diff options
Diffstat (limited to 'slackbook/html/essential-sysadmin-hardusers.html')
-rw-r--r-- | slackbook/html/essential-sysadmin-hardusers.html | 202 |
1 files changed, 0 insertions, 202 deletions
diff --git a/slackbook/html/essential-sysadmin-hardusers.html b/slackbook/html/essential-sysadmin-hardusers.html deleted file mode 100644 index f9ad5448..00000000 --- a/slackbook/html/essential-sysadmin-hardusers.html +++ /dev/null @@ -1,202 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> -<head> -<meta name="generator" content="HTML Tidy, see www.w3.org" /> -<title>Users and Groups, the Hard Way</title> -<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" /> -<link rel="HOME" title="Slackware Linux Essentials" href="index.html" /> -<link rel="UP" title="Essential System Administration" href="essential-sysadmin.html" /> -<link rel="PREVIOUS" title="Essential System Administration" -href="essential-sysadmin.html" /> -<link rel="NEXT" title="Shutting Down Properly" -href="essential-sysadmin-shutdown.html" /> -<link rel="STYLESHEET" type="text/css" href="docbook.css" /> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> -</head> -<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084" -alink="#0000FF"> -<div class="NAVHEADER"> -<table summary="Header navigation table" width="100%" border="0" cellpadding="0" -cellspacing="0"> -<tr> -<th colspan="3" align="center">Slackware Linux Essentials</th> -</tr> - -<tr> -<td width="10%" align="left" valign="bottom"><a href="essential-sysadmin.html" -accesskey="P">Prev</a></td> -<td width="80%" align="center" valign="bottom">Chapter 12 Essential System -Administration</td> -<td width="10%" align="right" valign="bottom"><a href="essential-sysadmin-shutdown.html" -accesskey="N">Next</a></td> -</tr> -</table> - -<hr align="LEFT" width="100%" /> -</div> - -<div class="SECT1"> -<h1 class="SECT1"><a id="ESSENTIAL-SYSADMIN-HARDUSERS" -name="ESSENTIAL-SYSADMIN-HARDUSERS">12.2 Users and Groups, the Hard Way</a></h1> - -<p>Of course, it is possible to add, modify, and remove users and groups without using -the scripts and programs that come with Slackware. It's not really difficult, although -after reading this process, you'll probably find it much easier to use the scripts. -However, it's important to know how your password information is actually stored, in case -you ever need to recover this information and don't have the Slackware tools -available.</p> - -<p>First, we'll add a new user to the <tt class="FILENAME">/etc/passwd</tt>(5), <tt -class="FILENAME">/etc/shadow</tt>(5), and <tt class="FILENAME">/etc/group</tt>(5) files. -The <tt class="FILENAME">passwd</tt> file holds some information about the users on your -system, but (strangely enough) not their passwords. This was once the case, but was -halted long ago for security reasons. The passwd file must be readable by all users, but -you don't want encrypted passwords world-readable, as would-be intruders can use the -encrypted passwords as a starting point for decrypting a user's password. Instead, the -encrypted passwords are kept in the shadow file, which is only readable by root, and -everyone's password is entered into the <tt class="FILENAME">passwd</tt> file simply as -“<var class="LITERAL">x</var>”. The <tt class="FILENAME">group</tt> file -lists all the groups and who is in each.</p> - -<p>You can use the <tt class="COMMAND">vipw</tt> command to edit the <tt -class="FILENAME">/etc/passwd</tt> file safely, and the <tt class="COMMAND">vigr</tt> -command to edit the <tt class="FILENAME">/etc/group</tt> file safely. Use <tt -class="COMMAND">vipw -s</tt> to edit the <tt class="FILENAME">/etc/shadow</tt> file -safely. (“Safely” in this context means someone else won't be able to modify -the file you're editing at the moment. If you're the only administrator of your system, -you're probably safe, but it's best to get into good habits from the start.)</p> - -<p>Let's examine the <tt class="FILENAME">/etc/passwd</tt> file and look at how to add a -new user. A typical entry in <tt class="FILENAME">passwd</tt> looks like this:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="PROGRAMLISTING"> -chris:x:1000:100:Chris Lumens,Room 2,,:/home/chris:/bin/bash -</pre> -</td> -</tr> -</table> - -<p>Each line is an entry for one user, and fields on each line are separated by a colon. -The fields are the login name, encrypted password (“<var -class="LITERAL">x</var>” for everyone on a Slackware system, since Slackware uses -shadow passwords), user ID, group ID, the optional finger information (separated by -commas), home directory, and shell. To add a new user by hand, add a new line at the end -of the file, filling in the appropriate information.</p> - -<p>The information you add needs to meet some requirements, or your new user may have -problems logging in. First, make sure that the password field is an <var -class="LITERAL">x</var>, and that both the user name and user ID is unique. Assign the -user a group, either 100 (the “users” group in Slackware) or your default -group (use its number, not its name). Give the user a valid home directory (which you'll -create later) and shell (remember, valid shells are listed in <tt -class="FILENAME">/etc/shells</tt>).