[ab4fdfc] | 1 | <?xml version="1.0" encoding="UTF-8"?>
|
---|
[6732c094] | 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
[17b7723] | 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 | ]>
|
---|
| 7 |
|
---|
| 8 | <sect1 id="postlfs-users-groups" xreflabel="About System Users and Groups">
|
---|
| 9 | <?dbhtml filename="users.html"?>
|
---|
| 10 |
|
---|
| 11 |
|
---|
| 12 | <title>About System Users and Groups</title>
|
---|
| 13 |
|
---|
| 14 | <indexterm zone="postlfs-users-groups">
|
---|
| 15 | <primary sortas="e-etc-passwd">/etc/passwd</primary>
|
---|
| 16 | </indexterm>
|
---|
| 17 |
|
---|
| 18 | <indexterm zone="postlfs-users-groups">
|
---|
| 19 | <primary sortas="e-etc-group">/etc/group</primary>
|
---|
| 20 | </indexterm>
|
---|
| 21 |
|
---|
| 22 | <indexterm zone="postlfs-users-groups">
|
---|
| 23 | <primary sortas="e-etc-login.defs">/etc/login.defs</primary>
|
---|
| 24 | </indexterm>
|
---|
| 25 |
|
---|
[81a73ed8] | 26 | <para>
|
---|
| 27 | Throughout BLFS, many packages install programs that run as daemons or in
|
---|
| 28 | some way should have a user or group name assigned. Generally these
|
---|
| 29 | names are used to map a user ID (uid) or group ID (gid) for system use.
|
---|
| 30 | Generally the specific uid or gid numbers used by these applications are
|
---|
| 31 | not significant. The exception of course, is that <systemitem
|
---|
| 32 | class='username'>root</systemitem> has a uid and gid of 0 (zero) that
|
---|
| 33 | is indeed special. The uid values are stored in
|
---|
| 34 | <filename>/etc/passwd</filename> and the gid values are found in
|
---|
| 35 | <filename>/etc/group</filename>.
|
---|
| 36 | </para>
|
---|
[17b7723] | 37 |
|
---|
[81a73ed8] | 38 | <para>
|
---|
| 39 | Customarily, Unix systems classify users and groups into two categories:
|
---|
| 40 | system users and regular users. The system users and groups are given
|
---|
| 41 | low numbers and regular users and groups have numeric values greater
|
---|
| 42 | than all the system values. The cutoff for these numbers is found in
|
---|
| 43 | two parameters in the <filename>/etc/login.defs</filename> configuration
|
---|
| 44 | file. The default UID_MIN value is 1000 and the default GID_MIN value
|
---|
| 45 | is 1000. If a specific uid or gid value is not specified when creating
|
---|
| 46 | a user with <command>useradd</command> or a group with
|
---|
| 47 | <command>groupadd</command> the values assigned will always be above
|
---|
| 48 | these cutoff values.
|
---|
| 49 | </para>
|
---|
[17b7723] | 50 |
|
---|
[81a73ed8] | 51 | <para>
|
---|
| 52 | Additionally, the <ulink url=
|
---|
[cd29bc9] | 53 | "https://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/usernames.html">
|
---|
[81a73ed8] | 54 | Linux Standard Base</ulink> recommends that system uid and gid values
|
---|
| 55 | should be below 100.
|
---|
| 56 | </para>
|
---|
[17b7723] | 57 |
|
---|
[81a73ed8] | 58 | <para>
|
---|
| 59 | Below is a table of suggested uid/gid values used in BLFS beyond those
|
---|
| 60 | defined in a base LFS installation. These can be changed as desired, but
|
---|
| 61 | provide a suggested set of consistent values.
