diff options
Diffstat (limited to 'misc/slackbook/html/essential-sysadmin.html')
| -rw-r--r-- | misc/slackbook/html/essential-sysadmin.html | 524 |
1 files changed, 0 insertions, 524 deletions
diff --git a/misc/slackbook/html/essential-sysadmin.html b/misc/slackbook/html/essential-sysadmin.html deleted file mode 100644 index 85e127ed..00000000 --- a/misc/slackbook/html/essential-sysadmin.html +++ /dev/null @@ -1,524 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> -<head> -<meta name="generator" content="HTML Tidy, see www.w3.org" /> -<title>Essential System Administration</title> -<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" /> -<link rel="HOME" title="Slackware Linux Essentials" href="index.html" /> -<link rel="PREVIOUS" title="top" href="process-control-top.html" /> -<link rel="NEXT" title="Users and Groups, the Hard Way" -href="essential-sysadmin-hardusers.html" /> -<link rel="STYLESHEET" type="text/css" href="docbook.css" /> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> -</head> -<body class="CHAPTER" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084" -alink="#0000FF"> -<div class="NAVHEADER"> -<table summary="Header navigation table" width="100%" border="0" cellpadding="0" -cellspacing="0"> -<tr> -<th colspan="3" align="center">Slackware Linux Essentials</th> -</tr> - -<tr> -<td width="10%" align="left" valign="bottom"><a href="process-control-top.html" -accesskey="P">Prev</a></td> -<td width="80%" align="center" valign="bottom"></td> -<td width="10%" align="right" valign="bottom"><a href="essential-sysadmin-hardusers.html" -accesskey="N">Next</a></td> -</tr> -</table> - -<hr align="LEFT" width="100%" /> -</div> - -<div class="CHAPTER"> -<h1><a id="ESSENTIAL-SYSADMIN" name="ESSENTIAL-SYSADMIN"></a>Chapter 12 Essential System -Administration</h1> - -<div class="TOC"> -<dl> -<dt><b>Table of Contents</b></dt> - -<dt>12.1 <a href="essential-sysadmin.html#ESSENTIAL-SYSADMIN-USERS">Users and -Groups</a></dt> - -<dt>12.2 <a href="essential-sysadmin-hardusers.html">Users and Groups, the Hard -Way</a></dt> - -<dt>12.3 <a href="essential-sysadmin-shutdown.html">Shutting Down Properly</a></dt> -</dl> -</div> - -<p>Whoa whoa whoa whoa whoa.... I know what you're thinking. “I'm not a system -administrator! I don't even want to be a system administrator!”</p> - -<p>Fact is, you are the administrator of any computers for which you have the <tt -class="USERNAME">root</tt> password. This might be your desktop box with one or two -users, or it might be a big server with several hundred. Regardless, you'll need to know -how to manage users, and how to shut down the system safely. These tasks seem simple, but -they have some quirks to keep in mind.</p> - -<div class="SECT1"> -<h1 class="SECT1"><a id="ESSENTIAL-SYSADMIN-USERS" name="ESSENTIAL-SYSADMIN-USERS">12.1 -Users and Groups</a></h1> - -<p>As mentioned in <a href="shell.html">Chapter 8</a>, you shouldn't normally use your -system logged in as <tt class="USERNAME">root</tt>. Instead, you should create a normal -user account for everyday use, and use the root account only for system administration -tasks. To create a user, you can either use the tools supplied with Slackware, or you can -edit the password files by hand.</p> - -<div class="SECT2"> -<h2 class="SECT2"><a id="ESSENTIAL-SYSADMIN-USERS-SCRIPTS" -name="ESSENTIAL-SYSADMIN-USERS-SCRIPTS">12.1.1 Supplied Scripts</a></h2> - -<p>The easiest way to manage users and groups is with the supplied scripts and programs. -Slackware includes the programs <tt class="COMMAND">adduser</tt>, <tt -class="COMMAND">userdel</tt>(8), <tt class="COMMAND">chfn</tt>(1), <tt -class="COMMAND">chsh</tt>(1), and <tt class="COMMAND">passwd</tt>(1) for dealing with -users. The commands <tt class="COMMAND">groupadd</tt>(8), <tt -class="COMMAND">groupdel</tt>(8), and <tt class="COMMAND">groupmod</tt>(8) are for -dealing with groups. With the exception of <tt class="COMMAND">chfn</tt>, <tt -class="COMMAND">chsh</tt>, and <tt class="COMMAND">passwd</tt>, these programs are -generally only run as <tt class="USERNAME">root</tt>, and are therefore located in <tt -class="FILENAME">/usr/sbin</tt>. <tt class="COMMAND">chfn</tt>, <tt -class="COMMAND">chsh</tt>, and <tt class="COMMAND">passwd</tt> can be run by anyone, and -are located in <tt class="FILENAME">/usr/bin</tt>.</p> - -<p>Users can be added with the <tt class="COMMAND">adduser</tt> program. We'll start out -by going through the whole procedure, showing all the questions that are asked and a -brief description of what everything means. The default answer is in the brackets, and -can be chosen for almost all the questions, unless you really want to change -something.