source: BOOK/boot/common/pwdgroup.xml@ 31a5d11

clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit
Last change on this file since 31a5d11 was a709a94, checked in by William Harrington <kb0iic@…>, 11 years ago

Add some groups to the chroot section group and some users to the chroot section passwd and add wheel and adm to groups for systemd.

  • Property mode set to 100644
File size: 7.1 KB
RevLine 
[3f8be484]1<?xml version="1.0" encoding="ISO-8859-1"?>
[aa18ac0]2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
[3f8be484]4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-boot-pwdgroup">
9 <?dbhtml filename="pwdgroup.html"?>
10
11 <title>Creating the passwd, group, and log Files</title>
12
13 <indexterm zone="ch-boot-pwdgroup">
[91ad4a4]14 <primary sortas="e-/etc/passwd">/etc/passwd</primary>
[3f8be484]15 </indexterm>
16
17 <indexterm zone="ch-boot-pwdgroup">
[91ad4a4]18 <primary sortas="e-/etc/group">/etc/group</primary>
[3f8be484]19 </indexterm>
20
21 <indexterm zone="ch-boot-pwdgroup">
[91ad4a4]22 <primary sortas="e-/var/run/utmp">/var/run/utmp</primary>
[3f8be484]23 </indexterm>
24
25 <indexterm zone="ch-boot-pwdgroup">
[91ad4a4]26 <primary sortas="e-/var/log/btmp">/var/log/btmp</primary>
[3f8be484]27 </indexterm>
28
29 <indexterm zone="ch-boot-pwdgroup">
[91ad4a4]30 <primary sortas="e-/var/log/lastlog">/var/log/lastlog</primary>
[3f8be484]31 </indexterm>
32
33 <indexterm zone="ch-boot-pwdgroup">
[91ad4a4]34 <primary sortas="e-/var/log/wtmp">/var/log/wtmp</primary>
[3f8be484]35 </indexterm>
36
[934e597]37 <para os="a">In order for user <systemitem class="username">root</systemitem> to
[3f8be484]38 be able to login and for the name <quote>root</quote> to be recognized,
[91ad4a4]39 there must be relevant entries in the <filename>/etc/passwd</filename>
40 and <filename>/etc/group</filename> files.</para>
[3f8be484]41
[3f76cac]42 <para>Create the <filename>${CLFS}/etc/passwd</filename> file by running
[3f8be484]43 the following command:</para>
44
[3f76cac]45<screen><userinput>cat &gt; ${CLFS}/etc/passwd &lt;&lt; "EOF"
[8f1ae86]46<literal>root:x:&uid-root;:&gid-root;:root:/root:/bin/bash</literal>
[27f57ec]47<literal>messagebus:x:&uid-messagebus;:&gid-messagebus;:D-Bus Message Daemon User:/dev/null:/bin/false</literal>
[65018363]48EOF</userinput></screen>
49
[934e597]50 <para os="b">The actual password for <systemitem class="username">root</systemitem>
[d1ff581]51 (the <quote>::</quote> used here is just a placeholder and allows you to login
[b2011e5]52 with no password) will be set later.</para>
[3f8be484]53
[934e597]54 <variablelist os="c">
[04fe8e5]55
[a709a94]56 <title>Additional users you may want to add if not already included:</title>
[04fe8e5]57
58 <varlistentry>
[8f1ae86]59 <term><literal>bin:x:&uid-bin;:&gid-bin;:bin:/bin:/bin/false</literal></term>
[04fe8e5]60 <listitem>
[9b020e6]61 <para>Can be useful for compatibility with legacy applications.</para>
[04fe8e5]62 </listitem>
63 </varlistentry>
64 <varlistentry>
[8f1ae86]65 <term><literal>daemon:x:&uid-daemon;:&gid-daemon;:daemon:/sbin:/bin/false</literal></term>
[04fe8e5]66 <listitem>
[9b020e6]67 <para>It is often recommended to use an unprivileged User ID/Group ID
68 for daemons to run as, in order to limit their access to the system.</para>
[04fe8e5]69 </listitem>
70 </varlistentry>
71 <varlistentry>
[8f1ae86]72 <term><literal>adm:x:&uid-adm;:&gid-adm;:adm:/var/adm:/bin/false</literal></term>
[04fe8e5]73 <listitem>
[292da92]74 <para>Was used for programs that performed administrative tasks.</para>
[04fe8e5]75 </listitem>
76 </varlistentry>
77 <varlistentry>
[8f1ae86]78 <term><literal>lp:x:&uid-lp;:&gid-lp;:lp:/var/spool/lp:/bin/false</literal></term>
[04fe8e5]79 <listitem>
[b2011e5]80 <para>Used by programs for printing</para>
[04fe8e5]81 </listitem>
82 </varlistentry>
83 <varlistentry>
[8f1ae86]84 <term><literal>mail:x:&uid-mail;:&gid-mail;:mail:/var/mail:/bin/false</literal></term>
[04fe8e5]85 <listitem>
[b2011e5]86 <para>Often used by email programs</para>
[04fe8e5]87 </listitem>
88 </varlistentry>
89 <varlistentry>
[8f1ae86]90 <term><literal>news:x:&uid-news;:&gid-news;:news:/var/spool/news:/bin/false</literal></term>
[04fe8e5]91 <listitem>
[292da92]92 <para>Often used for network news servers</para>
[04fe8e5]93 </listitem>
94 </varlistentry>
95 <varlistentry>
[8f1ae86]96 <term><literal>operator:x:&uid-operator;:&gid-root;:operator:/root:/bin/bash</literal></term>
[04fe8e5]97 <listitem>
[292da92]98 <para>Often used to allow system operators to access the system</para>
[04fe8e5]99 </listitem>
100 </varlistentry>
101 <varlistentry>
[8f1ae86]102 <term><literal>postmaster:x:&uid-postmaster;:&gid-mail;:postmaster:/var/spool/mail:/bin/false</literal></term>
[04fe8e5]103 <listitem>
[9b020e6]104 <para>Generally used as an account that receives all the information of troubles with the mail server</para>
[04fe8e5]105 </listitem>
106 </varlistentry>
107 <varlistentry>
[8f1ae86]108 <term><literal>nobody:x:&uid-nobody;:&gid-nobody;:nobody:/:/bin/false</literal></term>
[04fe8e5]109 <listitem>
[9b020e6]110 <para>Used by NFS</para>
[04fe8e5]111 </listitem>
112 </varlistentry>
113 </variablelist>
114
[ca77da8]115 <para>Create the <filename>${CLFS}/etc/group</filename> file by running
[3f8be484]116 the following command:</para>
117
[3f76cac]118<screen><userinput>cat &gt; ${CLFS}/etc/group &lt;&lt; "EOF"
[65018363]119<literal>root:x:0:
[8f1ae86]120bin:x:&gid-bin;:
121sys:x:&gid-sys;:
122kmem:x:&gid-kmem;:
123tty:x:&gid-tty;:
124tape:x:&gid-tape;:
125daemon:x:&gid-daemon;:
126floppy:x:&gid-floppy;:
127disk:x:&gid-disk;:
128lp:x:&gid-lp;:
129dialout:x:&gid-dialout;:
130audio:x:&gid-audio;:
131video:x:&gid-video;:
132utmp:x:&gid-utmp;:
133usb:x:&gid-usb;:
[27f57ec]134cdrom:x:&gid-cdrom;:
[a709a94]135messagebus:x:&gid-messagebus;:
136wheel:x:&gid-wheel;:</literal>
[65018363]137EOF</userinput></screen>
138
[934e597]139 <variablelist os="d">
[8300133]140
[a709a94]141 <title>Additional groups you may want to add if not already included:</title>
[8300133]142
143 <varlistentry>
[8f1ae86]144 <term><literal>adm:x:&gid-adm;:root,adm,daemon</literal></term>
[8300133]145 <listitem>
[292da92]146 <para>All users in this group are allowed to do administrative tasks</para>
[8300133]147 </listitem>
148 </varlistentry>
149 <varlistentry>
[8f1ae86]150 <term><literal>console:x:&gid-console;:</literal></term>
[8300133]151 <listitem>
[292da92]152 <para>This group has direct access to the console</para>
[8300133]153 </listitem>
154 </varlistentry>
155 <varlistentry>
[8f1ae86]156 <term><literal>cdrw:x:&gid-cdrw;:</literal></term>
[8300133]157 <listitem>
[292da92]158 <para>This group is allowed to use the CDRW drive</para>
[8300133]159 </listitem>
160 </varlistentry>
161 <varlistentry>
[8f1ae86]162 <term><literal>mail:x:&gid-mail;:mail</literal></term>
[8300133]163 <listitem>
164 <para>Used by MTAs (Mail Transport Agents)</para>
165 </listitem>
166 </varlistentry>
167 <varlistentry>
[8f1ae86]168 <term><literal>news:x:&gid-news;:news</literal></term>
[8300133]169 <listitem>
[292da92]170 <para>Used by Network News Servers</para>
[8300133]171 </listitem>
172 </varlistentry>
173 <varlistentry>
[8f1ae86]174 <term><literal>users:x:&gid-users;:</literal></term>
[8300133]175 <listitem>
[b2011e5]176 <para>The default GID used by shadow for new users</para>
[8300133]177 </listitem>
178 </varlistentry>
179 <varlistentry>
[8f1ae86]180 <term><literal>nogroup:x:&gid-nogroup;:</literal></term>
[8300133]181 <listitem>
[292da92]182 <para>This is a default group used by some programs that do not
183 require a group</para>
[8300133]184 </listitem>
185 </varlistentry>
186 <varlistentry>
[8f1ae86]187 <term><literal>nobody:x:&gid-nobody;:</literal></term>
[8300133]188 <listitem>
[9b020e6]189 <para>This is used by NFS</para>
[8300133]190 </listitem>
191 </varlistentry>
[a90a072]192 </variablelist>
[3f8be484]193
[934e597]194 <para os="e">The created groups are not part of any standard&mdash;they are
[688b33d]195 groups decided on in part by the requirements of the Eudev configuration
[3f8be484]196 in the final system, and in part by common convention employed by a
197 number of existing Linux distributions. The Linux Standard Base (LSB,
198 available at <ulink url="http://www.linuxbase.org"/>) recommends only
199 that, besides the group <quote>root</quote> with a Group ID (GID) of 0,
200 a group <quote>bin</quote> with a GID of 1 be present. All other group
201 names and GIDs can be chosen freely by the system administrator since
202 well-written programs do not depend on GID numbers, but rather use the
203 group's name.</para>
204
205</sect1>
Note: See TracBrowser for help on using the repository browser.