Changeset 207b438 in clfs-embedded for BOOK/final-system/common/creatingfiles.xml


Ignore:
Timestamp:
Oct 24, 2013, 11:49:41 AM (7 years ago)
Author:
Andrew Bradford <andrew@…>
Branches:
master
Children:
957af3d
Parents:
a954b24
git-author:
Andrew Bradford <andrew@…> (10/24/2013 11:41:43 AM)
git-committer:
Andrew Bradford <andrew@…> (10/24/2013 11:49:41 AM)
Message:

Revert "creatingfiles: Reduce users and groups to minimum"

This reverts commit 73c05703257e2a1b0a258b0b961e7bbb78abb21b.

It's quite nice to have all the groups, at least, for mdev and easier
permissions. So, put them back.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • BOOK/final-system/common/creatingfiles.xml

    ra954b24 r207b438  
    5757  with no password) will be set later.</para>
    5858
     59  <variablelist os="b">
     60
     61    <title>Additional optional users you may want to add:</title>
     62
     63    <varlistentry>
     64      <term><literal>bin:x:1:1:bin:/bin:/bin/false</literal></term>
     65      <listitem>
     66        <para>Can be useful for compatibility with legacy applications.</para>
     67      </listitem>
     68    </varlistentry>
     69    <varlistentry>
     70      <term><literal>daemon:x:2:6:daemon:/sbin:/bin/false</literal></term>
     71      <listitem>
     72        <para>It is often recommended to use an unprivileged User ID/Group ID
     73        for daemons in order to limit their access to the system.</para>
     74      </listitem>
     75    </varlistentry>
     76    <varlistentry>
     77      <term><literal>adm:x:3:16:adm:/var/adm:/bin/false</literal></term>
     78      <listitem>
     79        <para>Was used for programs that performed administrative tasks.</para>
     80      </listitem>
     81    </varlistentry>
     82    <varlistentry>
     83      <term><literal>lp:x:10:9:lp:/var/spool/lp:/bin/false</literal></term>
     84      <listitem>
     85        <para>Used by programs for printing.</para>
     86      </listitem>
     87    </varlistentry>
     88    <varlistentry>
     89      <term><literal>mail:x:30:30:mail:/var/mail:/bin/false</literal></term>
     90      <listitem>
     91        <para>Often used by email programs.</para>
     92      </listitem>
     93    </varlistentry>
     94    <varlistentry>
     95      <term><literal>news:x:31:31:news:/var/spool/news:/bin/false</literal></term>
     96      <listitem>
     97        <para>Often used for network news servers.</para>
     98      </listitem>
     99    </varlistentry>
     100    <varlistentry>
     101      <term><literal>uucp:x:32:32:uucp:/var/spool/uucp:/bin/false</literal></term>
     102      <listitem>
     103        <para>Often used for Unix-to-Unix Copy of files from one server to the next</para>
     104      </listitem>
     105    </varlistentry>
     106    <varlistentry>
     107      <term><literal>operator:x:50:0:operator:/root:/bin/ash</literal></term>
     108      <listitem>
     109        <para>Often used to allow system operators to access the system.</para>
     110      </listitem>
     111    </varlistentry>
     112    <varlistentry>
     113      <term><literal>postmaster:x:51:30:postmaster:/var/spool/mail:/bin/false</literal></term>
     114      <listitem>
     115        <para>Generally used as an account that receives all the information of troubles with the mail server.</para>
     116      </listitem>
     117    </varlistentry>
     118    <varlistentry>
     119      <term><literal>nobody:x:65534:65534:nobody:/:/bin/false</literal></term>
     120      <listitem>
     121        <para>Used by NFS.</para>
     122      </listitem>
     123    </varlistentry>
     124  </variablelist>
     125
    59126  <para>Create the <filename>/etc/group</filename> file by running the following
    60127  command:</para>
     