|
---|
| 62 | </para>
|
---|
[17b7723] | 63 |
|
---|
[346ae0c] | 64 | <table id="uidgid" class="uidvalues">
|
---|
[17b7723] | 65 | <title>UID/GID Suggested Values</title>
|
---|
[346ae0c] | 66 | <?dbfo table-width="2in" ?>
|
---|
| 67 | <tgroup cols="3">
|
---|
| 68 | <colspec colnum="1" colwidth="1.2in"/>
|
---|
| 69 | <colspec colnum="2" colwidth=".4in"/>
|
---|
| 70 | <colspec colnum="3" colwidth=".4in"/>
|
---|
[17b7723] | 71 | <thead>
|
---|
| 72 | <row><entry>Name</entry><entry>uid</entry><entry>gid</entry></row>
|
---|
| 73 | </thead>
|
---|
| 74 | <tbody>
|
---|
[33ca2b6] | 75 | <row><entry>bin </entry><entry> 1</entry><entry> </entry></row>
|
---|
[17b7723] | 76 | <row><entry>lp </entry><entry> 9</entry><entry> </entry></row>
|
---|
[33ca2b6] | 77 | <!--<row><entry>usb </entry><entry> </entry><entry>14</entry></row> -->
|
---|
[8dce8475] | 78 | <row><entry>adm </entry><entry> </entry><entry>16</entry></row>
|
---|
[eedba153] | 79 | <row><entry>atd </entry><entry>17</entry><entry>17</entry></row>
|
---|
[36c03b1] | 80 | <row><entry>messagebus</entry><entry>18</entry><entry>18</entry></row>
|
---|
[89475857] | 81 | <row><entry>lpadmin </entry><entry></entry><entry>19</entry></row>
|
---|
[17b7723] | 82 | <row><entry>named </entry><entry>20</entry><entry>20</entry></row>
|
---|
| 83 | <row><entry>gdm </entry><entry>21</entry><entry>21</entry></row>
|
---|
| 84 | <row><entry>fcron </entry><entry>22</entry><entry>22</entry></row>
|
---|
[03b8993] | 85 | <row><entry>systemd-journal</entry><entry>23</entry><entry>23</entry></row>
|
---|
[17b7723] | 86 | <row><entry>apache </entry><entry>25</entry><entry>25</entry></row>
|
---|
[b785ab29] | 87 | <row><entry>smmsp </entry><entry>26</entry><entry>26</entry></row>
|
---|
[01996ebb] | 88 | <row><entry>polkitd </entry><entry>27</entry><entry>27</entry></row>
|
---|
[41dbe86f] | 89 | <row><entry>rpc </entry><entry>28</entry><entry>28</entry></row>
|
---|
[b0ff55f3] | 90 | <!-- <row><entry>courier </entry><entry>30</entry><entry>30</entry></row> -->
|
---|
[17b7723] | 91 | <row><entry>exim </entry><entry>31</entry><entry>31</entry></row>
|
---|
| 92 | <row><entry>postfix </entry><entry>32</entry><entry>32</entry></row>
|
---|
| 93 | <row><entry>postdrop</entry><entry> </entry><entry>33</entry></row>
|
---|
| 94 | <row><entry>sendmail</entry><entry>34</entry><entry> </entry></row>
|
---|
| 95 | <row><entry>mail </entry><entry> </entry><entry>34</entry></row>
|
---|
| 96 | <row><entry>vmailman</entry><entry>35</entry><entry>35</entry></row>
|
---|
| 97 | <row><entry>news </entry><entry>36</entry><entry>36</entry></row>
|
---|
[69138677] | 98 | <row><entry>kdm </entry><entry>37</entry><entry>37</entry></row>
|
---|
[afe4b852] | 99 | <row><entry>fetchmail</entry><entry>38</entry><entry> </entry></row>
|
---|
[648b2c0] | 100 | <row><entry>mariadb </entry><entry>40</entry><entry>40</entry></row>
|
---|
[5aa1d3dd] | 101 | <row><entry>postgres</entry><entry>41</entry><entry>41</entry></row>
|
---|
[5b4ee76] | 102 | <row><entry>dovecot </entry><entry>42</entry><entry>42</entry></row>
|
---|
| 103 | <row><entry>dovenull</entry><entry>43</entry><entry>43</entry></row>
|
---|
[17b7723] | 104 | <row><entry>ftp </entry><entry>45</entry><entry>45</entry></row>
|
---|
| 105 | <row><entry>proftpd </entry><entry>46</entry><entry>46</entry></row>
|
---|
| 106 | <row><entry>vsftpd </entry><entry>47</entry><entry>47</entry></row>
|
---|
| 107 | <row><entry>rsyncd </entry><entry>48</entry><entry>48</entry></row>
|
---|
| 108 | <row><entry>sshd </entry><entry>50</entry><entry>50</entry></row>
|
---|
| 109 | <row><entry>stunnel </entry><entry>51</entry><entry>51</entry></row>
|
---|
[0ed08835] | 110 | <row><entry>dhcpcd </entry><entry>52</entry><entry>52</entry></row>
|
---|
