source: BOOK/boot/common/pwdgroup.xml@ a81c020

clfs-1.2 clfs-2.1 clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit
Last change on this file since a81c020 was 8f1ae86, checked in by Joe Ciccone <jciccone@…>, 14 years ago

Migrated the UID and GID Map from Sysroot.

  • Property mode set to 100644
File size: 7.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-boot-pwdgroup">
9 <?dbhtml filename="pwdgroup.html"?>
10
11 <title>Creating the passwd, group, and log Files</title>
12
13 <indexterm zone="ch-boot-pwdgroup">
14 <primary sortas="e-/etc/passwd">/etc/passwd</primary>
15 </indexterm>
16
17 <indexterm zone="ch-boot-pwdgroup">
18 <primary sortas="e-/etc/group">/etc/group</primary>
19 </indexterm>
20
21 <indexterm zone="ch-boot-pwdgroup">
22 <primary sortas="e-/var/run/utmp">/var/run/utmp</primary>
23 </indexterm>
24
25 <indexterm zone="ch-boot-pwdgroup">
26 <primary sortas="e-/var/log/btmp">/var/log/btmp</primary>
27 </indexterm>
28
29 <indexterm zone="ch-boot-pwdgroup">
30 <primary sortas="e-/var/log/lastlog">/var/log/lastlog</primary>
31 </indexterm>
32
33 <indexterm zone="ch-boot-pwdgroup">
34 <primary sortas="e-/var/log/wtmp">/var/log/wtmp</primary>
35 </indexterm>
36
37 <para os="a">In order for user <systemitem class="username">root</systemitem> to
38 be able to login and for the name <quote>root</quote> to be recognized,
39 there must be relevant entries in the <filename>/etc/passwd</filename>
40 and <filename>/etc/group</filename> files.</para>
41
42 <para>Create the <filename>${CLFS}/etc/passwd</filename> file by running
43 the following command:</para>
44
45<screen><userinput>cat &gt; ${CLFS}/etc/passwd &lt;&lt; "EOF"
46<literal>root:x:&uid-root;:&gid-root;:root:/root:/bin/bash</literal>
47EOF</userinput></screen>
48
49 <para os="b">The actual password for <systemitem class="username">root</systemitem>
50 (the <quote>::</quote> used here is just a placeholder and allows you to login
51 with no password) will be set later.</para>
52
53 <variablelist os="c">
54
55 <title>Additional users you may want to add:</title>
56
57 <varlistentry>
58 <term><literal>bin:x:&uid-bin;:&gid-bin;:bin:/bin:/bin/false</literal></term>
59 <listitem>
60 <para>Can be useful for compatibility with legacy applications.</para>
61 </listitem>
62 </varlistentry>
63 <varlistentry>
64 <term><literal>daemon:x:&uid-daemon;:&gid-daemon;:daemon:/sbin:/bin/false</literal></term>
65 <listitem>
66 <para>It is often recommended to use an unprivileged User ID/Group ID
67 for daemons to run as, in order to limit their access to the system.</para>
68 </listitem>
69 </varlistentry>
70 <varlistentry>
71 <term><literal>adm:x:&uid-adm;:&gid-adm;:adm:/var/adm:/bin/false</literal></term>
72 <listitem>
73 <para>Was used for programs that performed administrative tasks.</para>
74 </listitem>
75 </varlistentry>
76 <varlistentry>
77 <term><literal>lp:x:&uid-lp;:&gid-lp;:lp:/var/spool/lp:/bin/false</literal></term>
78 <listitem>
79 <para>Used by programs for printing</para>
80 </listitem>
81 </varlistentry>
82 <varlistentry>
83 <term><literal>mail:x:&uid-mail;:&gid-mail;:mail:/var/mail:/bin/false</literal></term>
84 <listitem>
85 <para>Often used by email programs</para>
86 </listitem>
87 </varlistentry>
88 <varlistentry>
89 <term><literal>news:x:&uid-news;:&gid-news;:news:/var/spool/news:/bin/false</literal></term>
90 <listitem>
91 <para>Often used for network news servers</para>
92 </listitem>
93 </varlistentry>
94 <varlistentry>
95 <term><literal>operator:x:&uid-operator;:&gid-root;:operator:/root:/bin/bash</literal></term>
96 <listitem>
97 <para>Often used to allow system operators to access the system</para>
98 </listitem>
99 </varlistentry>
100 <varlistentry>
101 <term><literal>postmaster:x:&uid-postmaster;:&gid-mail;:postmaster:/var/spool/mail:/bin/false</literal></term>
102 <listitem>
103 <para>Generally used as an account that receives all the information of troubles with the mail server</para>
104 </listitem>
105 </varlistentry>
106 <varlistentry>
107 <term><literal>nobody:x:&uid-nobody;:&gid-nobody;:nobody:/:/bin/false</literal></term>
