| 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
|---|
| 2 | <!DOCTYPE section [
|
|---|
| 3 | <!ENTITY % general-entities SYSTEM "../general.ent">
|
|---|
| 4 | %general-entities;
|
|---|
| 5 | ]>
|
|---|
| 6 | <section xmlns="http://docbook.org/docbook-ng"
|
|---|
| 7 | xmlns:xlink="http://www.w3.org/1999/xlink"
|
|---|
| 8 | xml:id="ch-system-pwdgroup">
|
|---|
| 9 | <title>The passwd, group and log files</title>
|
|---|
| 10 | <?dbhtml filename="pwdgroup.html"?>
|
|---|
| 11 |
|
|---|
| 12 | <indexterm zone="ch-system-pwdgroup"><primary sortas="e-/etc/passwd">/etc/passwd</primary></indexterm>
|
|---|
| 13 | <indexterm zone="ch-system-pwdgroup"><primary sortas="e-/etc/group">/etc/group</primary></indexterm>
|
|---|
| 14 | <indexterm zone="ch-system-pwdgroup"><primary sortas="e-/var/run/utmp">/var/run/utmp</primary></indexterm>
|
|---|
| 15 | <indexterm zone="ch-system-pwdgroup"><primary sortas="e-/var/log/btmp">/var/log/btmp</primary></indexterm>
|
|---|
| 16 | <indexterm zone="ch-system-pwdgroup"><primary sortas="e-/var/log/lastlog">/var/log/lastlog</primary></indexterm>
|
|---|
| 17 | <indexterm zone="ch-system-pwdgroup"><primary sortas="e-/var/log/wtmp">/var/log/wtmp</primary></indexterm>
|
|---|
| 18 |
|
|---|
| 19 | <para>In order for <emphasis>root</emphasis> to be able to login and for the
|
|---|
| 20 | name <quote>root</quote> to be recognized, there need to be relevant entries in
|
|---|
| 21 | the <filename>/etc/passwd</filename> and <filename>/etc/group</filename> files.
|
|---|
| 22 | </para>
|
|---|
| 23 |
|
|---|
| 24 | <para>Create the <filename>/etc/passwd</filename> file by running the following
|
|---|
| 25 | command:</para>
|
|---|
| 26 |
|
|---|
| 27 | <screen><userinput>cat > /etc/passwd << "EOF"
|
|---|
| 28 | root:x:0:0:root:/root:/bin/bash
|
|---|
| 29 | EOF</userinput></screen>
|
|---|
| 30 |
|
|---|
| 31 | <para>The actual password for <emphasis>root</emphasis> (the <quote>x</quote>
|
|---|
| 32 | here is just a placeholder) will be set later.</para>
|
|---|
| 33 |
|
|---|
| 34 | <para>Create the <filename>/etc/group</filename> file by running the following
|
|---|
| 35 | command:</para>
|
|---|
| 36 |
|
|---|
| 37 | <screen><userinput>cat > /etc/group << "EOF"
|
|---|
| 38 | root:x:0:
|
|---|
| 39 | bin:x:1:
|
|---|
| 40 | sys:x:2:
|
|---|
| 41 | kmem:x:3:
|
|---|
| 42 | tty:x:4:
|
|---|
| 43 | tape:x:5:
|
|---|
| 44 | daemon:x:6:
|
|---|
| 45 | floppy:x:7:
|
|---|
| 46 | disk:x:8:
|
|---|
| 47 | lp:x:9:
|
|---|
| 48 | dialout:x:10:
|
|---|
| 49 | audio:x:11:
|
|---|
| 50 | video:x:12:
|
|---|
| 51 | utmp:x:13:
|
|---|
| 52 | usb:x:14:
|
|---|
| 53 | EOF</userinput></screen>
|
|---|
| 54 |
|
|---|
| 55 | <para>The created groups aren't part of any standard -- they are some of the
|
|---|
| 56 | groups that the Udev configuration we will be using in the next section
|
|---|
| 57 | uses. The LSB (<link xlink:href="http://www.linuxbase.org/">Linux Standard
|
|---|
| 58 | Base</link>) recommends only that, beside the group <quote>root</quote> with a
|
|---|
| 59 | GID of 0, a group <quote>bin</quote> with a GID of 1 be present. All other group
|
|---|
| 60 | names and GIDs can be chosen freely by the system administrator, since
|
|---|
| 61 | well-written packages don't depend on GID numbers but use the group's name.
|
|---|
| 62 | </para>
|
|---|
| 63 |
|
|---|
| 64 | <para>To get rid of the <quote>I have no name!</quote> prompt, we will start a
|
|---|
| 65 | new shell. Since we installed a full Glibc in
|
|---|
| 66 | <xref linkend="chapter-temporary-tools"/>, and have just created the
|
|---|
| 67 | <filename>/etc/passwd</filename> and <filename>/etc/group</filename> files,
|
|---|
| 68 | user name and group name resolution will now work.</para>
|
|---|
| 69 |
|
|---|
| 70 | <screen><userinput>exec /tools/bin/bash --login +h</userinput></screen>
|
|---|
| 71 |
|
|---|
| 72 | <para>Note the use of the <parameter>+h</parameter> directive. This tells
|
|---|
| 73 | <command>bash</command> not to use its internal path hashing. Without this
|
|---|
| 74 | directive, <command>bash</command> would remember the paths to binaries it
|
|---|
| 75 | has executed. Since we want to use our newly compiled binaries as soon as
|
|---|
| 76 | they are installed, we turn off this function for the duration of this
|
|---|
| 77 | chapter.</para>
|
|---|
| 78 |
|
|---|
| 79 | <para>The <command>login</command>, <command>agetty</command> and
|
|---|
| 80 | <command>init</command> programs (and some others) use a number of log
|
|---|
| 81 | files to record information such as who was logged into the system and when.
|
|---|
| 82 | These programs, however, won't write to the log files if they don't already
|
|---|
| 83 | exist. Initialize the log files and give them their proper permissions:</para>
|
|---|
| 84 |
|
|---|
| 85 | <screen><userinput>touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
|
|---|
| 86 | chgrp utmp /var/run/utmp /var/log/lastlog
|
|---|
| 87 | chmod 664 /var/run/utmp /var/log/lastlog</userinput></screen>
|
|---|
| 88 |
|
|---|
| 89 | <para>The <filename>/var/run/utmp</filename> file records the users that are
|
|---|
| 90 | currently logged in. The <filename>/var/log/wtmp</filename> file records all
|
|---|
| 91 | logins and logouts. The <filename>/var/log/lastlog</filename> file records for
|
|---|
| 92 | each user when he or she last logged in. The <filename>/var/log/btmp</filename>
|
|---|
| 93 | file records the bad login attempts.</para>
|
|---|
| 94 |
|
|---|
| 95 | </section>
|
|---|
