[bf8c11f] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
| 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
|
---|
| 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 | ]>
|
---|
| 7 |
|
---|
| 8 | <sect1 id="ch-boot-pwdgroup">
|
---|
| 9 | <?dbhtml filename="pwdgroup.html"?>
|
---|
| 10 |
|
---|
| 11 | <title>Creating the passwd, group, and log Files</title>
|
---|
| 12 |
|
---|
| 13 | <indexterm zone="ch-boot-pwdgroup">
|
---|
[a6bba28d] | 14 | <primary sortas="e-/etc/passwd">/etc/passwd</primary>
|
---|
[bf8c11f] | 15 | </indexterm>
|
---|
| 16 |
|
---|
| 17 | <indexterm zone="ch-boot-pwdgroup">
|
---|
[a6bba28d] | 18 | <primary sortas="e-/etc/group">/etc/group</primary>
|
---|
[bf8c11f] | 19 | </indexterm>
|
---|
| 20 |
|
---|
| 21 | <indexterm zone="ch-boot-pwdgroup">
|
---|
[a6bba28d] | 22 | <primary sortas="e-/var/run/utmp">/var/run/utmp</primary>
|
---|
[bf8c11f] | 23 | </indexterm>
|
---|
| 24 |
|
---|
| 25 | <indexterm zone="ch-boot-pwdgroup">
|
---|
[a6bba28d] | 26 | <primary sortas="e-/var/log/btmp">/var/log/btmp</primary>
|
---|
[bf8c11f] | 27 | </indexterm>
|
---|
| 28 |
|
---|
| 29 | <indexterm zone="ch-boot-pwdgroup">
|
---|
[a6bba28d] | 30 | <primary sortas="e-/var/log/lastlog">/var/log/lastlog</primary>
|
---|
[bf8c11f] | 31 | </indexterm>
|
---|
| 32 |
|
---|
| 33 | <indexterm zone="ch-boot-pwdgroup">
|
---|
[a6bba28d] | 34 | <primary sortas="e-/var/log/wtmp">/var/log/wtmp</primary>
|
---|
[bf8c11f] | 35 | </indexterm>
|
---|
| 36 |
|
---|
[0225b23] | 37 | <para os="a">In order for user <systemitem class="username">root</systemitem> to
|
---|
[bf8c11f] | 38 | be able to login and for the name <quote>root</quote> to be recognized,
|
---|
[a6bba28d] | 39 | there must be relevant entries in the <filename>/etc/passwd</filename>
|
---|
| 40 | and <filename>/etc/group</filename> files.</para>
|
---|
[bf8c11f] | 41 |
|
---|
[f1fd69a] | 42 | <para>Create the <filename>${CLFS}/etc/passwd</filename> file by running
|
---|
[bf8c11f] | 43 | the following command:</para>
|
---|
| 44 |
|
---|
[f1fd69a] | 45 | <screen><userinput>cat > ${CLFS}/etc/passwd << "EOF"
|
---|
[a576c3d] | 46 | <literal>root::0:0:root:/root:/bin/bash</literal>
|
---|
[22a9a76] | 47 | EOF</userinput></screen>
|
---|
| 48 |
|
---|
[0225b23] | 49 | <para os="b">The actual password for <systemitem class="username">root</systemitem>
|
---|
[4e2bbfd] | 50 | (the <quote>::</quote> used here is just a placeholder and allow you to login
|
---|
| 51 | with no password) will be set later.</para>
|
---|
[bf8c11f] | 52 |
|
---|
[0225b23] | 53 | <variablelist os="c">
|
---|
[d682c7e] | 54 |
|
---|
| 55 | <title>Additional users you may want to add:</title>
|
---|
| 56 |
|
---|
| 57 | <varlistentry>
|
---|
| 58 | <term><literal>bin:x:1:1:bin:/bin:/bin/false</literal></term>
|
---|
| 59 | <listitem>
|
---|
[5b8677c] | 60 | <para>Was recommended for compatibility with legacy applications.</para>
|
---|
[d682c7e] | 61 | </listitem>
|
---|
| 62 | </varlistentry>
|
---|
| 63 | <varlistentry>
|
---|
| 64 | <term><literal>daemon:x:2:6:daemon:/sbin:/bin/false</literal></term>
|
---|
| 65 | <listitem>
|
---|
[5b8677c] | 66 | <para>Was recommended as an unprivileged User ID/Group ID for daemons
|
---|
| 67 | to execute under in order to limit their access to the system.</para>
|
---|
[d682c7e] | 68 | </listitem>
|
---|
| 69 | </varlistentry>
|
---|
| 70 | <varlistentry>
|
---|
| 71 | <term><literal>adm:x:3:16:adm:/var/adm:/bin/false</literal></term>
|
---|
| 72 | <listitem>
|
---|
[5b8677c] | 73 | <para>Was used for programs that performed administrative tasks.</para>
|
---|
[d682c7e] | 74 | </listitem>
|
---|
| 75 | </varlistentry>
|
---|
| 76 | <varlistentry>
|
---|
| 77 | <term><literal>lp:x:10:9:lp:/var/spool/lp:/bin/false</literal></term>