</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">#</samp> <kbd class="USERINPUT">adduser</kbd> -Login name for new user []: jellyd -</pre> -</td> -</tr> -</table> - -<p>This is the name that the user will use to login. Traditionally, login names are eight -characters or fewer, and all lowercase characters. (You may use more than eight -characters, or use digits, but avoid doing so unless you have a fairly important -reason.)</p> - -<p>You can also provide the login name as an argument on the command line:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">#</samp> <kbd class="USERINPUT">adduser jellyd</kbd> -</pre> -</td> -</tr> -</table> - -<p>In either case, after providing the login name, adduser will prompt for the user -ID:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -User ID ('UID') [ defaults to next available ]: -</pre> -</td> -</tr> -</table> - -<p>The user ID (UID) is how ownerships are really determined in Linux. Each user has a -unique number, starting at 1000 in Slackware. You can pick a UID for the new user, or you -can just let adduser assign the user the next free one.</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -Initial group [users]: -</pre> -</td> -</tr> -</table> - -<p>All users are placed into the <tt class="USERNAME">users</tt> group by default. You -might want to place the new user into a different group, but it is not recommended unless -you know what you're doing.</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -Additional groups (comma separated) []: -</pre> -</td> -</tr> -</table> - -<p>This question allows you to place the new user into additional groups. It is possible -for a user to be in several groups at the same time. This is useful if you have -established groups for things like modifying web site files, playing games, and so on. -For example, some sites define group <tt class="USERNAME">wheel</tt> as the only group -that can use the <tt class="COMMAND">su</tt> command. Or, a default Slackware -installation uses the <tt class="USERNAME">sys</tt> group for users authorized to play -sounds through the internal sound card.</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -Home directory [/home/jellyd] -</pre> -</td> -</tr> -</table> - -<p>Home directories default to being placed under <tt class="FILENAME">/home</tt>. If you -run a very large system, it's possible that you have moved the home directories to a -different location (or to many locations). This step allows you to specify where the -user's home directory will be.</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -Shell [ /bin/bash ] -</pre> -</td> -</tr> -</table> - -<p><tt class="COMMAND">bash</tt> is the default shell for Slackware Linux, and will be -fine for most people. If your new user comes from a Unix background, they may be familiar -with a different shell. You can change their shell now, or they can change it themselves -later using the <tt class="COMMAND">chsh</tt> command.</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -Expiry date (YYYY-MM-DD) []: -</pre> -</td> -</tr> -</table> - -<p>Accounts can be set up to expire on a specified date. By default, there is no -expiration date. You can change that, if you'd like. This option might be useful for -people running an ISP who might want to make an account expire upon a certain date, -unless they receive the next year's payment.</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -New account will be created as follows: ---------------------------------------- -Login name: jellyd -UID: [ Next available ] -Initial group: users -Additional groups: [ None ] -Home directory: /home/jellyd -Shell: /bin/bash -Expiry date: [ Never ] -</pre> -</td> -</tr> -</table> - -<p>This is it... if you want to bail out, hit <b class="KEYCAP">Control</b>+<b -class="KEYCAP">C</b>. Otherwise, press <kbd class="USERINPUT">ENTER</kbd> to go ahead and -make the account.</p> - -<p>You now see all the information that you've entered about the new account and are -given the opportunity to abort the account creation. If you entered something -incorrectly, you should hit <b class="KEYCAP">Control</b>+<b class="KEYCAP">C</b> and -start over. Otherwise, you can hit <kbd class="USERINPUT">enter</kbd> and the account -will be made.