source: BOOK/boot/common/pwdgroup.xml@ 8876eda

clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit
Last change on this file since 8876eda was a49b75d, checked in by Chris Staub <chris@…>, 11 years ago

Actually allow root to logon with no password

  • Property mode set to 100644
File size: 7.0 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-boot-pwdgroup">
9 <?dbhtml filename="pwdgroup.html"?>
10
11 <title>Creating the passwd and group Files</title>
12
13 <indexterm zone="ch-boot-pwdgroup">
14 <primary sortas="e-/etc/passwd">/etc/passwd</primary>
15 </indexterm>
16
17 <indexterm zone="ch-boot-pwdgroup">
18 <primary sortas="e-/etc/group">/etc/group</primary>
19 </indexterm>
20
21 <para os="a">In order for user <systemitem class="username">root</systemitem> to
22 be able to login and for the name <quote>root</quote> to be recognized,
23 there must be relevant entries in the <filename>/etc/passwd</filename>
24 and <filename>/etc/group</filename> files.</para>
25
26 <para>Create the <filename>${CLFS}/etc/passwd</filename> file by running
27 the following command:</para>
28
29<screen><userinput>cat &gt; ${CLFS}/etc/passwd &lt;&lt; "EOF"
30<literal>root::&uid-root;:&gid-root;:root:/root:/bin/bash</literal>
31<literal>bin:x:&uid-bin;:&gid-bin;:/dev/null:/bin/false</literal>
32<literal>daemon:x:&uid-daemon;:&gid-daemon;:/dev/null:/bin/false</literal>
33<literal>messagebus:x:&uid-messagebus;:&gid-messagebus;:D-Bus Message Daemon User:/dev/null:/bin/false</literal>
34<literal>nobody:x:&uid-nobody;:&gid-nogroup;:Unprivileged User:/dev/null:/bin/false</literal>
35EOF</userinput></screen>
36
37 <para os="b">The actual password for <systemitem class="username">root</systemitem>
38 (the <quote>::</quote> used here is just a placeholder and allows you to login
39 with no password) will be set later.</para>
40
41 <variablelist os="c">
42
43 <title>Additional users you may want to add if not already included:</title>
44
45 <varlistentry>
46 <term><literal>bin:x:&uid-bin;:&gid-bin;:bin:/bin:/bin/false</literal></term>
47 <listitem>
48 <para>Can be useful for compatibility with legacy applications.</para>
49 </listitem>
50 </varlistentry>
51 <varlistentry>
52 <term><literal>daemon:x:&uid-daemon;:&gid-daemon;:daemon:/sbin:/bin/false</literal></term>
53 <listitem>
54 <para>It is often recommended to use an unprivileged User ID/Group ID
55 for daemons to run as, in order to limit their access to the system.</para>
56 </listitem>
57 </varlistentry>
58 <varlistentry>
59 <term><literal>adm:x:&uid-adm;:&gid-adm;:adm:/var/adm:/bin/false</literal></term>
60 <listitem>
61 <para>Was used for programs that performed administrative tasks.</para>
62 </listitem>
63 </varlistentry>
64 <varlistentry>
65 <term><literal>lp:x:&uid-lp;:&gid-lp;:lp:/var/spool/lp:/bin/false</literal></term>
66 <listitem>
67 <para>Used by programs for printing</para>
68 </listitem>
69 </varlistentry>
70 <varlistentry>
71 <term><literal>mail:x:&uid-mail;:&gid-mail;:mail:/var/mail:/bin/false</literal></term>
72 <listitem>
73 <para>Often used by email programs</para>
74 </listitem>
75 </varlistentry>
76 <varlistentry>
77 <term><literal>news:x:&uid-news;:&gid-news;:news:/var/spool/news:/bin/false</literal></term>
78 <listitem>
79 <para>Often used for network news servers</para>
80 </listitem>
81 </varlistentry>
82 <varlistentry>
83 <term><literal>operator:x:&uid-operator;:&gid-root;:operator:/root:/bin/bash</literal></term>
84 <listitem>
85 <para>Often used to allow system operators to access the system</para>
86 </listitem>
87 </varlistentry>
88 <varlistentry>
89 <term><literal>postmaster:x:&uid-postmaster;:&gid-mail;:postmaster:/var/spool/mail:/bin/false</literal></term>
