1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
5 | %general-entities;
|
---|
6 | ]>
|
---|
7 |
|
---|
8 | <sect1 id="postlfs-users-groups" xreflabel="About System Users and Groups">
|
---|
9 | <?dbhtml filename="users.html"?>
|
---|
10 |
|
---|
11 | <sect1info>
|
---|
12 | <othername>$LastChangedBy$</othername>
|
---|
13 | <date>$Date$</date>
|
---|
14 | </sect1info>
|
---|
15 |
|
---|
16 | <title>About System Users and Groups</title>
|
---|
17 |
|
---|
18 | <indexterm zone="postlfs-users-groups">
|
---|
19 | <primary sortas="e-etc-passwd">/etc/passwd</primary>
|
---|
20 | </indexterm>
|
---|
21 |
|
---|
22 | <indexterm zone="postlfs-users-groups">
|
---|
23 | <primary sortas="e-etc-group">/etc/group</primary>
|
---|
24 | </indexterm>
|
---|
25 |
|
---|
26 | <indexterm zone="postlfs-users-groups">
|
---|
27 | <primary sortas="e-etc-login.defs">/etc/login.defs</primary>
|
---|
28 | </indexterm>
|
---|
29 |
|
---|
30 | <para>Throughout BLFS, many packages install programs that
|
---|
31 | run as daemons or in some way should have a user or group name
|
---|
32 | assigned. Generally these names are used to map a user ID (uid) or group
|
---|
33 | ID (gid) for system use. Generally the specific uid or gid numbers used
|
---|
34 | by these applications are not significant. The exception of course, is
|
---|
35 | that <systemitem class='username'>root</systemitem> has a uid and gid of 0
|
---|
36 | (zero) that is indeed special. The uid values are stored in
|
---|
37 | <filename>/etc/passwd</filename> and the gid values
|
---|
38 | are found in <filename>/etc/group</filename>.</para>
|
---|
39 |
|
---|
40 | <para>Customarily, Unix systems classify users and groups into two
|
---|
41 | categories: system users and regular users. The system users and groups are
|
---|
42 | given low numbers and regular users and groups have numeric values greater
|
---|
43 | than all the system values. The cutoff for these numbers is found in two
|
---|
44 | parameters in the <filename>/etc/login.defs</filename> configuration file.
|
---|
45 | The default UID_MIN value is 1000 and the default GID_MIN value is 1000. If a
|
---|
46 | specific uid or gid value is not specified when creating a user with
|
---|
47 | <command>useradd</command> or a group with <command>groupadd</command> the values
|
---|
48 | assigned will always be above these cutoff values.</para>
|
---|
49 |
|
---|
50 | <para>Additionally, the <ulink
|
---|
51 | url='http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/usernames.html'>
|
---|
52 | Linux Standard Base</ulink> recommends that system uid and gid values should be
|
---|
53 | below 100.</para>
|
---|
54 |
|
---|
55 | <para>Below is a table of suggested uid/gid values used in BLFS beyond those
|
---|
56 | defined in a base LFS installation. These can be changed as desired, but
|
---|
57 | provide a suggested set of consistent values.</para>
|
---|
58 |
|
---|
59 | <table id="uidgid" class="uidvalues">
|
---|
60 | <title>UID/GID Suggested Values</title>
|
---|
61 | <?dbfo table-width="2in" ?>
|
---|
62 | <tgroup cols="3">
|
---|
63 | <colspec colnum="1" colwidth="1.2in"/>
|
---|
64 | <colspec colnum="2" colwidth=".4in"/>
|
---|
65 | <colspec colnum="3" colwidth=".4in"/>
|
---|
66 | <thead>
|
---|
67 | <row><entry>Name</entry><entry>uid</entry><entry>gid</entry></row>
|
---|
68 | </thead>
|
---|
69 | <tbody>
|
---|
70 | <row><entry>bin </entry><entry> 1</entry><entry> </entry></row>
|
---|
71 | <row><entry>lp </entry><entry> 9</entry><entry> </entry></row>
|
---|
72 | <!--<row><entry>usb </entry><entry> </entry><entry>14</entry></row> -->
|
---|
73 | <row><entry>adm </entry><entry> </entry><entry>16</entry></row>
|
---|
74 | <row><entry>atd </entry><entry>17</entry><entry>17</entry></row>
|
---|
75 | <row><entry>messagebus</entry><entry>18</entry><entry>18</entry></row>
|
---|
76 | <row><entry>lpadmin </entry><entry></entry><entry>19</entry></row>
|
---|
77 | <row><entry>named </entry><entry>20</entry><entry>20</entry></row>
|
---|
78 | <row><entry>gdm </entry><entry>21</entry><entry>21</entry></row>
|
---|
79 | <row><entry>fcron </entry><entry>22</entry><entry>22</entry></row>
|
---|
80 | <row><entry>systemd-journal</entry><entry></entry><entry>23</entry></row>
|
---|
81 | <row><entry>apache </entry><entry>25</entry><entry>25</entry></row>
|
---|
82 | <row><entry>smmsp </entry><entry>26</entry><entry>26</entry></row>
|
---|
83 | <row><entry>polkitd </entry><entry>27</entry><entry>27</entry></row>
|
---|
84 | <row><entry>rpc </entry><entry>28</entry><entry>28</entry></row>
