </indexterm>

  <para os="a">In order for user <systemitem class="username">root</systemitem> to
  be able to login and for the name <quote>root</quote> to be recognized,
  there must be relevant entries in the <filename>/etc/passwd</filename>
  and <filename>/etc/group</filename> files.</para>

  <para>Create the <filename>${CLFS}/etc/passwd</filename> file by running
  the following command:</para>

<screen><userinput>cat &gt; ${CLFS}/etc/passwd &lt;&lt; "EOF"
<literal>root::&uid-root;:&gid-root;:root:/root:/bin/bash</literal>
<literal>bin:x:&uid-bin;:&gid-bin;:/dev/null:/bin/false</literal>
<literal>daemon:x:&uid-daemon;:&gid-daemon;:/dev/null:/bin/false</literal>
<literal>messagebus:x:&uid-messagebus;:&gid-messagebus;:D-Bus Message Daemon User:/dev/null:/bin/false</literal>
<literal>nobody:x:&uid-nobody;:&gid-nogroup;:Unprivileged User:/dev/null:/bin/false</literal>
EOF</userinput></screen>

  <para os="b">The actual password for <systemitem class="username">root</systemitem>
  (the <quote>::</quote> used here is just a placeholder and allows you to login
  with no password) will be set later.</para>

  <variablelist os="c">
  
    <title>Additional users you may want to add if not already included:</title>

    <varlistentry>
      <term><literal>bin:x:&uid-bin;:&gid-bin;:bin:/bin:/bin/false</literal></term>
      <listitem>
        <para>Can be useful for compatibility with legacy applications.</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>daemon:x:&uid-daemon;:&gid-daemon;:daemon:/sbin:/bin/false</literal></term>
      <listitem>
        <para>It is often recommended to use an unprivileged User ID/Group ID
        for daemons to run as, in order to limit their access to the system.</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>adm:x:&uid-adm;:&gid-adm;:adm:/var/adm:/bin/false</literal></term>
      <listitem>
        <para>Was used for programs that performed administrative tasks.</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>lp:x:&uid-lp;:&gid-lp;:lp:/var/spool/lp:/bin/false</literal></term>
      <listitem>
        <para>Used by programs for printing</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>mail:x:&uid-mail;:&gid-mail;:mail:/var/mail:/bin/false</literal></term>
      <listitem>
        <para>Often used by email programs</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>news:x:&uid-news;:&gid-news;:news:/var/spool/news:/bin/false</literal></term>
      <listitem>
        <para>Often used for network news servers</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>operator:x:&uid-operator;:&gid-root;:operator:/root:/bin/bash</literal></term>
      <listitem>
        <para>Often used to allow system operators to access the system</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>postmaster:x:&uid-postmaster;:&gid-mail;:postmaster:/var/spool/mail:/bin/false</literal></term>
      <listitem>
        <para>Generally used as an account that receives all the information of troubles with the mail server</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>nobody:x:&uid-nobody;:&gid-nogroup;:nobody:/:/bin/false</literal></term>
      <listitem>
        <para>Used by NFS</para>
      </listitem>
    </varlistentry>
  </variablelist>

  <para>Create the <filename>${CLFS}/etc/group</filename> file by running
  the following command:</para>

<screen><userinput>cat &gt; ${CLFS}/etc/group &lt;&lt; "EOF"
<literal>root:x:0:
bin:x:&gid-bin;:
sys:x:&gid-sys;:
kmem:x:&gid-kmem;:
tty:x:&gid-tty;:
tape:x:&gid-tape;:
daemon:x:&gid-daemon;:
floppy:x:&gid-floppy;:
disk:x:&gid-disk;:
lp:x:&gid-lp;:
dialout:x:&gid-dialout;:
audio:x:&gid-audio;:
video:x:&gid-video;:
utmp:x:&gid-utmp;:
usb:x:&gid-usb;:
cdrom:x:&gid-cdrom;:
adm:x:&gid-adm;:
messagebus:x:&gid-messagebus;:
systemd-journal:x:&gid-systemd-journal;:
mail:x:&gid-mail;:
wheel:x:&gid-wheel;:
nogroup:x:&gid-nogroup;:</literal>
EOF</userinput></screen>

  <variablelist os="d">

    <title>Additional groups you may want to add if not already included:</title>

    <varlistentry>
      <term><literal>adm:x:&gid-adm;:root,adm,daemon</literal></term>
      <listitem>
        <para>All users in this group are allowed to do administrative tasks</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>console:x:&gid-console;:</literal></term>
      <listitem>
        <para>This group has direct access to the console</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>cdrw:x:&gid-cdrw;:</literal></term>
      <listitem>
        <para>This group is allowed to use the CDRW drive</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>mail:x:&gid-mail;:mail</literal></term>
      <listitem>
        <para>Used by MTAs (Mail Transport Agents)</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>news:x:&gid-news;:news</literal></term>
      <listitem>
        <para>Used by Network News Servers</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>users:x:&gid-users;:</literal></term>
      <listitem>
        <para>The default GID used by shadow for new users</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>nogroup:x:&gid-nogroup;:</literal></term>
      <listitem>
        <para>This is a default group used by some programs that do not
        require a group</para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><literal>nobody:x:&gid-nogroup;:</literal></term>
      <listitem>
        <para>This is used by NFS</para>
      </listitem>
    </varlistentry>
  </variablelist>

  <para os="e">The created groups are not part of any standard&mdash;they are
  groups decided on in part by the requirements of the Systemd configuration
  in the final system, and in part by common convention employed by a
  number of existing Linux distributions. The Linux Standard Base (LSB,
  available at <ulink url="http://www.linuxbase.org"/>) recommends only
  that, besides the group <quote>root</quote> with a Group ID (GID) of 0,
  a group <quote>bin</quote> with a GID of 1 be present. All other group
  names and GIDs can be chosen freely by the system administrator since
  well-written programs do not depend on GID numbers, but rather use the
  group's name.</para>

</sect1>