1 | <?xml version="1.0" encoding="ISO-8859-1"?> |
---|
2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
---|
3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ |
---|
4 | <!ENTITY % general-entities SYSTEM "../../general.ent"> |
---|
5 | %general-entities; |
---|
6 | ]> |
---|
7 | |
---|
8 | <sect1 id="ch-boot-pwdgroup"> |
---|
9 | <?dbhtml filename="pwdgroup.html"?> |
---|
10 | |
---|
11 | <title>Creating the passwd, group, and log Files</title> |
---|
12 | |
---|
13 | <indexterm zone="ch-boot-pwdgroup"> |
---|
14 | <primary sortas="e-/etc/passwd">/etc/passwd</primary> |
---|
15 | </indexterm> |
---|
16 | |
---|
17 | <indexterm zone="ch-boot-pwdgroup"> |
---|
18 | <primary sortas="e-/etc/group">/etc/group</primary> |
---|
19 | </indexterm> |
---|
20 | |
---|
21 | <indexterm zone="ch-boot-pwdgroup"> |
---|
22 | <primary sortas="e-/var/run/utmp">/var/run/utmp</primary> |
---|
23 | </indexterm> |
---|
24 | |
---|
25 | <indexterm zone="ch-boot-pwdgroup"> |
---|
26 | <primary sortas="e-/var/log/btmp">/var/log/btmp</primary> |
---|
27 | </indexterm> |
---|
28 | |
---|
29 | <indexterm zone="ch-boot-pwdgroup"> |
---|
30 | <primary sortas="e-/var/log/lastlog">/var/log/lastlog</primary> |
---|
31 | </indexterm> |
---|
32 | |
---|
33 | <indexterm zone="ch-boot-pwdgroup"> |
---|
34 | <primary sortas="e-/var/log/wtmp">/var/log/wtmp</primary> |
---|
35 | </indexterm> |
---|
36 | |
---|
37 | <para os="a">In order for user <systemitem class="username">root</systemitem> to |
---|
38 | be able to login and for the name <quote>root</quote> to be recognized, |
---|
39 | there must be relevant entries in the <filename>/etc/passwd</filename> |
---|
40 | and <filename>/etc/group</filename> files.</para> |
---|
41 | |
---|
42 | <para>Create the <filename>${CLFS}/etc/passwd</filename> file by running |
---|
43 | the following command:</para> |
---|
44 | |
---|
45 | <screen><userinput>cat > ${CLFS}/etc/passwd << "EOF" |
---|
46 | <literal>root::&uid-root;:&gid-root;:root:/root:/bin/bash</literal> |
---|
47 | EOF</userinput></screen> |
---|
48 | |
---|
49 | <para os="b">The actual password for <systemitem class="username">root</systemitem> |
---|
50 | (the <quote>::</quote> used here is just a placeholder and allows you to login |
---|
51 | with no password) will be set later.</para> |
---|
52 | |
---|
53 | <variablelist os="c"> |
---|
54 | |
---|
55 | <title>Additional users you may want to add:</title> |
---|
56 | |
---|
57 | <varlistentry> |
---|
58 | <term><literal>bin:x:&uid-bin;:&gid-bin;:bin:/bin:/bin/false</literal></term> |
---|
59 | <listitem> |
---|
60 | <para>Can be useful for compatibility with legacy applications.</para> |
---|
61 | </listitem> |
---|
62 | </varlistentry> |
---|
63 | <varlistentry> |
---|
64 | <term><literal>daemon:x:&uid-daemon;:&gid-daemon;:daemon:/sbin:/bin/false</literal></term> |
---|
65 | <listitem> |
---|
66 | <para>It is often recommended to use an unprivileged User ID/Group ID |
---|
67 | for daemons to run as, in order to limit their access to the system.</para> |
---|
68 | </listitem> |
---|
69 | </varlistentry> |
---|
70 | <varlistentry> |
---|
71 | <term><literal>adm:x:&uid-adm;:&gid-adm;:adm:/var/adm:/bin/false</literal></term> |
---|
72 | <listitem> |
---|
73 | <para>Was used for programs that performed administrative tasks.</para> |
---|
74 | </listitem> |
---|
75 | </varlistentry> |
---|
76 | <varlistentry> |
---|
77 | <term><literal>lp:x:&uid-lp;:&gid-lp;:lp:/var/spool/lp:/bin/false</literal></term> |
---|
78 | <listitem> |
---|
79 | <para>Used by programs for printing</para> |
---|
80 | </listitem> |
---|
81 | </varlistentry> |
---|
82 | <varlistentry> |
---|
83 | <term><literal>mail:x:&uid-mail;:&gid-mail;:mail:/var/mail:/bin/false</literal></term> |
---|
84 | <listitem> |
---|
85 | <para>Often used by email programs</para> |
---|
86 | </listitem> |
---|
87 | </varlistentry> |
---|
88 | <varlistentry> |
---|
89 | <term><literal>news:x:&uid-news;:&gid-news;:news:/var/spool/news:/bin/false</literal></term> |
---|
90 | <listitem> |
---|
91 | <para>Often used for network news servers</para> |
---|
92 | </listitem> |
---|
93 | </varlistentry> |
---|
94 | <varlistentry> |
---|
95 | <term><literal>operator:x:&uid-operator;:&gid-root;:operator:/root:/bin/bash</literal></term> |
---|
96 | <listitem> |
---|
97 | <para>Often used to allow system operators to access the system</para> |
---|
98 | </listitem> |
---|
99 | </varlistentry> |
---|
100 | <varlistentry> |
---|
101 | <term><literal>postmaster:x:&uid-postmaster;:&gid-mail;:postmaster:/var/spool/mail:/bin/false</literal></term> |
---|
102 | <listitem> |
---|
103 | <para>Generally used as an account that receives all the information of troubles with the mail server</para> |
---|
104 | </listitem> |
---|
105 | </varlistentry> |
---|
106 | <varlistentry> |
---|
107 | <term><literal>nobody:x:&uid-nobody;:&gid-nobody;:nobody:/:/bin/false</literal></term> |
---|
108 | <listitem> |
---|
109 | <para>Used by NFS</para> |
---|
110 | </listitem> |
---|
111 | </varlistentry> |
---|
112 | </variablelist> |
---|
113 | |
---|
114 | <para>Create the <filename>${CLFS}/etc/group</filename> file by running |
---|
115 | the following command:</para> |
---|
116 | |
---|
117 | <screen><userinput>cat > ${CLFS}/etc/group << "EOF" |
---|
118 | <literal>root:x:0: |
---|
119 | bin:x:&gid-bin;: |
---|
120 | sys:x:&gid-sys;: |
---|
121 | kmem:x:&gid-kmem;: |
---|
122 | tty:x:&gid-tty;: |
---|
123 | tape:x:&gid-tape;: |
---|
124 | daemon:x:&gid-daemon;: |
---|
125 | floppy:x:&gid-floppy;: |
---|
126 | disk:x:&gid-disk;: |
---|
127 | lp:x:&gid-lp;: |
---|
128 | dialout:x:&gid-dialout;: |
---|
129 | audio:x:&gid-audio;: |
---|
130 | video:x:&gid-video;: |
---|
131 | utmp:x:&gid-utmp;: |
---|
132 | usb:x:&gid-usb;: |
---|
133 | cdrom:x:&gid-cdrom;:</literal> |
---|
134 | EOF</userinput></screen> |
---|
135 | |
---|
136 | <variablelist os="d"> |
---|
137 | |
---|
138 | <title>Additional groups you may want to add</title> |
---|
139 | |
---|
140 | <varlistentry> |
---|
141 | <term><literal>adm:x:&gid-adm;:root,adm,daemon</literal></term> |
---|
142 | <listitem> |
---|
143 | <para>All users in this group are allowed to do administrative tasks</para> |
---|
144 | </listitem> |
---|
145 | </varlistentry> |
---|
146 | <varlistentry> |
---|
147 | <term><literal>console:x:&gid-console;:</literal></term> |
---|
148 | <listitem> |
---|
149 | <para>This group has direct access to the console</para> |
---|
150 | </listitem> |
---|
151 | </varlistentry> |
---|
152 | <varlistentry> |
---|
153 | <term><literal>cdrw:x:&gid-cdrw;:</literal></term> |
---|
154 | <listitem> |
---|
155 | <para>This group is allowed to use the CDRW drive</para> |
---|
156 | </listitem> |
---|
157 | </varlistentry> |
---|
158 | <varlistentry> |
---|
159 | <term><literal>mail:x:&gid-mail;:mail</literal></term> |
---|
160 | <listitem> |
---|
161 | <para>Used by MTAs (Mail Transport Agents)</para> |
---|
162 | </listitem> |
---|
163 | </varlistentry> |
---|
164 | <varlistentry> |
---|
165 | <term><literal>news:x:&gid-news;:news</literal></term> |
---|
166 | <listitem> |
---|
167 | <para>Used by Network News Servers</para> |
---|
168 | </listitem> |
---|
169 | </varlistentry> |
---|
170 | <varlistentry> |
---|
171 | <term><literal>users:x:&gid-users;:</literal></term> |
---|
172 | <listitem> |
---|
173 | <para>The default GID used by shadow for new users</para> |
---|
174 | </listitem> |
---|
175 | </varlistentry> |
---|
176 | <varlistentry> |
---|
177 | <term><literal>nogroup:x:&gid-nogroup;:</literal></term> |
---|
178 | <listitem> |
---|
179 | <para>This is a default group used by some programs that do not |
---|
180 | require a group</para> |
---|
181 | </listitem> |
---|
182 | </varlistentry> |
---|
183 | <varlistentry> |
---|
184 | <term><literal>nobody:x:&gid-nobody;:</literal></term> |
---|
185 | <listitem> |
---|
186 | <para>This is used by NFS</para> |
---|
187 | </listitem> |
---|
188 | </varlistentry> |
---|
189 | </variablelist> |
---|
190 | |
---|
191 | <para os="e">The created groups are not part of any standard—they are |
---|
192 | groups decided on in part by the requirements of the Udev configuration |
---|
193 | in the final system, and in part by common convention employed by a |
---|
194 | number of existing Linux distributions. The Linux Standard Base (LSB, |
---|
195 | available at <ulink url="http://www.linuxbase.org"/>) recommends only |
---|
196 | that, besides the group <quote>root</quote> with a Group ID (GID) of 0, |
---|
197 | a group <quote>bin</quote> with a GID of 1 be present. All other group |
---|
198 | names and GIDs can be chosen freely by the system administrator since |
---|
199 | well-written programs do not depend on GID numbers, but rather use the |
---|
200 | group's name.</para> |
---|
201 | |
---|
202 | <para os="f">The <command>login</command>, <command>agetty</command>, and |
---|
203 | <command>init</command> programs (and others) use a number of log |
---|
204 | files to record information such as who was logged into the system and |
---|
205 | when. However, these programs will not write to the log files if they |
---|
206 | do not already exist. Initialize the log files and give them |
---|
207 | proper permissions:</para> |
---|
208 | |
---|
209 | <screen><userinput>touch ${CLFS}/var/run/utmp ${CLFS}/var/log/{btmp,lastlog,wtmp} |
---|
210 | chmod -v 664 ${CLFS}/var/run/utmp ${CLFS}/var/log/lastlog |
---|
211 | chmod -v 600 ${CLFS}/var/log/btmp</userinput></screen> |
---|
212 | |
---|
213 | <para>The <filename>/var/run/utmp</filename> file records the users |
---|
214 | that are currently logged in. The <filename>/var/log/wtmp</filename> |
---|
215 | file records all logins and logouts. The |
---|
216 | <filename>/var/log/lastlog</filename> file records when |
---|
217 | each user last logged in. The <filename>/var/log/btmp</filename> file |
---|
218 | records the bad login attempts.</para> |
---|
219 | |
---|
220 | </sect1> |
---|