source: BOOK/boot/common/pwdgroup.xml @ a49b75d

clfs-3.0.0-systemdclfs-3.0.0-sysvinitsystemdsysvinit
Last change on this file since a49b75d was a49b75d, checked in by Chris Staub <chris@…>, 8 years ago

Actually allow root to logon with no password

  • Property mode set to 100644
File size: 7.0 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4  <!ENTITY % general-entities SYSTEM "../../general.ent">
5  %general-entities;
6]>
7
8<sect1 id="ch-boot-pwdgroup">
9  <?dbhtml filename="pwdgroup.html"?>
10
11  <title>Creating the passwd and group Files</title>
12
13  <indexterm zone="ch-boot-pwdgroup">
14    <primary sortas="e-/etc/passwd">/etc/passwd</primary>
15  </indexterm>
16
17  <indexterm zone="ch-boot-pwdgroup">
18    <primary sortas="e-/etc/group">/etc/group</primary>
19  </indexterm>
20
21  <para os="a">In order for user <systemitem class="username">root</systemitem> to
22  be able to login and for the name <quote>root</quote> to be recognized,
23  there must be relevant entries in the <filename>/etc/passwd</filename>
24  and <filename>/etc/group</filename> files.</para>
25
26  <para>Create the <filename>${CLFS}/etc/passwd</filename> file by running
27  the following command:</para>
28
29<screen><userinput>cat &gt; ${CLFS}/etc/passwd &lt;&lt; "EOF"
30<literal>root::&uid-root;:&gid-root;:root:/root:/bin/bash</literal>
31<literal>bin:x:&uid-bin;:&gid-bin;:/dev/null:/bin/false</literal>
32<literal>daemon:x:&uid-daemon;:&gid-daemon;:/dev/null:/bin/false</literal>
33<literal>messagebus:x:&uid-messagebus;:&gid-messagebus;:D-Bus Message Daemon User:/dev/null:/bin/false</literal>
34<literal>nobody:x:&uid-nobody;:&gid-nogroup;:Unprivileged User:/dev/null:/bin/false</literal>
35EOF</userinput></screen>
36
37  <para os="b">The actual password for <systemitem class="username">root</systemitem>
38  (the <quote>::</quote> used here is just a placeholder and allows you to login
39  with no password) will be set later.</para>
40
41  <variablelist os="c">
42 
43    <title>Additional users you may want to add if not already included:</title>
44
45    <varlistentry>
46      <term><literal>bin:x:&uid-bin;:&gid-bin;:bin:/bin:/bin/false</literal></term>
47      <listitem>
48        <para>Can be useful for compatibility with legacy applications.</para>
49      </listitem>
50    </varlistentry>
51    <varlistentry>
52      <term><literal>daemon:x:&uid-daemon;:&gid-daemon;:daemon:/sbin:/bin/false</literal></term>
53      <listitem>
54        <para>It is often recommended to use an unprivileged User ID/Group ID
55        for daemons to run as, in order to limit their access to the system.</para>
56      </listitem>
57    </varlistentry>
58    <varlistentry>
59      <term><literal>adm:x:&uid-adm;:&gid-adm;:adm:/var/adm:/bin/false</literal></term>
60      <listitem>
61        <para>Was used for programs that performed administrative tasks.</para>
62      </listitem>
63    </varlistentry>
64    <varlistentry>
65      <term><literal>lp:x:&uid-lp;:&gid-lp;:lp:/var/spool/lp:/bin/false</literal></term>
66      <listitem>
67        <para>Used by programs for printing</para>
68      </listitem>
69    </varlistentry>
70    <varlistentry>
71      <term><literal>mail:x:&uid-mail;:&gid-mail;:mail:/var/mail:/bin/false</literal></term>
72      <listitem>
73        <para>Often used by email programs</para>
74      </listitem>
75    </varlistentry>
76    <varlistentry>
77      <term><literal>news:x:&uid-news;:&gid-news;:news:/var/spool/news:/bin/false</literal></term>
78      <listitem>
79        <para>Often used for network news servers</para>
80      </listitem>
81    </varlistentry>
82    <varlistentry>
83      <term><literal>operator:x:&uid-operator;:&gid-root;:operator:/root:/bin/bash</literal></term>
84      <listitem>
85        <para>Often used to allow system operators to access the system</para>
86      </listitem>
87    </varlistentry>
88    <varlistentry>