</p> - -<p>Next, we'll need to add an entry in the /etc/shadow file, which holds the encrypted -passwords. A typical entry looks like this:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="PROGRAMLISTING"> -chris:$1$w9bsw/N9$uwLr2bRER6YyBS.CAEp7R.:11055:0:99999:7::: -</pre> -</td> -</tr> -</table> - -<p>Again, each line is an entry for one person, with each field delimited by a colon. The -fields are (in order) login name, encrypted password, days since the Epoch (January 1, -1970) that the password was last changed, days before the password may be changed, days -after which the password must be changed, days before password expiration that the user -is notified, days after expiration that the account is disabled, days since the Epoch -that the account is disabled, and a reserved field.</p> - -<p>As you can see, most of that is for account expiration information. If you aren't -using expiration information, you only need to fill in a few fields with some special -values. Otherwise, you'll need to do some calculations and decision making before you can -fill those fields in. For a new user, just put some random garbage in the password field. -Don't worry about what the password is right now, because you're going to change it in a -minute. The only character you cannot include in the password field is a colon. Leave the -“days since password was changed” field blank as well. Fill in <var -class="LITERAL">0</var>, <var class="LITERAL">99999</var>, and <var -class="LITERAL">7</var> just as you see in the example entry, and leave the other fields -blank.</p> - -<p>(For those of you who think you see my encrypted password above and believe you've got -a leg up on breaking into my system, go right ahead. If you can crack that password, -you'll know the password to a firewalled test system. Now that's useful :) )</p> - -<p>All normal users are members of the “<tt class="USERNAME">users</tt>” -group on a typical Slackware system. However, if you want to create a new group, or add -the new user to additional groups, you'll need to modify the <tt -class="FILENAME">/etc/group</tt> file. Here is a typical entry:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="PROGRAMLISTING"> -cvs::102:chris,logan,david,root -</pre> -</td> -</tr> -</table> - -<p>The fields are group name, group password, group ID, and group members, separated by -commas. Creating a new group is a simple matter of adding a new line with a unique group -ID, and listing all the users you want to be in the group. Any users that are in this new -group and are logged in will have to log out and log back in for those changes to take -effect.</p> - -<p>At this point, it might be a good idea to use the <tt class="COMMAND">pwck</tt> and -<tt class="COMMAND">grpck</tt> commands to verify that the changes you've made are -consistent. First, use <tt class="COMMAND">pwck -r</tt> and <tt class="COMMAND">grpck --r</tt>: the <var class="OPTION">-r</var> switch makes no changes, but lists the changes -you would be asked to make if you ran the command without the switch. You can use this -output to decide whether you need to further modify any files, to run <tt -class="COMMAND">pwck</tt> or <tt class="COMMAND">grpck</tt> without the <var -class="OPTION">-r</var> switch, or to simply leave your changes as they are.</p> - -<p>At this point, you should use the <tt class="COMMAND">passwd</tt> command to create a -proper password for the user. Then, use <tt class="COMMAND">mkdir</tt> to create the new -user's home directory in the location you entered into the <tt -class="FILENAME">/etc/passwd</tt> file, and use <tt class="COMMAND">chown</tt> to change -the owner of the new directory to the new user.</p> - -<p>Removing a user is a simple matter of deleting all of the entries that exist for that -user. Remove the user's entry from <tt class="FILENAME">/etc/passwd</tt> and <tt -class="FILENAME">/etc/shadow</tt>, and remove the login name from any groups in the <tt -class="FILENAME">/etc/group</tt> file. If you wish, delete the user's home directory, the -mail spool file, and his crontab entry (if they exist).</p> - -<p>Removing groups is similar: remove the group's entry from <tt -class="FILENAME">/etc/group</tt>.</p> -</div> - -<div class="NAVFOOTER"> -<hr align="LEFT" width="100%" /> -<table summary="Footer navigation table" width="100%" border="0" cellpadding="0" -cellspacing="0"> -<tr> -<td width="33%" align="left" valign="top"><a href="essential-sysadmin.html" -accesskey="P">Prev</a></td> -<td width="34%" align="center" valign="top"><a href="index.html" -accesskey="H">Home</a></td> -<td width="33%" align="right" valign="top"><a href="essential-sysadmin-shutdown.html" -accesskey="N">Next</a></td> -</tr> - -<tr> -<td width="33%" align="left" valign="top">Essential System Administration</td> -<td width="34%" align="center" valign="top"><a href="essential-sysadmin.html" -accesskey="U">Up</a></td> -<td width="33%" align="right" valign="top">Shutting Down Properly</td> -</tr> -</table> -</div> -</body> -</html> - |