source: BOOK/boot/common/pwdgroup.xml@ 3471ff2

clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit
Last change on this file since 3471ff2 was a49b75d, checked in by Chris Staub <chris@…>, 11 years ago

Actually allow root to logon with no password

  • Property mode set to 100644
File size: 7.0 KB
RevLine 
[3f8be484]1<?xml version="1.0" encoding="ISO-8859-1"?>
[aa18ac0]2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
[3f8be484]4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-boot-pwdgroup">
9 <?dbhtml filename="pwdgroup.html"?>
10
[8a62e94]11 <title>Creating the passwd and group Files</title>
[3f8be484]12
13 <indexterm zone="ch-boot-pwdgroup">
[91ad4a4]14 <primary sortas="e-/etc/passwd">/etc/passwd</primary>
[3f8be484]15 </indexterm>
16
17 <indexterm zone="ch-boot-pwdgroup">
[91ad4a4]18 <primary sortas="e-/etc/group">/etc/group</primary>
[3f8be484]19 </indexterm>
20
[934e597]21 <para os="a">In order for user <systemitem class="username">root</systemitem> to
[3f8be484]22 be able to login and for the name <quote>root</quote> to be recognized,
[91ad4a4]23 there must be relevant entries in the <filename>/etc/passwd</filename>
24 and <filename>/etc/group</filename> files.</para>
[3f8be484]25
[3f76cac]26 <para>Create the <filename>${CLFS}/etc/passwd</filename> file by running
[3f8be484]27 the following command:</para>
28
[3f76cac]29<screen><userinput>cat &gt; ${CLFS}/etc/passwd &lt;&lt; "EOF"
[a49b75d]30<literal>root::&uid-root;:&gid-root;:root:/root:/bin/bash</literal>
[43748ab]31<literal>bin:x:&uid-bin;:&gid-bin;:/dev/null:/bin/false</literal>
32<literal>daemon:x:&uid-daemon;:&gid-daemon;:/dev/null:/bin/false</literal>
[27f57ec]33<literal>messagebus:x:&uid-messagebus;:&gid-messagebus;:D-Bus Message Daemon User:/dev/null:/bin/false</literal>
[43748ab]34<literal>nobody:x:&uid-nobody;:&gid-nogroup;:Unprivileged User:/dev/null:/bin/false</literal>
[65018363]35EOF</userinput></screen>
36
[934e597]37 <para os="b">The actual password for <systemitem class="username">root</systemitem>
[d1ff581]38 (the <quote>::</quote> used here is just a placeholder and allows you to login
[b2011e5]39 with no password) will be set later.</para>
[3f8be484]40
[934e597]41 <variablelist os="c">
[04fe8e5]42
[a709a94]43 <title>Additional users you may want to add if not already included:</title>
[04fe8e5]44
45 <varlistentry>
[8f1ae86]46 <term><literal>bin:x:&uid-bin;:&gid-bin;:bin:/bin:/bin/false</literal></term>
[04fe8e5]47 <listitem>
[9b020e6]48 <para>Can be useful for compatibility with legacy applications.</para>
[04fe8e5]49 </listitem>
50 </varlistentry>
51 <varlistentry>
[8f1ae86]52 <term><literal>daemon:x:&uid-daemon;:&gid-daemon;:daemon:/sbin:/bin/false</literal></term>
[04fe8e5]53 <listitem>
[9b020e6]54 <para>It is often recommended to use an unprivileged User ID/Group ID
55 for daemons to run as, in order to limit their access to the system.</para>
[04fe8e5]56 </listitem>
57 </varlistentry>
58 <varlistentry>
[8f1ae86]59 <term><literal>adm:x:&uid-adm;:&gid-adm;:adm:/var/adm:/bin/false</literal></term>
[04fe8e5]60 <listitem>
[292da92]61 <para>Was used for programs that performed administrative tasks.</para>
[04fe8e5]62 </listitem>
63 </varlistentry>
64 <varlistentry>
[8f1ae86]65 <term><literal>lp:x:&uid-lp;:&gid-lp;:lp:/var/spool/lp:/bin/false</literal></term>
[04fe8e5]66 <listitem>
[b2011e5]67 <para>Used by programs for printing</para>
[04fe8e5]68 </listitem>
69 </varlistentry>
70 <varlistentry>
[8f1ae86]71 <term><literal>mail:x:&uid-mail;:&gid-mail;:mail:/var/mail:/bin/false</literal></term>
[04fe8e5]72 <listitem>
[b2011e5]73 <para>Often used by email programs</para>
[04fe8e5]74 </listitem>
75 </varlistentry>
76 <varlistentry>
[8f1ae86]77 <term><literal>news:x:&uid-news;:&gid-news;:news:/var/spool/news:/bin/false</literal></term>
[04fe8e5]78 <listitem>
[292da92]79 <para>Often used for network news servers</para>
[04fe8e5]80 </listitem>
81 </varlistentry>
82 <varlistentry>
[8f1ae86]83 <term><literal>operator:x:&uid-operator;:&gid-root;:operator:/root:/bin/bash</literal></term>
[04fe8e5]84 <listitem>
[292da92]85 <para>Often used to allow system operators to access the system</para>
[04fe8e5]86 </listitem>
87 </varlistentry>
