source: clfs-embedded/BOOK/bootable/common/pwdgroup.xml @ f03c1f1

Last change on this file since f03c1f1 was f03c1f1, checked in by Jim Gifford <clfs@…>, 17 years ago

Added: iana-etc
Added: passwd and group files
  • Property mode set to 100644
File size: 8.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3  "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4  <!ENTITY % general-entities SYSTEM "../../general.ent">
5  %general-entities;
6]>
7
8<sect1 id="ch-bootable-pwdgroup">
9  <?dbhtml filename="pwdgroup.html"?>
10
11  <title>Creating the passwd, group, and log Files</title>
12
13  <indexterm zone="ch-bootable-pwdgroup">
14    <primary sortas="e-/etc/passwd">/etc/passwd</primary>
15  </indexterm>
16
17  <indexterm zone="ch-bootable-pwdgroup">
18    <primary sortas="e-/etc/group">/etc/group</primary>
19  </indexterm>
20
21  <indexterm zone="ch-bootable-pwdgroup">
22    <primary sortas="e-/var/run/utmp">/var/run/utmp</primary>
23  </indexterm>
24
25  <indexterm zone="ch-bootable-pwdgroup">
26    <primary sortas="e-/var/log/btmp">/var/log/btmp</primary>
27  </indexterm>
28
29  <indexterm zone="ch-bootable-pwdgroup">
30    <primary sortas="e-/var/log/lastlog">/var/log/lastlog</primary>
31  </indexterm>
32
33  <indexterm zone="ch-bootable-pwdgroup">
34    <primary sortas="e-/var/log/wtmp">/var/log/wtmp</primary>
35  </indexterm>
36
37  <para os="a">In order for user <systemitem class="username">root</systemitem> to
38  be able to login and for the name <quote>root</quote> to be recognized,
39  there must be relevant entries in the <filename>/etc/passwd</filename>
40  and <filename>/etc/group</filename> files.</para>
41
42  <para os="b">Create the <filename>${CLFS}/etc/passwd</filename> file by running
43  the following command:</para>
44
45<screen os="c"><userinput>cat &gt; ${CLFS}/etc/passwd &lt;&lt; "EOF"
46<literal>root::0:0:root:/root:/bin/bash</literal>
47EOF</userinput></screen>
48
49  <para os="d">The actual password for <systemitem class="username">root</systemitem>
50  (the <quote>::</quote> used here is just a placeholder and allow you to login
51  with no password) will be set later.</para>
52
53  <variablelist os="e">
54 
55    <title>Additional users you may want to add:</title>
56
57    <varlistentry os="e1">
58      <term><literal>bin:x:1:1:bin:/bin:/bin/false</literal></term>
59      <listitem>
60        <para>Can be useful for compatibility with legacy applications.</para>
61      </listitem>
62    </varlistentry>
63
64    <varlistentry os="e2">
65      <term><literal>daemon:x:2:6:daemon:/sbin:/bin/false</literal></term>
66      <listitem>
67        <para>It is often recommended to use an unprivileged User ID/Group ID
68        for daemons to run as, in order to limit their access to the system.</para>
69      </listitem>
70    </varlistentry>
71
72    <varlistentry os="e3">
73      <term><literal>adm:x:3:16:adm:/var/adm:/bin/false</literal></term>
74      <listitem>
75        <para>Was used for programs that performed administrative tasks.</para>
76      </listitem>
77    </varlistentry>
78
79    <varlistentry os="e4">
80      <term><literal>lp:x:10:9:lp:/var/spool/lp:/bin/false</literal></term>
81      <listitem>
82        <para>Used by programs for printing</para>
83      </listitem>
84    </varlistentry>
85
86    <varlistentry os="e5">
87      <term><literal>mail:x:30:30:mail:/var/mail:/bin/false</literal></term>
88      <listitem>
89        <para>Often used by email programs</para>
90      </listitem>
91    </varlistentry>
92
93    <varlistentry os="e6">
94      <term><literal>news:x:31:31:news:/var/spool/news:/bin/false</literal></term>
95      <listitem>
96        <para>Often used for network news servers</para>
97      </listitem>
98    </varlistentry>
99
100    <varlistentry os="e7">
101      <term><literal>uucp:x:32:32:uucp:/var/spool/uucp:/bin/false</literal></term>
102      <listitem>
103        <para>Often used for Unix-to-Unix Copy of files from one server to the next</para>
104      </listitem>
105    </varlistentry>
106
107    <varlistentry os="e8">
108      <term><literal>operator:x:50:0:operator:/root:/bin/bash</literal></term>
109      <listitem>
110        <para>Often used to allow system operators to access the system</para>
111      </listitem>
112    </varlistentry>
113
114    <varlistentry os="e9">
115      <term><literal>postmaster:x:51:30:postmaster:/var/spool/mail:/bin/false</literal></term>
116      <listitem>
117        <para>Generally used as an account that receives all the information of troubles with the mail server</para>
118      </listitem>
119    </varlistentry>
120
