source: clfs-sysroot/BOOK/final-preps/creatingfiles.xml@ 5e93db1

Last change on this file since 5e93db1 was b46c2f1, checked in by Joe Ciccone <jciccone@…>, 18 years ago

Some text cleanups to the user/group descriptions.

  • Property mode set to 100644
File size: 8.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-final-preps-creatingfiles">
9 <?dbhtml filename="creatingfiles.html"?>
10
11 <title>Creating the passwd, group, and log Files</title>
12
13 <indexterm zone="ch-final-preps-creatingfiles">
14 <primary sortas="e-/etc/passwd">/etc/passwd</primary>
15 </indexterm>
16
17 <indexterm zone="ch-final-preps-creatingfiles">
18 <primary sortas="e-/etc/group">/etc/group</primary>
19 </indexterm>
20
21 <indexterm zone="ch-final-preps-creatingfiles">
22 <primary sortas="e-/var/run/utmp">/var/run/utmp</primary>
23 </indexterm>
24
25 <indexterm zone="ch-final-preps-creatingfiles">
26 <primary sortas="e-/var/log/btmp">/var/log/btmp</primary>
27 </indexterm>
28
29 <indexterm zone="ch-final-preps-creatingfiles">
30 <primary sortas="e-/var/log/lastlog">/var/log/lastlog</primary>
31 </indexterm>
32
33 <indexterm zone="ch-final-preps-creatingfiles">
34 <primary sortas="e-/var/log/wtmp">/var/log/wtmp</primary>
35 </indexterm>
36
37 <para>A proper Linux system maintains a list of the mounted file systems in
38 the file <filename>/etc/mtab</filename>. Normally, this file would be
39 created when we mount a new file system. Since we will not be mounting any
40 file systems inside our chroot environment, create an empty file for
41 utilities that expect the presence of <filename>/etc/mtab</filename>:</para>
42
43<screen><userinput>touch ${CLFS}/etc/mtab</userinput></screen>
44
45 <para>In order for user <systemitem class="username">root</systemitem> to be
46 able to login and for the name <quote>root</quote> to be recognized, there
47 must be relevant entries in the <filename>/etc/passwd</filename> and
48 <filename>/etc/group</filename> files.</para>
49
50 <para>Create the <filename>/etc/passwd</filename> file by running the following
51 command:</para>
52
53<screen><userinput>cat &gt; ${CLFS}/etc/passwd &lt;&lt; "EOF"
54<literal>root::0:0:root:/root:/bin/bash</literal>
55EOF</userinput></screen>
56
57 <para>The actual password for <systemitem class="username">root</systemitem>
58 (the <quote>::</quote> used here is just a placeholder and allow you to login
59 with no password) will be set later.</para>
60
61 <variablelist os="b">
62
63 <title>Additional users you may want to add:</title>
64
65 <varlistentry>
66 <term><literal>bin:x:1:1:bin:/bin:/bin/false</literal></term>
67 <listitem>
68 <para>Can be useful for compatibility with legacy applications.</para>
69 </listitem>
70 </varlistentry>
71 <varlistentry>
72 <term><literal>daemon:x:2:6:daemon:/sbin:/bin/false</literal></term>
73 <listitem>
74 <para>It is often recommended to use an unprivileged User ID/Group ID
75 for daemons in order to limit their access to the system.</para>
76 </listitem>
77 </varlistentry>
78 <varlistentry>
79 <term><literal>adm:x:3:16:adm:/var/adm:/bin/false</literal></term>
80 <listitem>
81 <para>Was used for programs that performed administrative tasks.</para>
82 </listitem>
83 </varlistentry>
84 <varlistentry>
85 <term><literal>lp:x:10:9:lp:/var/spool/lp:/bin/false</literal></term>
86 <listitem>
87 <para>Used by programs for printing.</para>
88 </listitem>
89 </varlistentry>
90 <varlistentry>
91 <term><literal>mail:x:30:30:mail:/var/mail:/bin/false</literal></term>
92 <listitem>
93 <para>Often used by email programs.</para>
94 </listitem>
95 </varlistentry>
96 <varlistentry>
97 <term><literal>news:x:31:31:news:/var/spool/news:/bin/false</literal></term>
98 <listitem>
99 <para>Often used for network news servers.</para>
100 </listitem>
101 </varlistentry>
102 <varlistentry>
103 <term><literal>uucp:x:32:32:uucp:/var/spool/uucp:/bin/false</literal></term>
104 <listitem>
105 <para>Often used for Unix-to-Unix Copy of files from one server to the next</para>
106 </listitem>
107 </varlistentry>
108 <varlistentry>
109 <term><literal>operator:x:50:0:operator:/root:/bin/bash</literal></term>
110 <listitem>
111 <para>Often used to allow system operators to access the system.</para>
112 </listitem>
113 </varlistentry>
114 <varlistentry>
115 <term><literal>postmaster:x:51:30:postmaster:/var/spool/mail:/bin/false</literal></term>
