Context Navigation

source: BOOK/boot/common/pwdgroup.xml@ 879aee3b

Visit:

sysvinit

Last change on this file since 879aee3b was 1e08a9b, checked in by Chris Staub <chris@…>, 10 years ago
No need to create /var/run/utmp
Property mode set to `100644`
File size: 7.2 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6	]>
7
8	<sect1 id="ch-boot-pwdgroup">
9	<?dbhtml filename="pwdgroup.html"?>
10
11	<title>Creating the passwd, group, and log Files</title>
12
13	<indexterm zone="ch-boot-pwdgroup">
14	<primary sortas="e-/etc/passwd">/etc/passwd</primary>
15	<secondary>boot</secondary>
16	</indexterm>
17
18	<indexterm zone="ch-boot-pwdgroup">
19	<primary sortas="e-/etc/group">/etc/group</primary>
20	<secondary>boot</secondary>
21	</indexterm>
22
23	<indexterm zone="ch-boot-pwdgroup">
24	<primary sortas="e-/var/log/btmp">/var/log/btmp</primary>
25	<secondary>boot</secondary>
26	</indexterm>
27
28	<indexterm zone="ch-boot-pwdgroup">
29	<primary sortas="e-/var/log/lastlog">/var/log/lastlog</primary>
30	<secondary>boot</secondary>
31	</indexterm>
32
33	<indexterm zone="ch-boot-pwdgroup">
34	<primary sortas="e-/var/log/wtmp">/var/log/wtmp</primary>
35	<secondary>boot</secondary>
36	</indexterm>
37
38	<para os="a">In order for user <systemitem class="username">root</systemitem> to
39	be able to login and for the name <quote>root</quote> to be recognized,
40	there must be relevant entries in the <filename>/etc/passwd</filename>
41	and <filename>/etc/group</filename> files.</para>
42
43	<para>Create the <filename>${CLFS}/etc/passwd</filename> file by running
44	the following command:</para>
45
46	<screen><userinput>cat > ${CLFS}/etc/passwd << "EOF"
47	<literal>root::&uid-root;:&gid-root;:root:/root:/bin/bash</literal>
48	<literal>bin:x:&uid-bin;:&gid-bin;:/bin:/bin/false</literal>
49	<literal>daemon:x:&uid-daemon;:&gid-daemon;:/sbin:/bin/false</literal>
50	<literal>nobody:x:&uid-nobody;:&gid-nogroup;:Unprivileged User:/dev/null:/bin/false</literal>
51	EOF</userinput></screen>
52
53	<para os="b">The actual password for <systemitem class="username">root</systemitem>
54	(the <quote>::</quote> used here is just a placeholder and allows you to login
55	with no password) will be set later.</para>
56
57	<variablelist os="c">
58
59	<title>Additional users you may want to add if not already included:</title>
60
61	<varlistentry>
62	<term><literal>adm:x:&uid-adm;:&gid-adm;:adm:/var/adm:/bin/false</literal></term>
63	<listitem>
64	<para>Was used for programs that performed administrative tasks.</para>
65	</listitem>
66	</varlistentry>
67	<varlistentry>
68	<term><literal>lp:x:&uid-lp;:&gid-lp;:lp:/var/spool/lp:/bin/false</literal></term>
69	<listitem>
70	<para>Used by programs for printing</para>
71	</listitem>
72	</varlistentry>
73	<varlistentry>
74	<term><literal>mail:x:&uid-mail;:&gid-mail;:mail:/var/mail:/bin/false</literal></term>
75	<listitem>
76	<para>Often used by email programs</para>
77	</listitem>
78	</varlistentry>
79	<varlistentry>
80	<term><literal>messagebus:x:&uid-messagebus;:&gid-messagebus;:D-Bus Message Daemon User:/dev/null:/bin/false</literal></term>
81	<listitem>
82	<para>User for D-Bus</para>
83	</listitem>
84	</varlistentry>
85	<varlistentry>
86	<term><literal>news:x:&uid-news;:&gid-news;:news:/var/spool/news:/bin/false</literal></term>
87	<listitem>
88	<para>Often used for network news servers</para>
89	</listitem>
90	</varlistentry>
91	<varlistentry>
92	<term><literal>operator:x:&uid-operator;:&gid-root;:operator:/root:/bin/bash</literal></term>
93	<listitem>
94	<para>Often used to allow system operators to access the system</para>
95	</listitem>
96	</varlistentry>
97	<varlistentry>
98	<term><literal>postmaster:x:&uid-postmaster;:&gid-mail;:postmaster:/var/spool/mail:/bin/false</literal></term>