88 <varlistentry>
[8f1ae86]89 <term><literal>postmaster:x:&uid-postmaster;:&gid-mail;:postmaster:/var/spool/mail:/bin/false</literal></term>
[04fe8e5]90 <listitem>
[9b020e6]91 <para>Generally used as an account that receives all the information of troubles with the mail server</para>
[04fe8e5]92 </listitem>
93 </varlistentry>
94 <varlistentry>
[ef54ce8]95 <term><literal>nobody:x:&uid-nobody;:&gid-nogroup;:nobody:/:/bin/false</literal></term>
[04fe8e5]96 <listitem>
[9b020e6]97 <para>Used by NFS</para>
[04fe8e5]98 </listitem>
99 </varlistentry>
100 </variablelist>
101
[ca77da8]102 <para>Create the <filename>${CLFS}/etc/group</filename> file by running
[3f8be484]103 the following command:</para>
104
[3f76cac]105<screen><userinput>cat &gt; ${CLFS}/etc/group &lt;&lt; "EOF"
[65018363]106<literal>root:x:0:
[8f1ae86]107bin:x:&gid-bin;:
108sys:x:&gid-sys;:
109kmem:x:&gid-kmem;:
110tty:x:&gid-tty;:
111tape:x:&gid-tape;:
112daemon:x:&gid-daemon;:
113floppy:x:&gid-floppy;:
114disk:x:&gid-disk;:
115lp:x:&gid-lp;:
116dialout:x:&gid-dialout;:
117audio:x:&gid-audio;:
118video:x:&gid-video;:
119utmp:x:&gid-utmp;:
120usb:x:&gid-usb;:
[27f57ec]121cdrom:x:&gid-cdrom;:
[43748ab]122adm:x:&gid-adm;:
123messagebus:x:&gid-messagebus;:
124systemd-journal:x:&gid-systemd-journal;:
125mail:x:&gid-mail;:
126wheel:x:&gid-wheel;:
127nogroup:x:&gid-nogroup;:</literal>
[65018363]128EOF</userinput></screen>
129
[934e597]130 <variablelist os="d">
[8300133]131
[a709a94]132 <title>Additional groups you may want to add if not already included:</title>
[8300133]133
134 <varlistentry>
[8f1ae86]135 <term><literal>adm:x:&gid-adm;:root,adm,daemon</literal></term>
[8300133]136 <listitem>
[292da92]137 <para>All users in this group are allowed to do administrative tasks</para>
[8300133]138 </listitem>
139 </varlistentry>
140 <varlistentry>
[8f1ae86]141 <term><literal>console:x:&gid-console;:</literal></term>
[8300133]142 <listitem>
[292da92]143 <para>This group has direct access to the console</para>
[8300133]144 </listitem>
145 </varlistentry>
146 <varlistentry>
[8f1ae86]147 <term><literal>cdrw:x:&gid-cdrw;:</literal></term>
[8300133]148 <listitem>
[292da92]149 <para>This group is allowed to use the CDRW drive</para>
[8300133]150 </listitem>
151 </varlistentry>
152 <varlistentry>
[8f1ae86]153 <term><literal>mail:x:&gid-mail;:mail</literal></term>
[8300133]154 <listitem>
155 <para>Used by MTAs (Mail Transport Agents)</para>
156 </listitem>
157 </varlistentry>
158 <varlistentry>
[8f1ae86]159 <term><literal>news:x:&gid-news;:news</literal></term>
[8300133]160 <listitem>
[292da92]161 <para>Used by Network News Servers</para>
[8300133]162 </listitem>
163 </varlistentry>
164 <varlistentry>
[8f1ae86]165 <term><literal>users:x:&gid-users;:</literal></term>
[8300133]166 <listitem>
[b2011e5]167 <para>The default GID used by shadow for new users</para>
[8300133]168 </listitem>
169 </varlistentry>
170 <varlistentry>
[8f1ae86]171 <term><literal>nogroup:x:&gid-nogroup;:</literal></term>
[8300133]172 <listitem>
[292da92]173 <para>This is a default group used by some programs that do not
174 require a group</para>
[8300133]175 </listitem>
176 </varlistentry>
177 <varlistentry>
[ef54ce8]178 <term><literal>nobody:x:&gid-nogroup;:</literal></term>
[8300133]179 <listitem>
[9b020e6]180 <para>This is used by NFS</para>
[8300133]181 </listitem>
182 </varlistentry>
[a90a072]183 </variablelist>
[3f8be484]184
[934e597]185 <para os="e">The created groups are not part of any standard&mdash;they are
[eb39137]186 groups decided on in part by the requirements of the Systemd configuration
[3f8be484]187 in the final system, and in part by common convention employed by a
188 number of existing Linux distributions. The Linux Standard Base (LSB,
189 available at <ulink url="http://www.linuxbase.org"/>) recommends only
190 that, besides the group <quote>root</quote> with a Group ID (GID) of 0,
191 a group <quote>bin</quote> with a GID of 1 be present. All other group
192 names and GIDs can be chosen freely by the system administrator since
193 well-written programs do not depend on GID numbers, but rather use the
194 group's name.</para>
195
196</sect1>
Note: See TracBrowser for help on using the repository browser.