</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -Creating new account... - -Changing the user information for jellyd -Enter the new value, or press return for the default - Full Name []: Jeremy - Room Number []: Smith 130 - Work Phone []: - Home Phone []: - Other []: -</pre> -</td> -</tr> -</table> - -<p>All of this information is optional. You don't have to enter any of this if you don't -want to, and the user can change it at any time using <tt class="COMMAND">chfn</tt>. -However, you might find it helpful to enter at least the full name and a phone number, in -case you need to get in touch with the person later.</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -Changing password for jellyd -Enter the new password (minimum of 5, maximum of 127 characters) -Please use a combination of upper and lower case letters and numbers. -New password: -Re-enter new password: -Password changed. - -Account setup complete. -</pre> -</td> -</tr> -</table> - -<p>You'll have to enter a password for the new user. Generally, if the new user is not -physically present at this point, you'll just pick some default password and tell the -user to change it to something more secure.</p> - -<div class="NOTE"> -<table class="NOTE" width="100%" border="0"> -<tr> -<td width="25" align="CENTER" valign="TOP"><img src="./imagelib/admon/note.png" -hspace="5" alt="Note" /></td> -<td align="LEFT" valign="TOP"> -<p><span class="emphasis"><i class="EMPHASIS">Choosing a Password</i></span>: Having a -secure password is the first line of defense against getting cracked. You do not want to -have an easily guessed password, because that makes it easier for someone to break into -your system. Ideally, a secure password would be a random string of characters, including -upper and lowercase letters, numbers, and random characters. (A tab character might not -be a wise choice, depending on what kinds of computers you'll be logging in from.) There -are many software packages that can generate random passwords for you; search the -Internet for these utilities.</p> - -<p>In general, just use common sense: don't pick a password that is someone's birthday, a -common phrase, something found on your desk, or anything that is easily associated with -you. A password like “secure1” or any other password you see in print or -online is also bad.</p> -</td> -</tr> -</table> -</div> - -<p>Removing users is not difficult at all. Just run <tt class="COMMAND">userdel</tt> with -the name of the account to remove. You should verify that the user is not logged in, and -that no processes are running as that user. Also, remember that once you've deleted the -user, all of that user's password information is gone permanently.</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">#</samp> <kbd class="USERINPUT">userdel jellyd</kbd> -</pre> -</td> -</tr> -</table> - -<p>This command removes that annoying <tt class="USERNAME">jellyd</tt> user from your -system. Good riddance! :) The user is removed from the <tt -class="FILENAME">/etc/passwd</tt>, <tt class="FILENAME">/etc/shadow</tt>, and <tt -class="FILENAME">/etc/group</tt> files, but doesn't remove the user's home directory.</p> - -<p>If you'd wanted to remove the home directory as well, you would instead use this -command:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">#</samp> <kbd class="USERINPUT">userdel -r jellyd</kbd> -</pre> -</td> -</tr> -</table> - -<p>Temporarily disabling an account will be covered in the next section on passwords, -since a temporary change involves changing the user's password. Changing other account -information is covered in <a -href="essential-sysadmin.html#ESSENTIAL-SYSADMIN-USERS-CHANGING">Section 12.1.3</a>.</p> - -<p>The programs to add and remove groups are very simple. <tt -class="COMMAND">groupadd</tt> will just add another entry to the <tt -class="FILENAME">/etc/group</tt> file with a unique group ID, while <tt -class="COMMAND">groupdel</tt> will remove the specified group. It is up to you to edit -<tt class="FILENAME">/etc/group</tt> to add users to a specific group. For example, to -add a group called <tt class="USERNAME">cvs</tt>:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">#</samp> <kbd class="USERINPUT">groupadd cvs</kbd> -</pre> -</td> -</tr> -</table> - -<p>And to remove it:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">#</samp> <kbd class="USERINPUT">groupdel cvs</kbd> -</pre> -</td> -</tr> -</table> -</div> - -<div class="SECT2"> -<h2 class="SECT2"><a id="ESSENTIAL-SYSADMIN-USERS-PASSWDS" -name="ESSENTIAL-SYSADMIN-USERS-PASSWDS">12.1.2 Changing Passwords</a></h2> - -<p>The <tt class="COMMAND">passwd</tt> program changes passwords by modifying the <tt -class="FILENAME">/etc/shadow</tt> file. This file holds all the passwords for the system -in an encrypted format. In order to change your own