121    <varlistentry os="e10">
122      <term><literal>nobody:x:65534:65534:nobody:/:/bin/false</literal></term>
123      <listitem>
124        <para>Used by NFS</para>
125      </listitem>
126    </varlistentry>
127  </variablelist>
128
129  <para os="f">Create the <filename>${CLFS}/etc/group</filename> file by running
130  the following command:</para>
131
132<screen os="g"><userinput>cat &gt; ${CLFS}/etc/group &lt;&lt; "EOF"
133<literal>root:x:0:
134bin:x:1:
135sys:x:2:
136kmem:x:3:
137tty:x:4:
138tape:x:5:
139daemon:x:6:
140floppy:x:7:
141disk:x:8:
142lp:x:9:
143dialout:x:10:
144audio:x:11:
145video:x:12:
146utmp:x:13:
147usb:x:14:
148cdrom:x:15:</literal>
149EOF</userinput></screen>
150
151  <variablelist os="h">
152
153    <title>Additional groups you may want to add</title>
154
155    <varlistentry os="h1">
156      <term><literal>adm:x:16:root,adm,daemon</literal></term>
157      <listitem>
158        <para>All users in this group are allowed to do administrative tasks</para>
159      </listitem>
160    </varlistentry>
161
162    <varlistentry os="h2">
163      <term><literal>console:x:17:</literal></term>
164      <listitem>
165        <para>This group has direct access to the console</para>
166      </listitem>
167    </varlistentry>
168
169    <varlistentry os="h3">
170      <term><literal>cdrw:x:18:</literal></term>
171      <listitem>
172        <para>This group is allowed to use the CDRW drive</para>
173      </listitem>
174    </varlistentry>
175
176    <varlistentry os="h4">
177      <term><literal>mail:x:30:mail</literal></term>
178      <listitem>
179        <para>Used by MTAs (Mail Transport Agents)</para>
180      </listitem>
181    </varlistentry>
182
183    <varlistentry os="h5">
184      <term><literal>news:x:31:news</literal></term>
185      <listitem>
186        <para>Used by Network News Servers</para>
187      </listitem>
188    </varlistentry>
189
190    <varlistentry os="h5">
191      <term><literal>uucp:x:32:uucp</literal></term>
192      <listitem>
193        <para>Used by the Unix-to-Unix copy users</para>
194      </listitem>
195    </varlistentry>
196
197    <varlistentry os="h6">
198      <term><literal>users:x:1000:</literal></term>
199      <listitem>
200        <para>The default GID used by shadow for new users</para>
201      </listitem>
202    </varlistentry>
203
204    <varlistentry os="h7">
205      <term><literal>nogroup:x:65533:</literal></term>
206      <listitem>
207        <para>This is a default group used by some programs that do not
208        require a group</para>
209      </listitem>
210    </varlistentry>
211
212    <varlistentry os="h8">
213      <term><literal>nobody:x:65534:</literal></term>
214      <listitem>
215        <para>This is used by NFS</para>
216      </listitem>
217    </varlistentry>
218  </variablelist>
219
220  <para os="i">The created groups are not part of any standard&mdash;they are
221  groups decided on in part by the requirements of the Udev configuration
222  in the final system, and in part by common convention employed by a
223  number of existing Linux distributions. The Linux Standard Base (LSB,
224  available at <ulink url="http://www.linuxbase.org"/>) recommends only
225  that, besides the group <quote>root</quote> with a Group ID (GID) of 0,
226  a group <quote>bin</quote> with a GID of 1 be present. All other group
227  names and GIDs can be chosen freely by the system administrator since
228  well-written programs do not depend on GID numbers, but rather use the
229  group's name.</para>
230
231  <para os="j">The <command>login</command>, <command>agetty</command>, and
232  <command>init</command> programs (and others) use a number of log
233  files to record information such as who was logged into the system and
234  when. However, these programs will not write to the log files if they
235  do not already exist. Initialize the log files and give them
236  proper permissions:</para>
237
238<screen os="k"><userinput>touch ${CLFS}/var/run/utmp ${CLFS}/var/log/{btmp,lastlog,wtmp}
239chmod -v 664 ${CLFS}/var/run/utmp ${CLFS}/var/log/lastlog
240chmod -v 600 ${CLFS}/var/log/btmp</userinput></screen>
241
242  <para os="l">The <filename>/var/run/utmp</filename> file records the users
243  that are currently logged in. The <filename>/var/log/wtmp</filename>
244  file records all logins and logouts. The
245  <filename>/var/log/lastlog</filename> file records when
246  each user last logged in. The <filename>/var/log/btmp</filename> file
247  records the bad login attempts.</para>
248
249</sect1>
Note: See TracBrowser for help on using the repository browser.