108 <listitem>
109 <para>Used by NFS</para>
110 </listitem>
111 </varlistentry>
112 </variablelist>
113
114 <para>Create the <filename>${CLFS}/etc/group</filename> file by running
115 the following command:</para>
116
117<screen><userinput>cat &gt; ${CLFS}/etc/group &lt;&lt; "EOF"
118<literal>root:x:0:
119bin:x:&gid-bin;:
120sys:x:&gid-sys;:
121kmem:x:&gid-kmem;:
122tty:x:&gid-tty;:
123tape:x:&gid-tape;:
124daemon:x:&gid-daemon;:
125floppy:x:&gid-floppy;:
126disk:x:&gid-disk;:
127lp:x:&gid-lp;:
128dialout:x:&gid-dialout;:
129audio:x:&gid-audio;:
130video:x:&gid-video;:
131utmp:x:&gid-utmp;:
132usb:x:&gid-usb;:
133cdrom:x:&gid-cdrom;:</literal>
134EOF</userinput></screen>
135
136 <variablelist os="d">
137
138 <title>Additional groups you may want to add</title>
139
140 <varlistentry>
141 <term><literal>adm:x:&gid-adm;:root,adm,daemon</literal></term>
142 <listitem>
143 <para>All users in this group are allowed to do administrative tasks</para>
144 </listitem>
145 </varlistentry>
146 <varlistentry>
147 <term><literal>console:x:&gid-console;:</literal></term>
148 <listitem>
149 <para>This group has direct access to the console</para>
150 </listitem>
151 </varlistentry>
152 <varlistentry>
153 <term><literal>cdrw:x:&gid-cdrw;:</literal></term>
154 <listitem>
155 <para>This group is allowed to use the CDRW drive</para>
156 </listitem>
157 </varlistentry>
158 <varlistentry>
159 <term><literal>mail:x:&gid-mail;:mail</literal></term>
160 <listitem>
161 <para>Used by MTAs (Mail Transport Agents)</para>
162 </listitem>
163 </varlistentry>
164 <varlistentry>
165 <term><literal>news:x:&gid-news;:news</literal></term>
166 <listitem>
167 <para>Used by Network News Servers</para>
168 </listitem>
169 </varlistentry>
170 <varlistentry>
171 <term><literal>users:x:&gid-users;:</literal></term>
172 <listitem>
173 <para>The default GID used by shadow for new users</para>
174 </listitem>
175 </varlistentry>
176 <varlistentry>
177 <term><literal>nogroup:x:&gid-nogroup;:</literal></term>
178 <listitem>
179 <para>This is a default group used by some programs that do not
180 require a group</para>
181 </listitem>
182 </varlistentry>
183 <varlistentry>
184 <term><literal>nobody:x:&gid-nobody;:</literal></term>
185 <listitem>
186 <para>This is used by NFS</para>
187 </listitem>
188 </varlistentry>
189 </variablelist>
190
191 <para os="e">The created groups are not part of any standard&mdash;they are
192 groups decided on in part by the requirements of the Udev configuration
193 in the final system, and in part by common convention employed by a
194 number of existing Linux distributions. The Linux Standard Base (LSB,
195 available at <ulink url="http://www.linuxbase.org"/>) recommends only
196 that, besides the group <quote>root</quote> with a Group ID (GID) of 0,
197 a group <quote>bin</quote> with a GID of 1 be present. All other group
198 names and GIDs can be chosen freely by the system administrator since
199 well-written programs do not depend on GID numbers, but rather use the
200 group's name.</para>
201
202 <para os="f">The <command>login</command>, <command>agetty</command>, and
203 <command>init</command> programs (and others) use a number of log
204 files to record information such as who was logged into the system and
205 when. However, these programs will not write to the log files if they
206 do not already exist. Initialize the log files and give them
207 proper permissions:</para>
208
209<screen><userinput>touch ${CLFS}/var/run/utmp ${CLFS}/var/log/{btmp,lastlog,wtmp}
210chmod -v 664 ${CLFS}/var/run/utmp ${CLFS}/var/log/lastlog
211chmod -v 600 ${CLFS}/var/log/btmp</userinput></screen>
212
213 <para>The <filename>/var/run/utmp</filename> file records the users
214 that are currently logged in. The <filename>/var/log/wtmp</filename>
215 file records all logins and logouts. The
216 <filename>/var/log/lastlog</filename> file records when
217 each user last logged in. The <filename>/var/log/btmp</filename> file
218 records the bad login attempts.</para>
219
220</sect1>
Note: See TracBrowser for help on using the repository browser.