password, you would type:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">passwd</kbd> -Changing password for chris -Old password: -Enter the new password (minumum of 5, maximum of 127 characters) -Please use a combination of upper and lower case letters and numbers. -New password: -</pre> -</td> -</tr> -</table> - -<p>As you can see, you are prompted to enter your old password. It won't appear on the -screen as you type it, just like when you log in. Then, you are prompted to enter the new -password. <tt class="COMMAND">passwd</tt> performs a lot of checks on your new password, -and it will complain if your new password doesn't pass its checks. You can ignore its -warnings if you want. You will be prompted to enter your new password a second time for -confirmation.</p> - -<p>If you are <tt class="USERNAME">root</tt>, you can also change another user's -password:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">#</samp> <kbd class="USERINPUT">passwd ted</kbd> -</pre> -</td> -</tr> -</table> - -<p>You will then have to go through the same procedure as above, except that you won't -have to enter the user's old password. (One of the many benefits of being <tt -class="USERNAME">root</tt>...)</p> - -<p>If needed, you can also temporarily disable an account, and reenable it at a later -time if needed. Both disabling an account and reenabling an account can be done with <tt -class="COMMAND">passwd</tt>. To disable an account, do the following as <tt -class="USERNAME">root</tt>:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">#</samp> <kbd class="USERINPUT">passwd -l david</kbd> -</pre> -</td> -</tr> -</table> - -<p>This will change david's password to something that can never match any encrypted -value. You would reenable the account by using:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">#</samp> <kbd class="USERINPUT">passwd -u david</kbd> -</pre> -</td> -</tr> -</table> - -<p>Now, david's account is back to normal. Disabling an account might be useful if the -user doesn't play by the rules you've set up on your system, or if they've exported a -very large copy of <tt class="COMMAND">xeyes</tt>(1) to your X desktop.</p> -</div> - -<div class="SECT2"> -<h2 class="SECT2"><a id="ESSENTIAL-SYSADMIN-USERS-CHANGING" -name="ESSENTIAL-SYSADMIN-USERS-CHANGING">12.1.3 Changing User Information</a></h2> - -<p>There are two pieces of information that users can change at any time: their shell and -their finger information. Slackware Linux uses <tt class="COMMAND">chsh</tt> (change -shell) and <tt class="COMMAND">chfn</tt> (change finger) to modify these values.</p> - -<p>A user can pick any shell that is listed in the <tt class="FILENAME">/etc/shells</tt> -file. For most people, <tt class="COMMAND">/bin/bash</tt> will do just fine. Others might -be familiar with a shell found on their system at work or school and want to use what -they already know. To change your shell, use <tt class="COMMAND">chsh</tt>:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chsh</kbd> -Password: -Changing the login shell for chris -Enter the new value, or press return for the default - Login Shell [/bin/bash]: -</pre> -</td> -</tr> -</table> - -<p>After entering your password, enter the full path to the new shell. Make sure that -it's listed in the <tt class="FILENAME">/etc/shells</tt>(5) file first. The <tt -class="USERNAME">root</tt> user can also change any user's shell by running <tt -class="COMMAND">chsh</tt> with a username as the argument.</p> - -<p>The finger information is the optional information such as your full name, phone -numbers, and room number. This can be changed using <tt class="COMMAND">chfn</tt>, and -follows the same procedure as it did during account creation. As usual, <tt -class="USERNAME">root</tt> can change anyone's finger information.</p> -</div> -</div> -</div> - -<div class="NAVFOOTER"> -<hr align="LEFT" width="100%" /> -<table summary="Footer navigation table" width="100%" border="0" cellpadding="0" -cellspacing="0"> -<tr> -<td width="33%" align="left" valign="top"><a href="process-control-top.html" -accesskey="P">Prev</a></td> -<td width="34%" align="center" valign="top"><a href="index.html" -accesskey="H">Home</a></td> -<td width="33%" align="right" valign="top"><a href="essential-sysadmin-hardusers.html" -accesskey="N">Next</a></td> -</tr> - -<tr> -<td width="33%" align="left" valign="top"><tt class="COMMAND">top</tt></td> -<td width="34%" align="center" valign="top"> </td> -<td width="33%" align="right" valign="top">Users and Groups, the Hard Way</td> -</tr> -</table> -</div> -</body> -</html> - |