|
---|
| 78 | <listitem>
|
---|
[4e2bbfd] | 79 | <para>Used by programs for printing</para>
|
---|
[d682c7e] | 80 | </listitem>
|
---|
| 81 | </varlistentry>
|
---|
| 82 | <varlistentry>
|
---|
| 83 | <term><literal>mail:x:30:30:mail:/var/mail:/bin/false</literal></term>
|
---|
| 84 | <listitem>
|
---|
[4e2bbfd] | 85 | <para>Often used by email programs</para>
|
---|
[d682c7e] | 86 | </listitem>
|
---|
| 87 | </varlistentry>
|
---|
| 88 | <varlistentry>
|
---|
| 89 | <term><literal>news:x:31:31:news:/var/spool/news:/bin/false</literal></term>
|
---|
| 90 | <listitem>
|
---|
[5b8677c] | 91 | <para>Often used for network news servers</para>
|
---|
[d682c7e] | 92 | </listitem>
|
---|
| 93 | </varlistentry>
|
---|
| 94 | <varlistentry>
|
---|
| 95 | <term><literal>uucp:x:32:32:uucp:/var/spool/uucp:/bin/false</literal></term>
|
---|
| 96 | <listitem>
|
---|
[5b8677c] | 97 | <para>Often used for Unix-to-Unix Copy of files from one server to the next/</para>
|
---|
[d682c7e] | 98 | </listitem>
|
---|
| 99 | </varlistentry>
|
---|
| 100 | <varlistentry>
|
---|
| 101 | <term><literal>operator:x:50:0:operator:/root:/bin/bash</literal></term>
|
---|
| 102 | <listitem>
|
---|
[5b8677c] | 103 | <para>Often used to allow system operators to access the system</para>
|
---|
[d682c7e] | 104 | </listitem>
|
---|
| 105 | </varlistentry>
|
---|
| 106 | <varlistentry>
|
---|
| 107 | <term><literal>postmaster:x:51:30:postmaster:/var/spool/mail:/bin/false</literal></term>
|
---|
| 108 | <listitem>
|
---|
[5b8677c] | 109 | <para>Is the account that receives all the information of troubles with the mail server</para>
|
---|
[d682c7e] | 110 | </listitem>
|
---|
| 111 | </varlistentry>
|
---|
| 112 | <varlistentry>
|
---|
| 113 | <term><literal>nobody:x:65534:65534:nobody:/:/bin/false</literal></term>
|
---|
| 114 | <listitem>
|
---|
[5b8677c] | 115 | <para>This account is used by NFS.</para>
|
---|
[d682c7e] | 116 | </listitem>
|
---|
| 117 | </varlistentry>
|
---|
| 118 | </variablelist>
|
---|
| 119 |
|
---|
[0f12103] | 120 | <para>Create the <filename>${CLFS}/etc/group</filename> file by running
|
---|
[bf8c11f] | 121 | the following command:</para>
|
---|
| 122 |
|
---|
[f1fd69a] | 123 | <screen><userinput>cat > ${CLFS}/etc/group << "EOF"
|
---|
[22a9a76] | 124 | <literal>root:x:0:
|
---|
| 125 | bin:x:1:
|
---|
| 126 | sys:x:2:
|
---|
| 127 | kmem:x:3:
|
---|
| 128 | tty:x:4:
|
---|
| 129 | tape:x:5:
|
---|
| 130 | daemon:x:6:
|
---|
| 131 | floppy:x:7:
|
---|
| 132 | disk:x:8:
|
---|
| 133 | lp:x:9:
|
---|
| 134 | dialout:x:10:
|
---|
| 135 | audio:x:11:
|
---|
| 136 | video:x:12:
|
---|
| 137 | utmp:x:13:
|
---|
| 138 | usb:x:14:
|
---|
| 139 | cdrom:x:15:</literal>
|
---|
| 140 | EOF</userinput></screen>
|
---|
| 141 |
|
---|
[0225b23] | 142 | <variablelist os="d">
|
---|
[1352ed3] | 143 |
|
---|
| 144 | <title>Additional groups you may want to add</title>
|
---|
| 145 |
|
---|
| 146 | <varlistentry>
|
---|
| 147 | <term><literal>adm:x:16:root,adm,daemon</literal></term>
|
---|
| 148 | <listitem>
|
---|
[5b8677c] | 149 | <para>All users in this group are allowed to do administrative tasks</para>
|
---|
[1352ed3] | 150 | </listitem>
|
---|
| 151 | </varlistentry>
|
---|
| 152 | <varlistentry>
|
---|
| 153 | <term><literal>console:x:17:</literal></term>
|
---|
| 154 | <listitem>
|
---|
[5b8677c] | 155 | <para>This group has direct access to the console</para>
|
---|
[1352ed3] | 156 | </listitem>
|
---|
| 157 | </varlistentry>
|
---|
| 158 | <varlistentry>
|
---|
| 159 | <term><literal>cdrw:x:18:</literal></term>
|
---|
| 160 | <listitem>
|
---|
[5b8677c] | 161 | <para>This group is allowed to use the CDRW drive</para>
|
---|
[1352ed3] | 162 | </listitem>
|
---|
| 163 | </varlistentry>
|
---|
| 164 | <varlistentry>
