summaryrefslogtreecommitdiff
path: root/slackbook/html/essential-sysadmin-hardusers.html
diff options
context:
space:
mode:
Diffstat (limited to 'slackbook/html/essential-sysadmin-hardusers.html')
-rw-r--r--slackbook/html/essential-sysadmin-hardusers.html202
1 files changed, 0 insertions, 202 deletions
diff --git a/slackbook/html/essential-sysadmin-hardusers.html b/slackbook/html/essential-sysadmin-hardusers.html
deleted file mode 100644
index f9ad5448..00000000
--- a/slackbook/html/essential-sysadmin-hardusers.html
+++ /dev/null
@@ -1,202 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta name="generator" content="HTML Tidy, see www.w3.org" />
-<title>Users and Groups, the Hard Way</title>
-<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
-<link rel="HOME" title="Slackware Linux Essentials" href="index.html" />
-<link rel="UP" title="Essential System Administration" href="essential-sysadmin.html" />
-<link rel="PREVIOUS" title="Essential System Administration"
-href="essential-sysadmin.html" />
-<link rel="NEXT" title="Shutting Down Properly"
-href="essential-sysadmin-shutdown.html" />
-<link rel="STYLESHEET" type="text/css" href="docbook.css" />
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-</head>
-<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
-alink="#0000FF">
-<div class="NAVHEADER">
-<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
-cellspacing="0">
-<tr>
-<th colspan="3" align="center">Slackware Linux Essentials</th>
-</tr>
-
-<tr>
-<td width="10%" align="left" valign="bottom"><a href="essential-sysadmin.html"
-accesskey="P">Prev</a></td>
-<td width="80%" align="center" valign="bottom">Chapter 12 Essential System
-Administration</td>
-<td width="10%" align="right" valign="bottom"><a href="essential-sysadmin-shutdown.html"
-accesskey="N">Next</a></td>
-</tr>
-</table>
-
-<hr align="LEFT" width="100%" />
-</div>
-
-<div class="SECT1">
-<h1 class="SECT1"><a id="ESSENTIAL-SYSADMIN-HARDUSERS"
-name="ESSENTIAL-SYSADMIN-HARDUSERS">12.2 Users and Groups, the Hard Way</a></h1>
-
-<p>Of course, it is possible to add, modify, and remove users and groups without using
-the scripts and programs that come with Slackware. It's not really difficult, although
-after reading this process, you'll probably find it much easier to use the scripts.
-However, it's important to know how your password information is actually stored, in case
-you ever need to recover this information and don't have the Slackware tools
-available.</p>
-
-<p>First, we'll add a new user to the <tt class="FILENAME">/etc/passwd</tt>(5), <tt
-class="FILENAME">/etc/shadow</tt>(5), and <tt class="FILENAME">/etc/group</tt>(5) files.
-The <tt class="FILENAME">passwd</tt> file holds some information about the users on your
-system, but (strangely enough) not their passwords. This was once the case, but was
-halted long ago for security reasons. The passwd file must be readable by all users, but
-you don't want encrypted passwords world-readable, as would-be intruders can use the
-encrypted passwords as a starting point for decrypting a user's password. Instead, the
-encrypted passwords are kept in the shadow file, which is only readable by root, and
-everyone's password is entered into the <tt class="FILENAME">passwd</tt> file simply as
-&#8220;<var class="LITERAL">x</var>&#8221;. The <tt class="FILENAME">group</tt> file
-lists all the groups and who is in each.</p>
-
-<p>You can use the <tt class="COMMAND">vipw</tt> command to edit the <tt
-class="FILENAME">/etc/passwd</tt> file safely, and the <tt class="COMMAND">vigr</tt>
-command to edit the <tt class="FILENAME">/etc/group</tt> file safely. Use <tt
-class="COMMAND">vipw -s</tt> to edit the <tt class="FILENAME">/etc/shadow</tt> file
-safely. (&#8220;Safely&#8221; in this context means someone else won't be able to modify
-the file you're editing at the moment. If you're the only administrator of your system,
-you're probably safe, but it's best to get into good habits from the start.)</p>
-
-<p>Let's examine the <tt class="FILENAME">/etc/passwd</tt> file and look at how to add a
-new user. A typical entry in <tt class="FILENAME">passwd</tt> looks like this:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="PROGRAMLISTING">
-chris:x:1000:100:Chris Lumens,Room 2,,:/home/chris:/bin/bash
-</pre>
-</td>
-</tr>
-</table>
-
-<p>Each line is an entry for one user, and fields on each line are separated by a colon.
