Slackware 13.0slackware-13.0

Wed Aug 26 10:00:38 CDT 2009
Slackware 13.0 x86_64 is released as stable!  Thanks to everyone who
helped make this release possible -- see the RELEASE_NOTES for the
credits.  The ISOs are off to the replicator.  This time it will be a
6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD.
We're taking pre-orders now at store.slackware.com.  Please consider
picking up a copy to help support the project.  Once again, thanks to
the entire Slackware community for all the help testing and fixing
things and offering suggestions during this development cycle.
As always, have fun and enjoy!  -P.

1 files changed, 202 insertions, 0 deletions

diff --git a/slackbook/html/essential-sysadmin-hardusers.html b/slackbook/html/essential-sysadmin-hardusers.html
new file mode 100644
index 000000000..f9ad54488
--- /dev/null
+++ b/slackbook/html/essential-sysadmin-hardusers.html
@@ -0,0 +1,202 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content="HTML Tidy, see www.w3.org" />
+<title>Users and Groups, the Hard Way</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
+<link rel="HOME" title="Slackware Linux Essentials" href="index.html" />
+<link rel="UP" title="Essential System Administration" href="essential-sysadmin.html" />
+<link rel="PREVIOUS" title="Essential System Administration"
+href="essential-sysadmin.html" />
+<link rel="NEXT" title="Shutting Down Properly"
+href="essential-sysadmin-shutdown.html" />
+<link rel="STYLESHEET" type="text/css" href="docbook.css" />
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+</head>
+<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
+alink="#0000FF">
+<div class="NAVHEADER">
+<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
+cellspacing="0">
+<tr>
+<th colspan="3" align="center">Slackware Linux Essentials</th>
+</tr>
+
+<tr>
+<td width="10%" align="left" valign="bottom"><a href="essential-sysadmin.html"
+accesskey="P">Prev</a></td>
+<td width="80%" align="center" valign="bottom">Chapter 12 Essential System
+Administration</td>
+<td width="10%" align="right" valign="bottom"><a href="essential-sysadmin-shutdown.html"
+accesskey="N">Next</a></td>
+</tr>
+</table>
+
+<hr align="LEFT" width="100%" />
+</div>
+
+<div class="SECT1">
+<h1 class="SECT1"><a id="ESSENTIAL-SYSADMIN-HARDUSERS"
+name="ESSENTIAL-SYSADMIN-HARDUSERS">12.2 Users and Groups, the Hard Way</a></h1>
+
+<p>Of course, it is possible to add, modify, and remove users and groups without using
+the scripts and programs that come with Slackware. It's not really difficult, although
+after reading this process, you'll probably find it much easier to use the scripts.
+However, it's important to know how your password information is actually stored, in case
+you ever need to recover this information and don't have the Slackware tools
+available.</p>
+
+<p>First, we'll add a new user to the <tt class="FILENAME">/etc/passwd</tt>(5), <tt
+class="FILENAME">/etc/shadow</tt>(5), and <tt class="FILENAME">/etc/group</tt>(5) files.
+The <tt class="FILENAME">passwd</tt> file holds some information about the users on your
+system, but (strangely enough) not their passwords. This was once the case, but was
+halted long ago for security reasons. The passwd file must be readable by all users, but
+you don't want encrypted passwords world-readable, as would-be intruders can use the
+encrypted passwords as a starting point for decrypting a user's password. Instead, the
+encrypted passwords are kept in the shadow file, which is only readable by root, and
+everyone's password is entered into the <tt class="FILENAME">passwd</tt> file simply as
+&#8220;<var class="LITERAL">x</var>&#8221;. The <tt class="FILENAME">group</tt> file
+lists all the groups and who is in each.</p>
+
+<p>You can use the <tt class="COMMAND">vipw</tt> command to edit the <tt
+class="FILENAME">/etc/passwd</tt> file safely, and the <tt class="COMMAND">vigr</tt>
+command to edit the <tt class="FILENAME">/etc/group</tt> file safely. Use <tt
+class="COMMAND">vipw -s</tt> to edit the <tt class="FILENAME">/etc/shadow</tt> file
+safely. (&#8220;Safely&#8221; in this context means someone else won't be able to modify
+the file you're editing at the moment. If you're the only administrator of your system,
+you're probably safe, but it's best to get into good habits from the start.)</p>
+
+<p>Let's examine the <tt class="FILENAME">/etc/passwd</tt> file and look at how to add a
+new user. A typical entry in <tt class="FILENAME">passwd</tt> looks like this:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="PROGRAMLISTING">
+chris:x:1000:100:Chris Lumens,Room 2,,:/home/chris:/bin/bash
+</pre>
+</td>
+</tr>
+</table>
+
+<p>Each line is an entry for one user, and fields on each line are separated by a colon.
+The fields are the login name, encrypted password (&#8220;<var
+class="LITERAL">x</var>&#8221; for everyone on a Slackware system, since Slackware uses
+shadow passwords), user ID, group ID, the optional finger information (separated by
+commas), home directory, and shell. To add a new user by hand, add a new line at the end
+of the file, filling in the appropriate information.</p>
+
+<p>The information you add needs to meet some requirements, or your new user may have
+problems logging in. First, make sure that the password field is an <var