[17b7723] | 111 | <row><entry>svn </entry><entry>56</entry><entry>56</entry></row>
|
---|
[b785ab29] | 112 | <row><entry>svntest </entry><entry> </entry><entry>57</entry></row>
|
---|
[5362771] | 113 | <row><entry>git </entry><entry>58</entry><entry>58</entry></row>
|
---|
[88136e4d] | 114 | <!-- <row><entry>pulse </entry><entry>58</entry><entry>58</entry></row>
|
---|
[8c62c89] | 115 | <row><entry>pulse-access</entry><entry></entry><entry>59</entry></row>
|
---|
[88136e4d] | 116 | -->
|
---|
[17b7723] | 117 | <row><entry>games </entry><entry>60</entry><entry>60</entry></row>
|
---|
[a23aa7b] | 118 | <row><entry>kvm </entry><entry> </entry><entry>61</entry></row>
|
---|
[a079e73c] | 119 | <row><entry>wireshark</entry><entry> </entry><entry>62</entry></row>
|
---|
[45f401ea] | 120 | <row><entry>sddm </entry><entry>64</entry><entry>64</entry></row>
|
---|
[7d4600c] | 121 | <row><entry>lightdm </entry><entry>65</entry><entry>65</entry></row>
|
---|
[ab0d3a42] | 122 | <row><entry>scanner </entry><entry> </entry><entry>70</entry></row>
|
---|
| 123 | <row><entry>colord </entry><entry>71</entry><entry>71</entry></row>
|
---|
[4fe695a] | 124 |
|
---|
| 125 | <!-- Begin systemd specific users and groups -->
|
---|
[de149fd] | 126 | <!--<row><entry>systemd-bus-proxy</entry><entry>72</entry><entry>72</entry></row>-->
|
---|
[ab0d3a42] | 127 | <row><entry>systemd-journal-gateway</entry><entry>73</entry><entry>73</entry></row>
|
---|
| 128 | <row><entry>systemd-journal-remote</entry><entry>74</entry><entry>74</entry></row>
|
---|
| 129 | <row><entry>systemd-journal-upload</entry><entry>75</entry><entry>75</entry></row>
|
---|
| 130 | <row><entry>systemd-network</entry><entry>76</entry><entry>76</entry></row>
|
---|
| 131 | <row><entry>systemd-resolve</entry><entry>77</entry><entry>77</entry></row>
|
---|
| 132 | <row><entry>systemd-timesync</entry><entry>78</entry><entry>78</entry></row>
|
---|
[9bcef17] | 133 | <row><entry>systemd-coredump</entry><entry>79</entry><entry>79</entry></row>
|
---|
[4fe695a] | 134 | <!-- End systemd specific users and groups -->
|
---|
| 135 |
|
---|
[12d35c4] | 136 | <row><entry>uuidd </entry><entry>80</entry><entry>80</entry></row>
|
---|
[ff056c7] | 137 | <row><entry>systemd-oom</entry><entry>81</entry><entry>81</entry></row>
|
---|
[b194f2b] | 138 | <row><entry>ldap </entry><entry>83</entry><entry>83</entry></row>
|
---|
[49547f1] | 139 | <row><entry>avahi </entry><entry>84</entry><entry>84</entry></row>
|
---|
| 140 | <row><entry>avahi-autoipd</entry><entry>85</entry><entry>85</entry></row>
|
---|
| 141 | <row><entry>netdev </entry><entry> </entry><entry>86</entry></row>
|
---|
[e38cfca] | 142 | <row><entry>ntp </entry><entry>87</entry><entry>87</entry></row>
|
---|
[d224244f] | 143 | <row><entry>unbound </entry><entry>88</entry><entry>88</entry></row>
|
---|
[8e8cfd9b] | 144 | <row><entry>plugdev </entry><entry> </entry><entry>90</entry></row>
|
---|
[986d7af] | 145 | <row><entry>wheel </entry><entry> </entry><entry>97</entry></row>
|
---|
[b785ab29] | 146 | <row><entry>anonymous</entry><entry>98</entry><entry> </entry></row>
|
---|
[2384999] | 147 | <row><entry>nobody </entry><entry>65534</entry><entry> </entry></row>
|
---|
| 148 | <row><entry>nogroup </entry><entry> </entry><entry>65534</entry></row>
|
---|
[17b7723] | 149 | </tbody>
|
---|
| 150 | </tgroup>
|
---|
| 151 | </table>
|
---|
[2384999] | 152 | <!--
|
---|
[81a73ed8] | 153 | <para>
|
---|
| 154 | One value that is missing is 65534. This value is customarily assigned
|
---|
| 155 | to the user <systemitem class="username">nobody</systemitem> and group
|
---|
| 156 | <systemitem class="groupname">nogroup</systemitem> and is unnecessary.
|
---|
[a079e73c] | 157 | </para>
|
---|
[2384999] | 158 | -->
|
---|
[17b7723] | 159 | </sect1>
|
---|