-The fields are the login name, encrypted password (&#8220;<var
-class="LITERAL">x</var>&#8221; for everyone on a Slackware system, since Slackware uses
-shadow passwords), user ID, group ID, the optional finger information (separated by
-commas), home directory, and shell. To add a new user by hand, add a new line at the end
-of the file, filling in the appropriate information.</p>
-
-<p>The information you add needs to meet some requirements, or your new user may have
-problems logging in. First, make sure that the password field is an <var
-class="LITERAL">x</var>, and that both the user name and user ID is unique. Assign the
-user a group, either 100 (the &#8220;users&#8221; group in Slackware) or your default
-group (use its number, not its name). Give the user a valid home directory (which you'll
-create later) and shell (remember, valid shells are listed in <tt
-class="FILENAME">/etc/shells</tt>).</p>
-
-<p>Next, we'll need to add an entry in the /etc/shadow file, which holds the encrypted
-passwords. A typical entry looks like this:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="PROGRAMLISTING">
-chris:$1$w9bsw/N9$uwLr2bRER6YyBS.CAEp7R.:11055:0:99999:7:::
-</pre>
-</td>
-</tr>
-</table>
-
-<p>Again, each line is an entry for one person, with each field delimited by a colon. The
-fields are (in order) login name, encrypted password, days since the Epoch (January 1,
-1970) that the password was last changed, days before the password may be changed, days
-after which the password must be changed, days before password expiration that the user
-is notified, days after expiration that the account is disabled, days since the Epoch
-that the account is disabled, and a reserved field.</p>
-
-<p>As you can see, most of that is for account expiration information. If you aren't
-using expiration information, you only need to fill in a few fields with some special
-values. Otherwise, you'll need to do some calculations and decision making before you can
-fill those fields in. For a new user, just put some random garbage in the password field.
-Don't worry about what the password is right now, because you're going to change it in a
-minute. The only character you cannot include in the password field is a colon. Leave the
-&#8220;days since password was changed&#8221; field blank as well. Fill in <var
-class="LITERAL">0</var>, <var class="LITERAL">99999</var>, and <var
-class="LITERAL">7</var> just as you see in the example entry, and leave the other fields
-blank.</p>
-
-<p>(For those of you who think you see my encrypted password above and believe you've got
-a leg up on breaking into my system, go right ahead. If you can crack that password,
-you'll know the password to a firewalled test system. Now that's useful :) )</p>
-
-<p>All normal users are members of the &#8220;<tt class="USERNAME">users</tt>&#8221;
-group on a typical Slackware system. However, if you want to create a new group, or add
-the new user to additional groups, you'll need to modify the <tt
-class="FILENAME">/etc/group</tt> file. Here is a typical entry:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="PROGRAMLISTING">
-cvs::102:chris,logan,david,root
-</pre>
-</td>
-</tr>
-</table>
-
-<p>The fields are group name, group password, group ID, and group members, separated by
-commas. Creating a new group is a simple matter of adding a new line with a unique group
-ID, and listing all the users you want to be in the group. Any users that are in this new
-group and are logged in will have to log out and log back in for those changes to take
-effect.</p>
-
-<p>At this point, it might be a good idea to use the <tt class="COMMAND">pwck</tt> and
-<tt class="COMMAND">grpck</tt> commands to verify that the changes you've made are
-consistent. First, use <tt class="COMMAND">pwck -r</tt> and <tt class="COMMAND">grpck
--r</tt>: the <var class="OPTION">-r</var> switch makes no changes, but lists the changes
-you would be asked to make if you ran the command without the switch. You can use this
-output to decide whether you need to further modify any files, to run <tt
-class="COMMAND">pwck</tt> or <tt class="COMMAND">grpck</tt> without the <var
-class="OPTION">-r</var> switch, or to simply leave your changes as they are.</p>
-
-<p>At this point, you should use the <tt class="COMMAND">passwd</tt> command to create a
-proper password for the user. Then, use <tt class="COMMAND">mkdir</tt> to create the new
-user's home directory in the location you entered into the <tt
-class="FILENAME">/etc/passwd</tt> file, and use <tt class="COMMAND">chown</tt> to change
-the owner of the new directory to the new user.</p>
-
-<p>Removing a user is a simple matter of deleting all of the entries that exist for that
-user. Remove the user's entry from <tt class="FILENAME">/etc/passwd</tt> and <tt
-class="FILENAME">/etc/shadow</tt>, and remove the login name from any groups in the <tt
-class="FILENAME">/etc/group</tt> file. If you wish, delete the user's home directory, the
-mail spool file, and his crontab entry (if they exist).</p>
-
-<p>Removing groups is similar: remove the group's entry from <tt
-class="FILENAME">/etc/group</tt>.</p>
-</div>
-
-<div class="NAVFOOTER">
-<hr align="LEFT" width="100%" />
-<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
-cellspacing="0">
-<tr>
-<td width="33%" align="left" valign="top"><a href="essential-sysadmin.html"
-accesskey="P">Prev</a></td>
-<td width="34%" align="center" valign="top"><a href="index.html"
-accesskey="H">Home</a></td>
-<td width="33%" align="right" valign="top"><a href="essential-sysadmin-shutdown.html"
-accesskey="N">Next</a></td>
-</tr>
-
-<tr>
-<td width="33%" align="left" valign="top">Essential System Administration</td>
-<td width="34%" align="center" valign="top"><a href="essential-sysadmin.html"
-accesskey="U">Up</a></td>
-<td width="33%" align="right" valign="top">Shutting Down Properly</td>
-</tr>
-</table>
-</div>
-</body>
-</html>
-