89      <term><literal>postmaster:x:&uid-postmaster;:&gid-mail;:postmaster:/var/spool/mail:/bin/false</literal></term>
90      <listitem>
91        <para>Generally used as an account that receives all the information of troubles with the mail server</para>
92      </listitem>
93    </varlistentry>
94    <varlistentry>
95      <term><literal>nobody:x:&uid-nobody;:&gid-nogroup;:nobody:/:/bin/false</literal></term>
96      <listitem>
97        <para>Used by NFS</para>
98      </listitem>
99    </varlistentry>
100  </variablelist>
101
102  <para>Create the <filename>${CLFS}/etc/group</filename> file by running
103  the following command:</para>
104
105<screen><userinput>cat &gt; ${CLFS}/etc/group &lt;&lt; "EOF"
106<literal>root:x:0:
107bin:x:&gid-bin;:
108sys:x:&gid-sys;:
109kmem:x:&gid-kmem;:
110tty:x:&gid-tty;:
111tape:x:&gid-tape;:
112daemon:x:&gid-daemon;:
113floppy:x:&gid-floppy;:
114disk:x:&gid-disk;:
115lp:x:&gid-lp;:
116dialout:x:&gid-dialout;:
117audio:x:&gid-audio;:
118video:x:&gid-video;:
119utmp:x:&gid-utmp;:
120usb:x:&gid-usb;:
121cdrom:x:&gid-cdrom;:
122adm:x:&gid-adm;:
123messagebus:x:&gid-messagebus;:
124systemd-journal:x:&gid-systemd-journal;:
125mail:x:&gid-mail;:
126wheel:x:&gid-wheel;:
127nogroup:x:&gid-nogroup;:</literal>
128EOF</userinput></screen>
129
130  <variablelist os="d">
131
132    <title>Additional groups you may want to add if not already included:</title>
133
134    <varlistentry>
135      <term><literal>adm:x:&gid-adm;:root,adm,daemon</literal></term>
136      <listitem>
137        <para>All users in this group are allowed to do administrative tasks</para>
138      </listitem>
139    </varlistentry>
140    <varlistentry>
141      <term><literal>console:x:&gid-console;:</literal></term>
142      <listitem>
143        <para>This group has direct access to the console</para>
144      </listitem>
145    </varlistentry>
146    <varlistentry>
147      <term><literal>cdrw:x:&gid-cdrw;:</literal></term>
148      <listitem>
149        <para>This group is allowed to use the CDRW drive</para>
150      </listitem>
151    </varlistentry>
152    <varlistentry>
153      <term><literal>mail:x:&gid-mail;:mail</literal></term>
154      <listitem>
155        <para>Used by MTAs (Mail Transport Agents)</para>
156      </listitem>
157    </varlistentry>
158    <varlistentry>
159      <term><literal>news:x:&gid-news;:news</literal></term>
160      <listitem>
161        <para>Used by Network News Servers</para>
162      </listitem>
163    </varlistentry>
164    <varlistentry>
165      <term><literal>users:x:&gid-users;:</literal></term>
166      <listitem>
167        <para>The default GID used by shadow for new users</para>
168      </listitem>
169    </varlistentry>
170    <varlistentry>
171      <term><literal>nogroup:x:&gid-nogroup;:</literal></term>
172      <listitem>
173        <para>This is a default group used by some programs that do not
174        require a group</para>
175      </listitem>
176    </varlistentry>
177    <varlistentry>
178      <term><literal>nobody:x:&gid-nogroup;:</literal></term>
179      <listitem>
180        <para>This is used by NFS</para>
181      </listitem>
182    </varlistentry>
183  </variablelist>
184
185  <para os="e">The created groups are not part of any standard&mdash;they are
186  groups decided on in part by the requirements of the Systemd configuration
187  in the final system, and in part by common convention employed by a
188  number of existing Linux distributions. The Linux Standard Base (LSB,
189  available at <ulink url="http://www.linuxbase.org"/>) recommends only
190  that, besides the group <quote>root</quote> with a Group ID (GID) of 0,
191  a group <quote>bin</quote> with a GID of 1 be present. All other group
192  names and GIDs can be chosen freely by the system administrator since
193  well-written programs do not depend on GID numbers, but rather use the
194  group's name.</para>
195
196</sect1>
Note: See TracBrowser for help on using the repository browser.