+class="LITERAL">x</var>, and that both the user name and user ID is unique. Assign the
+user a group, either 100 (the &#8220;users&#8221; group in Slackware) or your default
+group (use its number, not its name). Give the user a valid home directory (which you'll
+create later) and shell (remember, valid shells are listed in <tt
+class="FILENAME">/etc/shells</tt>).</p>
+
+<p>Next, we'll need to add an entry in the /etc/shadow file, which holds the encrypted
+passwords. A typical entry looks like this:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="PROGRAMLISTING">
+chris:$1$w9bsw/N9$uwLr2bRER6YyBS.CAEp7R.:11055:0:99999:7:::
+</pre>
+</td>
+</tr>
+</table>
+
+<p>Again, each line is an entry for one person, with each field delimited by a colon. The
+fields are (in order) login name, encrypted password, days since the Epoch (January 1,
+1970) that the password was last changed, days before the password may be changed, days
+after which the password must be changed, days before password expiration that the user
+is notified, days after expiration that the account is disabled, days since the Epoch
+that the account is disabled, and a reserved field.</p>
+
+<p>As you can see, most of that is for account expiration information. If you aren't
+using expiration information, you only need to fill in a few fields with some special
+values. Otherwise, you'll need to do some calculations and decision making before you can
+fill those fields in. For a new user, just put some random garbage in the password field.
+Don't worry about what the password is right now, because you're going to change it in a
+minute. The only character you cannot include in the password field is a colon. Leave the
+&#8220;days since password was changed&#8221; field blank as well. Fill in <var
+class="LITERAL">0</var>, <var class="LITERAL">99999</var>, and <var
+class="LITERAL">7</var> just as you see in the example entry, and leave the other fields
+blank.</p>
+
+<p>(For those of you who think you see my encrypted password above and believe you've got
+a leg up on breaking into my system, go right ahead. If you can crack that password,
+you'll know the password to a firewalled test system. Now that's useful :) )</p>
+
+<p>All normal users are members of the &#8220;<tt class="USERNAME">users</tt>&#8221;
+group on a typical Slackware system. However, if you want to create a new group, or add
+the new user to additional groups, you'll need to modify the <tt
+class="FILENAME">/etc/group</tt> file. Here is a typical entry:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="PROGRAMLISTING">
+cvs::102:chris,logan,david,root
+</pre>
+</td>
+</tr>
+</table>
+
+<p>The fields are group name, group password, group ID, and group members, separated by
+commas. Creating a new group is a simple matter of adding a new line with a unique group
+ID, and listing all the users you want to be in the group. Any users that are in this new
+group and are logged in will have to log out and log back in for those changes to take
+effect.</p>
+
+<p>At this point, it might be a good idea to use the <tt class="COMMAND">pwck</tt> and
+<tt class="COMMAND">grpck</tt> commands to verify that the changes you've made are
+consistent. First, use <tt class="COMMAND">pwck -r</tt> and <tt class="COMMAND">grpck
+-r</tt>: the <var class="OPTION">-r</var> switch makes no changes, but lists the changes
+you would be asked to make if you ran the command without the switch. You can use this
+output to decide whether you need to further modify any files, to run <tt
+class="COMMAND">pwck</tt> or <tt class="COMMAND">grpck</tt> without the <var
+class="OPTION">-r</var> switch, or to simply leave your changes as they are.</p>
+
+<p>At this point, you should use the <tt class="COMMAND">passwd</tt> command to create a
+proper password for the user. Then, use <tt class="COMMAND">mkdir</tt> to create the new
+user's home directory in the location you entered into the <tt
+class="FILENAME">/etc/passwd</tt> file, and use <tt class="COMMAND">chown</tt> to change
+the owner of the new directory to the new user.</p>
+
+<p>Removing a user is a simple matter of deleting all of the entries that exist for that
+user. Remove the user's entry from <tt class="FILENAME">/etc/passwd</tt> and <tt
+class="FILENAME">/etc/shadow</tt>, and remove the login name from any groups in the <tt
+class="FILENAME">/etc/group</tt> file. If you wish, delete the user's home directory, the
+mail spool file, and his crontab entry (if they exist).</p>
+
+<p>Removing groups is similar: remove the group's entry from <tt
+class="FILENAME">/etc/group</tt>.</p>
+</div>
+
+<div class="NAVFOOTER">
+<hr align="LEFT" width="100%" />
+<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
+cellspacing="0">
+<tr>
+<td width="33%" align="left" valign="top"><a href="essential-sysadmin.html"
+accesskey="P">Prev</a></td>
+<td width="34%" align="center" valign="top"><a href="index.html"
+accesskey="H">Home</a></td>
+<td width="33%" align="right" valign="top"><a href="essential-sysadmin-shutdown.html"
+accesskey="N">Next</a></td>
+</tr>
+
+<tr>
+<td width="33%" align="left" valign="top">Essential System Administration</td>
+<td width="34%" align="center" valign="top"><a href="essential-sysadmin.html"
+accesskey="U">Up</a></td>
+<td width="33%" align="right" valign="top">Shutting Down Properly</td>
+</tr>
+</table>
+</div>
+</body>
+</html>
+