    63130<literal>root:x:0:
    64131bin:x:1:
    65 users:x:1000:
    66 nogroup:x:65533:
    67 nobody:x:65534:</literal>
     132sys:x:2:
     133kmem:x:3:
     134tty:x:4:
     135tape:x:5:
     136daemon:x:6:
     137floppy:x:7:
     138disk:x:8:
     139lp:x:9:
     140dialout:x:10:
     141audio:x:11:
     142video:x:12:
     143utmp:x:13:
     144usb:x:14:
     145cdrom:x:15:</literal>
    68146EOF</userinput></screen>
    69147
    70   <para>The created groups are not part of any standard.  The Linux Standard
    71     Base (LSB, available at <ulink url="http://www.linuxbase.org"/>) recommends
    72     only that, besides the group <systemitem class="groupname">root</systemitem>
    73     with a Group ID (GID) of 0, a group <systemitem
    74       class="groupname">bin</systemitem> with a GID of 1 be present. All other
    75     group names and GIDs can be chosen freely by the system administrator since
    76     well-written programs do not depend on GID numbers, but rather use the
    77     group's name.</para>
     148  <variablelist os="c">
     149
     150    <title>Additional optional groups you may want to add</title>
     151
     152    <varlistentry>
     153      <term><literal>adm:x:16:root,adm,daemon</literal></term>
     154      <listitem>
     155        <para>All users in this group are allowed to do administrative tasks</para>
     156      </listitem>
     157    </varlistentry>
     158    <varlistentry>
     159      <term><literal>console:x:17:</literal></term>
     160      <listitem>
     161        <para>This group has direct access to the console</para>
     162      </listitem>
     163    </varlistentry>
     164    <varlistentry>
     165      <term><literal>cdrw:x:18:</literal></term>
     166      <listitem>
     167        <para>This group is allowed to use the CDRW drive</para>
     168      </listitem>
     169    </varlistentry>
     170    <varlistentry>
     171      <term><literal>mail:x:30:mail</literal></term>
     172      <listitem>
     173        <para>Used by MTAs (Mail Transport Agents)</para>
     174      </listitem>
     175    </varlistentry>
     176    <varlistentry>
     177      <term><literal>news:x:31:news</literal></term>
     178      <listitem>
     179        <para>Used by Network News Servers</para>
     180      </listitem>
     181    </varlistentry>
     182    <varlistentry>
     183      <term><literal>uucp:x:32:uucp</literal></term>
     184      <listitem>
     185        <para>Used by the Unix-to-Unix copy users</para>
     186      </listitem>
     187    </varlistentry>
     188    <varlistentry>
     189      <term><literal>users:x:100:</literal></term>
     190      <listitem>
     191        <para>The default GID used by shadow for new users</para>
     192      </listitem>
     193    </varlistentry>
     194    <varlistentry>
     195      <term><literal>nogroup:x:65533:</literal></term>
     196      <listitem>
     197        <para>This is a default group used by some programs that do not
     198        require a group</para>
     199      </listitem>
     200    </varlistentry>
     201    <varlistentry>
     202      <term><literal>nobody:x:65534:</literal></term>
     203      <listitem>
     204        <para>This is used by NFS</para>
     205      </listitem>
     206    </varlistentry>
     207  </variablelist>
     208
     209  <para>The created groups are not part of any standard&mdash;they are groups
     210  decided on in part by the requirements of the Udev configuration in this
     211  chapter, and in part by common convention employed by a number of existing
     212  Linux distributions. The Linux Standard Base (LSB, available at <ulink
     213  url="http://www.linuxbase.org"/>) recommends only that, besides the group
     214  <systemitem class="groupname">root</systemitem> with a Group ID (GID) of 0,
     215  a group <systemitem class="groupname">bin</systemitem> with a GID of 1 be
     216  present. All other group names and GIDs can be chosen freely by the system
     217  administrator since well-written programs do not depend on GID numbers, but
     218  rather use the group's name.</para>
    78219
    79220  <para>The <command>login</command>, <command>agetty</command>, and
Note: See TracChangeset for help on using the changeset viewer.