|
---|
85 | <!-- <row><entry>courier </entry><entry>30</entry><entry>30</entry></row> -->
|
---|
86 | <row><entry>exim </entry><entry>31</entry><entry>31</entry></row>
|
---|
87 | <row><entry>postfix </entry><entry>32</entry><entry>32</entry></row>
|
---|
88 | <row><entry>postdrop</entry><entry> </entry><entry>33</entry></row>
|
---|
89 | <row><entry>sendmail</entry><entry>34</entry><entry> </entry></row>
|
---|
90 | <row><entry>mail </entry><entry> </entry><entry>34</entry></row>
|
---|
91 | <row><entry>vmailman</entry><entry>35</entry><entry>35</entry></row>
|
---|
92 | <row><entry>news </entry><entry>36</entry><entry>36</entry></row>
|
---|
93 | <row><entry>kdm </entry><entry>37</entry><entry>37</entry></row>
|
---|
94 | <row><entry>mysql </entry><entry>40</entry><entry>40</entry></row>
|
---|
95 | <row><entry>postgres</entry><entry>41</entry><entry>41</entry></row>
|
---|
96 | <row><entry>dovecot </entry><entry>42</entry><entry>42</entry></row>
|
---|
97 | <row><entry>dovenull</entry><entry>43</entry><entry>43</entry></row>
|
---|
98 | <row><entry>ftp </entry><entry>45</entry><entry>45</entry></row>
|
---|
99 | <row><entry>proftpd </entry><entry>46</entry><entry>46</entry></row>
|
---|
100 | <row><entry>vsftpd </entry><entry>47</entry><entry>47</entry></row>
|
---|
101 | <row><entry>rsyncd </entry><entry>48</entry><entry>48</entry></row>
|
---|
102 | <row><entry>sshd </entry><entry>50</entry><entry>50</entry></row>
|
---|
103 | <row><entry>stunnel </entry><entry>51</entry><entry>51</entry></row>
|
---|
104 | <row><entry>svn </entry><entry>56</entry><entry>56</entry></row>
|
---|
105 | <row><entry>svntest </entry><entry> </entry><entry>57</entry></row>
|
---|
106 | <!-- <row><entry>pulse </entry><entry>58</entry><entry>58</entry></row>
|
---|
107 | <row><entry>pulse-access</entry><entry></entry><entry>59</entry></row>
|
---|
108 | -->
|
---|
109 | <row><entry>games </entry><entry>60</entry><entry>60</entry></row>
|
---|
110 | <row><entry>kvm </entry><entry> </entry><entry>61</entry></row>
|
---|
111 | <row><entry>wireshark</entry><entry> </entry><entry>62</entry></row>
|
---|
112 | <row><entry>lightdm </entry><entry>63</entry><entry>63</entry></row>
|
---|
113 | <row><entry>sddm </entry><entry>64</entry><entry>64</entry></row>
|
---|
114 | <row><entry>scanner </entry><entry> </entry><entry>70</entry></row>
|
---|
115 | <row><entry>colord </entry><entry>71</entry><entry>71</entry></row>
|
---|
116 |
|
---|
117 | <!-- Begin systemd specific users and groups -->
|
---|
118 | <row><entry>systemd-bus-proxy</entry><entry>72</entry><entry>72</entry></row>
|
---|
119 | <row><entry>systemd-journal-gateway</entry><entry>73</entry><entry>73</entry></row>
|
---|
120 | <row><entry>systemd-journal-remote</entry><entry>74</entry><entry>74</entry></row>
|
---|
121 | <row><entry>systemd-journal-upload</entry><entry>75</entry><entry>75</entry></row>
|
---|
122 | <row><entry>systemd-network</entry><entry>76</entry><entry>76</entry></row>
|
---|
123 | <row><entry>systemd-resolve</entry><entry>77</entry><entry>77</entry></row>
|
---|
124 | <row><entry>systemd-timesync</entry><entry>78</entry><entry>78</entry></row>
|
---|
125 | <row><entry>systemd-coredump</entry><entry>79</entry><entry>79</entry></row>
|
---|
126 | <!-- End systemd specific users and groups -->
|
---|
127 |
|
---|
128 | <row><entry>ldap </entry><entry>83</entry><entry>83</entry></row>
|
---|
129 | <row><entry>avahi </entry><entry>84</entry><entry>84</entry></row>
|
---|
130 | <row><entry>avahi-autoipd</entry><entry>85</entry><entry>85</entry></row>
|
---|
131 | <row><entry>netdev </entry><entry> </entry><entry>86</entry></row>
|
---|
132 | <row><entry>ntp </entry><entry>87</entry><entry>87</entry></row>
|
---|
133 | <row><entry>unbound </entry><entry>88</entry><entry>88</entry></row>
|
---|
134 | <row><entry>plugdev </entry><entry> </entry><entry>90</entry></row>
|
---|
135 | <row><entry>anonymous</entry><entry>98</entry><entry> </entry></row>
|
---|
136 | <row><entry>nobody </entry><entry>99</entry><entry> </entry></row>
|
---|
137 | <row><entry>nogroup </entry><entry> </entry><entry>99</entry></row>
|
---|
138 | </tbody>
|
---|
139 | </tgroup>
|
---|
140 | </table>
|
---|
141 |
|
---|
142 | <para>One value that is missing is 65534. This value is customarily assigned
|
---|
143 | to the user <systemitem class="username">nobody</systemitem> and group
|
---|
144 | <systemitem class="groupname">nogroup</systemitem> and is unnecessary.
|
---|
145 | </para>
|
---|
146 |
|
---|
147 | </sect1>
|
---|