90 <listitem>
91 <para>Generally used as an account that receives all the information of troubles with the mail server</para>
92 </listitem>
93 </varlistentry>
94 <varlistentry>
95 <term><literal>nobody:x:&uid-nobody;:&gid-nogroup;:nobody:/:/bin/false</literal></term>
96 <listitem>
97 <para>Used by NFS</para>
98 </listitem>
99 </varlistentry>
100 </variablelist>
101
102 <para>Create the <filename>${CLFS}/etc/group</filename> file by running
103 the following command:</para>
104
105<screen><userinput>cat &gt; ${CLFS}/etc/group &lt;&lt; "EOF"
106<literal>root:x:0:
107bin:x:&gid-bin;:
108sys:x:&gid-sys;:
109kmem:x:&gid-kmem;:
110tty:x:&gid-tty;:
111tape:x:&gid-tape;:
112daemon:x:&gid-daemon;:
113floppy:x:&gid-floppy;:
114disk:x:&gid-disk;:
115lp:x:&gid-lp;:
116dialout:x:&gid-dialout;:
117audio:x:&gid-audio;:
118video:x:&gid-video;:
119utmp:x:&gid-utmp;:
120usb:x:&gid-usb;:
121cdrom:x:&gid-cdrom;:
122adm:x:&gid-adm;:
123messagebus:x:&gid-messagebus;:
124systemd-journal:x:&gid-systemd-journal;:
125mail:x:&gid-mail;:
126wheel:x:&gid-wheel;:
127nogroup:x:&gid-nogroup;:</literal>
128EOF</userinput></screen>
129
130 <variablelist os="d">
131
132 <title>Additional groups you may want to add if not already included:</title>
133
134 <varlistentry>
135 <term><literal>adm:x:&gid-adm;:root,adm,daemon</literal></term>
136 <listitem>
137 <para>All users in this group are allowed to do administrative tasks</para>
138 </listitem>
139 </varlistentry>
140 <varlistentry>
141 <term><literal>console:x:&gid-console;:</literal></term>
142 <listitem>
143 <para>This group has direct access to the console</para>
144 </listitem>
145 </varlistentry>
146 <varlistentry>
147 <term><literal>cdrw:x:&gid-cdrw;:</literal></term>
148 <listitem>
149 <para>This group is allowed to use the CDRW drive</para>
150 </listitem>
151 </varlistentry>
152 <varlistentry>
153 <term><literal>mail:x:&gid-mail;:mail</literal></term>
154 <listitem>
155 <para>Used by MTAs (Mail Transport Agents)</para>
156 </listitem>
157 </varlistentry>
158 <varlistentry>
159 <term><literal>news:x:&gid-news;:news</literal></term>
160 <listitem>
161 <para>Used by Network News Servers</para>
162 </listitem>
163 </varlistentry>
164 <varlistentry>
165 <term><literal>users:x:&gid-users;:</literal></term>
166 <listitem>
167 <para>The default GID used by shadow for new users</para>
168 </listitem>
169 </varlistentry>
170 <varlistentry>
171 <term><literal>nogroup:x:&gid-nogroup;:</literal></term>
172 <listitem>
173 <para>This is a default group used by some programs that do not
174 require a group</para>
175 </listitem>
176 </varlistentry>
177 <varlistentry>
178 <term><literal>nobody:x:&gid-nogroup;:</literal></term>
179 <listitem>
180 <para>This is used by NFS</para>
181 </listitem>
182 </varlistentry>
183 </variablelist>
184
185 <para os="e">The created groups are not part of any standard&mdash;they are
186 groups decided on in part by the requirements of the Systemd configuration
187 in the final system, and in part by common convention employed by a
188 number of existing Linux distributions. The Linux Standard Base (LSB,
189 available at <ulink url="http://www.linuxbase.org"/>) recommends only
190 that, besides the group <quote>root</quote> with a Group ID (GID) of 0,
191 a group <quote>bin</quote> with a GID of 1 be present. All other group
192 names and GIDs can be chosen freely by the system administrator since
193 well-written programs do not depend on GID numbers, but rather use the
194 group's name.</para>
195
196</sect1>
Note: See TracBrowser for help on using the repository browser.