99	<listitem>
100	<para>Generally used as an account that receives all the information of troubles with the mail server</para>
101	</listitem>
102	</varlistentry>
103	</variablelist>
104
105	<para>Create the <filename>${CLFS}/etc/group</filename> file by running
106	the following command:</para>
107
108	<screen><userinput>cat > ${CLFS}/etc/group << "EOF"
109	<literal>root:x:0:
110	bin:x:&gid-bin;:
111	sys:x:&gid-sys;:
112	kmem:x:&gid-kmem;:
113	tty:x:&gid-tty;:
114	tape:x:&gid-tape;:
115	daemon:x:&gid-daemon;:
116	floppy:x:&gid-floppy;:
117	disk:x:&gid-disk;:
118	lp:x:&gid-lp;:
119	dialout:x:&gid-dialout;:
120	audio:x:&gid-audio;:
121	video:x:&gid-video;:
122	utmp:x:&gid-utmp;:
123	usb:x:&gid-usb;:
124	cdrom:x:&gid-cdrom;:
125	adm:x:&gid-adm;:
126	mail:x:&gid-mail;:
127	wheel:x:&gid-wheel;:
128	nogroup:x:&gid-nogroup;:</literal>
129	EOF</userinput></screen>
130
131	<variablelist os="d">
132
133	<title>Additional groups you may want to add if not already included:</title>
134
135	<varlistentry>
136	<term><literal>console:x:&gid-console;:</literal></term>
137	<listitem>
138	<para>This group has direct access to the console</para>
139	</listitem>
140	</varlistentry>
141	<varlistentry>
142	<term><literal>cdrw:x:&gid-cdrw;:</literal></term>
143	<listitem>
144	<para>This group is allowed to use the CDRW drive</para>
145	</listitem>
146	</varlistentry>
147	<varlistentry>
148	<term><literal>messagebus:x:&gid-messagebus;:</literal></term>
149	<listitem>
150	<para>User for D-Bus</para>
151	</listitem>
152	</varlistentry>
153	<varlistentry>
154	<term><literal>news:x:&gid-news;:news</literal></term>
155	<listitem>
156	<para>Used by Network News Servers</para>
157	</listitem>
158	</varlistentry>
159	<varlistentry>
160	<term><literal>users:x:&gid-users;:</literal></term>
161	<listitem>
162	<para>The default GID used by shadow for new users</para>
163	</listitem>
164	</varlistentry>
165	<varlistentry>
166	<term><literal>nobody:x:&gid-nogroup;:</literal></term>
167	<listitem>
168	<para>This is used by NFS</para>
169	</listitem>
170	</varlistentry>
171	</variablelist>
172
173	<para os="e">The created groups are not part of any standard—they are
174	groups decided on in part by the requirements of the Systemd configuration
175	in the final system, and in part by common convention employed by a
176	number of existing Linux distributions. The Linux Standard Base (LSB,
177	available at <ulink url="http://www.linuxbase.org"/>) recommends only
178	that, besides the group <quote>root</quote> with a Group ID (GID) of 0,
179	a group <quote>bin</quote> with a GID of 1 be present. All other group
180	names and GIDs can be chosen freely by the system administrator since
181	well-written programs do not depend on GID numbers, but rather use the
182	group's name.</para>
183
184	<para os="f">The <command>login</command>, <command>agetty</command>, and
185	<command>init</command> programs (and others) use a number of log
186	files to record information such as who was logged into the system and
187	when. However, these programs will not write to the log files if they
188	do not already exist. Initialize the log files and give them
189	proper permissions:</para>
190
191	<screen os="g"><userinput>touch ${CLFS}/var/log/{btmp,lastlog,wtmp}
192	chgrp -v &gid-utmp; ${CLFS}/var/log/lastlog
193	chmod -v 664 ${CLFS}/var/log/lastlog
194	chmod -v 600 ${CLFS}/var/log/btmp</userinput></screen>
195
196	<para os="h">The <filename>/var/log/wtmp</filename>
197	file records all logins and logouts. The
198	<filename>/var/log/lastlog</filename> file records when
199	each user last logged in. The <filename>/var/log/btmp</filename> file
200	records the bad login attempts.</para>
201
202	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: