Changeset 73c0570 in clfs-embedded


Ignore:
Timestamp:
Oct 23, 2013, 6:52:04 PM (11 years ago)
Author:
Andrew Bradford <andrew@…>
Branches:
master
Children:
998e944
Parents:
2ac5147
git-author:
Andrew Bradford <andrew@…> (10/21/13 20:07:42)
git-committer:
Andrew Bradford <andrew@…> (10/23/13 18:52:04)
Message:

creatingfiles: Reduce users and groups to minimum

File:
1 edited

Legend:

Unmodified
Added
Removed
  • BOOK/final-system/common/creatingfiles.xml

    r2ac5147 r73c0570  
    5757  with no password) will be set later.</para>
    5858
    59   <variablelist os="b">
    60 
    61     <title>Additional optional users you may want to add:</title>
    62 
    63     <varlistentry>
    64       <term><literal>bin:x:1:1:bin:/bin:/bin/false</literal></term>
    65       <listitem>
    66         <para>Can be useful for compatibility with legacy applications.</para>
    67       </listitem>
    68     </varlistentry>
    69     <varlistentry>
    70       <term><literal>daemon:x:2:6:daemon:/sbin:/bin/false</literal></term>
    71       <listitem>
    72         <para>It is often recommended to use an unprivileged User ID/Group ID
    73         for daemons in order to limit their access to the system.</para>
    74       </listitem>
    75     </varlistentry>
    76     <varlistentry>
    77       <term><literal>adm:x:3:16:adm:/var/adm:/bin/false</literal></term>
    78       <listitem>
    79         <para>Was used for programs that performed administrative tasks.</para>
    80       </listitem>
    81     </varlistentry>
    82     <varlistentry>
    83       <term><literal>lp:x:10:9:lp:/var/spool/lp:/bin/false</literal></term>
    84       <listitem>
    85         <para>Used by programs for printing.</para>
    86       </listitem>
    87     </varlistentry>
    88     <varlistentry>
    89       <term><literal>mail:x:30:30:mail:/var/mail:/bin/false</literal></term>
    90       <listitem>
    91         <para>Often used by email programs.</para>
    92       </listitem>
    93     </varlistentry>
    94     <varlistentry>
    95       <term><literal>news:x:31:31:news:/var/spool/news:/bin/false</literal></term>
    96       <listitem>
    97         <para>Often used for network news servers.</para>
    98       </listitem>
    99     </varlistentry>
    100     <varlistentry>
    101       <term><literal>uucp:x:32:32:uucp:/var/spool/uucp:/bin/false</literal></term>
    102       <listitem>
    103         <para>Often used for Unix-to-Unix Copy of files from one server to the next</para>
    104       </listitem>
    105     </varlistentry>
    106     <varlistentry>
    107       <term><literal>operator:x:50:0:operator:/root:/bin/ash</literal></term>
    108       <listitem>
    109         <para>Often used to allow system operators to access the system.</para>
    110       </listitem>
    111     </varlistentry>
    112     <varlistentry>
    113       <term><literal>postmaster:x:51:30:postmaster:/var/spool/mail:/bin/false</literal></term>
    114       <listitem>
    115         <para>Generally used as an account that receives all the information of troubles with the mail server.</para>
    116       </listitem>
    117     </varlistentry>
    118     <varlistentry>
    119       <term><literal>nobody:x:65534:65534:nobody:/:/bin/false</literal></term>
    120       <listitem>
    121         <para>Used by NFS.</para>
    122       </listitem>
    123     </varlistentry>
    124   </variablelist>
    125 
    12659  <para>Create the <filename>/etc/group</filename> file by running the following
    12760  command:</para>
     
    13063<literal>root:x:0:
    13164bin:x:1:
    132 sys:x:2:
    133 kmem:x:3:
    134 tty:x:4:
    135 tape:x:5:
    136 daemon:x:6:
    137 floppy:x:7:
    138 disk:x:8:
    139 lp:x:9:
    140 dialout:x:10:
    141 audio:x:11:
    142 video:x:12:
    143 utmp:x:13:
    144 usb:x:14:
    145 cdrom:x:15:</literal>
     65users:x:1000:
     66nogroup:x:65533:
     67nobody:x:65534:</literal>
    14668EOF</userinput></screen>
    14769
    148   <variablelist os="c">
    149 
    150     <title>Additional optional groups you may want to add</title>
    151 
    152     <varlistentry>
    153       <term><literal>adm:x:16:root,adm,daemon</literal></term>
    154       <listitem>
    155         <para>All users in this group are allowed to do administrative tasks</para>
    156       </listitem>
    157     </varlistentry>
    158     <varlistentry>
    159       <term><literal>console:x:17:</literal></term>
    160       <listitem>
    161         <para>This group has direct access to the console</para>
    162       </listitem>
    163     </varlistentry>
    164     <varlistentry>
    165       <term><literal>cdrw:x:18:</literal></term>
    166       <listitem>
    167         <para>This group is allowed to use the CDRW drive</para>
    168       </listitem>
    169     </varlistentry>
    170     <varlistentry>
    171       <term><literal>mail:x:30:mail</literal></term>
    172       <listitem>
    173         <para>Used by MTAs (Mail Transport Agents)</para>
    174       </listitem>
    175     </varlistentry>
    176     <varlistentry>
    177       <term><literal>news:x:31:news</literal></term>
    178       <listitem>
    179         <para>Used by Network News Servers</para>
    180       </listitem>
    181     </varlistentry>
    182     <varlistentry>
    183       <term><literal>uucp:x:32:uucp</literal></term>
    184       <listitem>
    185         <para>Used by the Unix-to-Unix copy users</para>
    186       </listitem>
    187     </varlistentry>
    188     <varlistentry>
    189       <term><literal>users:x:100:</literal></term>
    190       <listitem>
    191         <para>The default GID used by shadow for new users</para>
    192       </listitem>
    193     </varlistentry>
    194     <varlistentry>
    195       <term><literal>nogroup:x:65533:</literal></term>
    196       <listitem>
    197         <para>This is a default group used by some programs that do not
    198         require a group</para>
    199       </listitem>
    200     </varlistentry>
    201     <varlistentry>
    202       <term><literal>nobody:x:65534:</literal></term>
    203       <listitem>
    204         <para>This is used by NFS</para>
    205       </listitem>
    206     </varlistentry>
    207   </variablelist>
    208 
    209   <para>The created groups are not part of any standard&mdash;they are groups
    210   decided on in part by the requirements of the Udev configuration in this
    211   chapter, and in part by common convention employed by a number of existing
    212   Linux distributions. The Linux Standard Base (LSB, available at <ulink
    213   url="http://www.linuxbase.org"/>) recommends only that, besides the group
    214   <systemitem class="groupname">root</systemitem> with a Group ID (GID) of 0,
    215   a group <systemitem class="groupname">bin</systemitem> with a GID of 1 be
    216   present. All other group names and GIDs can be chosen freely by the system
    217   administrator since well-written programs do not depend on GID numbers, but
    218   rather use the group's name.</para>
     70  <para>The created groups are not part of any standard.  The Linux Standard
     71    Base (LSB, available at <ulink url="http://www.linuxbase.org"/>) recommends
     72    only that, besides the group <systemitem class="groupname">root</systemitem>
     73    with a Group ID (GID) of 0, a group <systemitem
     74      class="groupname">bin</systemitem> with a GID of 1 be present. All other
     75    group names and GIDs can be chosen freely by the system administrator since
     76    well-written programs do not depend on GID numbers, but rather use the
     77    group's name.</para>
    21978
    22079  <para>The <command>login</command>, <command>agetty</command>, and
Note: See TracChangeset for help on using the changeset viewer.