|
---|
| 165 | <term><literal>mail:x:30:mail</literal></term>
|
---|
| 166 | <listitem>
|
---|
| 167 | <para>Used by MTAs (Mail Transport Agents)</para>
|
---|
| 168 | </listitem>
|
---|
| 169 | </varlistentry>
|
---|
| 170 | <varlistentry>
|
---|
| 171 | <term><literal>news:x:31:news</literal></term>
|
---|
| 172 | <listitem>
|
---|
[5b8677c] | 173 | <para>Used by Network News Servers</para>
|
---|
[1352ed3] | 174 | </listitem>
|
---|
| 175 | </varlistentry>
|
---|
| 176 | <varlistentry>
|
---|
| 177 | <term><literal>uucp:x:32:uucp</literal></term>
|
---|
| 178 | <listitem>
|
---|
[5b8677c] | 179 | <para>Used by the Unix-to-Unix copy users.</para>
|
---|
[1352ed3] | 180 | </listitem>
|
---|
| 181 | </varlistentry>
|
---|
| 182 | <varlistentry>
|
---|
[4e2bbfd] | 183 | <term><literal>users:x:1000:</literal></term>
|
---|
[1352ed3] | 184 | <listitem>
|
---|
[4e2bbfd] | 185 | <para>The default GID used by shadow for new users</para>
|
---|
[1352ed3] | 186 | </listitem>
|
---|
| 187 | </varlistentry>
|
---|
| 188 | <varlistentry>
|
---|
| 189 | <term><literal>nogroup:x:65533:</literal></term>
|
---|
| 190 | <listitem>
|
---|
[5b8677c] | 191 | <para>This is a default group used by some programs that do not
|
---|
| 192 | require a group</para>
|
---|
[1352ed3] | 193 | </listitem>
|
---|
| 194 | </varlistentry>
|
---|
| 195 | <varlistentry>
|
---|
| 196 | <term><literal>nobody:x:65534:</literal></term>
|
---|
| 197 | <listitem>
|
---|
[5b8677c] | 198 | <para>This is used by NFS.</para>
|
---|
[1352ed3] | 199 | </listitem>
|
---|
| 200 | </varlistentry>
|
---|
[b18d234] | 201 | </variablelist>
|
---|
[bf8c11f] | 202 |
|
---|
[0225b23] | 203 | <para os="e">The created groups are not part of any standard—they are
|
---|
[bf8c11f] | 204 | groups decided on in part by the requirements of the Udev configuration
|
---|
| 205 | in the final system, and in part by common convention employed by a
|
---|
| 206 | number of existing Linux distributions. The Linux Standard Base (LSB,
|
---|
| 207 | available at <ulink url="http://www.linuxbase.org"/>) recommends only
|
---|
| 208 | that, besides the group <quote>root</quote> with a Group ID (GID) of 0,
|
---|
| 209 | a group <quote>bin</quote> with a GID of 1 be present. All other group
|
---|
| 210 | names and GIDs can be chosen freely by the system administrator since
|
---|
| 211 | well-written programs do not depend on GID numbers, but rather use the
|
---|
| 212 | group's name.</para>
|
---|
| 213 |
|
---|
[0225b23] | 214 | <para os="f">The <command>login</command>, <command>agetty</command>, and
|
---|
[bf8c11f] | 215 | <command>init</command> programs (and others) use a number of log
|
---|
| 216 | files to record information such as who was logged into the system and
|
---|
| 217 | when. However, these programs will not write to the log files if they
|
---|
| 218 | do not already exist. Initialize the log files and give them
|
---|
| 219 | proper permissions:</para>
|
---|
| 220 |
|
---|
[f1fd69a] | 221 | <screen><userinput>touch ${CLFS}/var/run/utmp ${CLFS}/var/log/{btmp,lastlog,wtmp}
|
---|
| 222 | chmod -v 664 ${CLFS}/var/run/utmp ${CLFS}/var/log/lastlog
|
---|
| 223 | chmod -v 600 ${CLFS}/var/log/btmp</userinput></screen>
|
---|
[bf8c11f] | 224 |
|
---|
[a6bba28d] | 225 | <para>The <filename>/var/run/utmp</filename> file records the users
|
---|
| 226 | that are currently logged in. The <filename>/var/log/wtmp</filename>
|
---|
[bf8c11f] | 227 | file records all logins and logouts. The
|
---|
[a6bba28d] | 228 | <filename>/var/log/lastlog</filename> file records when
|
---|
| 229 | each user last logged in. The <filename>/var/log/btmp</filename> file
|
---|
[bf8c11f] | 230 | records the bad login attempts.</para>
|
---|
| 231 |
|
---|
| 232 | </sect1>
|
---|