116 <listitem>
117 <para>Generally used as an account that receives all the information of troubles with the mail server.</para>
118 </listitem>
119 </varlistentry>
120 <varlistentry>
121 <term><literal>nobody:x:65534:65534:nobody:/:/bin/false</literal></term>
122 <listitem>
123 <para>Used by NFS.</para>
124 </listitem>
125 </varlistentry>
126 </variablelist>
127
128 <para>Create the <filename>/etc/group</filename> file by running the following
129 command:</para>
130
131<screen><userinput>cat &gt; ${CLFS}/etc/group &lt;&lt; "EOF"
132<literal>root:x:0:
133bin:x:1:
134sys:x:2:
135kmem:x:3:
136tty:x:4:
137tape:x:5:
138daemon:x:6:
139floppy:x:7:
140disk:x:8:
141lp:x:9:
142dialout:x:10:
143audio:x:11:
144video:x:12:
145utmp:x:13:
146usb:x:14:
147cdrom:x:15:</literal>
148EOF</userinput></screen>
149
150 <variablelist os="c">
151
152 <title>Additional groups you may want to add</title>
153
154 <varlistentry>
155 <term><literal>adm:x:16:root,adm,daemon</literal></term>
156 <listitem>
157 <para>All users in this group are allowed to do administrative tasks</para>
158 </listitem>
159 </varlistentry>
160 <varlistentry>
161 <term><literal>console:x:17:</literal></term>
162 <listitem>
163 <para>This group has direct access to the console</para>
164 </listitem>
165 </varlistentry>
166 <varlistentry>
167 <term><literal>cdrw:x:18:</literal></term>
168 <listitem>
169 <para>This group is allowed to use the CDRW drive</para>
170 </listitem>
171 </varlistentry>
172 <varlistentry>
173 <term><literal>mail:x:30:mail</literal></term>
174 <listitem>
175 <para>Used by MTAs (Mail Transport Agents)</para>
176 </listitem>
177 </varlistentry>
178 <varlistentry>
179 <term><literal>news:x:31:news</literal></term>
180 <listitem>
181 <para>Used by Network News Servers</para>
182 </listitem>
183 </varlistentry>
184 <varlistentry>
185 <term><literal>uucp:x:32:uucp</literal></term>
186 <listitem>
187 <para>Used by the Unix-to-Unix copy users</para>
188 </listitem>
189 </varlistentry>
190 <varlistentry>
191 <term><literal>users:x:100:</literal></term>
192 <listitem>
193 <para>The default GID used by shadow for new users</para>
194 </listitem>
195 </varlistentry>
196 <varlistentry>
197 <term><literal>nogroup:x:65533:</literal></term>
198 <listitem>
199 <para>This is a default group used by some programs that do not
200 require a group</para>
201 </listitem>
202 </varlistentry>
203 <varlistentry>
204 <term><literal>nobody:x:65534:</literal></term>
205 <listitem>
206 <para>This is used by NFS</para>
207 </listitem>
208 </varlistentry>
209 </variablelist>
210
211 <para>The created groups are not part of any standard&mdash;they are groups
212 decided on in part by the requirements of the Udev configuration in this
213 chapter, and in part by common convention employed by a number of existing
214 Linux distributions. The Linux Standard Base (LSB, available at <ulink
215 url="http://www.linuxbase.org"/>) recommends only that, besides the group
216 <systemitem class="groupname">root</systemitem> with a Group ID (GID) of 0,
217 a group <systemitem class="groupname">bin</systemitem> with a GID of 1 be
218 present. All other group names and GIDs can be chosen freely by the system
219 administrator since well-written programs do not depend on GID numbers, but
220 rather use the group's name.</para>
221
222 <para>The <command>login</command>, <command>agetty</command>, and
223 <command>init</command> programs (and others) use a number of log
224 files to record information such as who was logged into the system and
225 when. However, these programs will not write to the log files if they
226 do not already exist. Initialize the log files and give them
227 proper permissions:</para>
228
229<screen><userinput>touch ${CLFS}/var/run/utmp ${CLFS}/var/log/{btmp,lastlog,wtmp}
230chmod -v 664 ${CLFS}/var/run/utmp ${CLFS}/var/log/lastlog</userinput></screen>
231
232 <para>The <filename>/var/run/utmp</filename> file records the users
233 that are currently logged in. The <filename>/var/log/wtmp</filename>
234 file records all logins and logouts. The
235 <filename>/var/log/lastlog</filename> file records when
236 each user last logged in. The <filename>/var/log/btmp</filename> file
237 records the bad login attempts.</para>
238
239</sect1>
Note: See TracBrowser for help on using the repository browser.