summaryrefslogtreecommitdiffstats
path: root/slackbook/html/essential-sysadmin.html
diff options
context:
space:
mode:
Diffstat (limited to 'slackbook/html/essential-sysadmin.html')
-rw-r--r--slackbook/html/essential-sysadmin.html524
1 files changed, 0 insertions, 524 deletions
diff --git a/slackbook/html/essential-sysadmin.html b/slackbook/html/essential-sysadmin.html
deleted file mode 100644
index 85e127ed..00000000
--- a/slackbook/html/essential-sysadmin.html
+++ /dev/null
@@ -1,524 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta name="generator" content="HTML Tidy, see www.w3.org" />
-<title>Essential System Administration</title>
-<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
-<link rel="HOME" title="Slackware Linux Essentials" href="index.html" />
-<link rel="PREVIOUS" title="top" href="process-control-top.html" />
-<link rel="NEXT" title="Users and Groups, the Hard Way"
-href="essential-sysadmin-hardusers.html" />
-<link rel="STYLESHEET" type="text/css" href="docbook.css" />
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-</head>
-<body class="CHAPTER" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
-alink="#0000FF">
-<div class="NAVHEADER">
-<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
-cellspacing="0">
-<tr>
-<th colspan="3" align="center">Slackware Linux Essentials</th>
-</tr>
-
-<tr>
-<td width="10%" align="left" valign="bottom"><a href="process-control-top.html"
-accesskey="P">Prev</a></td>
-<td width="80%" align="center" valign="bottom"></td>
-<td width="10%" align="right" valign="bottom"><a href="essential-sysadmin-hardusers.html"
-accesskey="N">Next</a></td>
-</tr>
-</table>
-
-<hr align="LEFT" width="100%" />
-</div>
-
-<div class="CHAPTER">
-<h1><a id="ESSENTIAL-SYSADMIN" name="ESSENTIAL-SYSADMIN"></a>Chapter 12 Essential System
-Administration</h1>
-
-<div class="TOC">
-<dl>
-<dt><b>Table of Contents</b></dt>
-
-<dt>12.1 <a href="essential-sysadmin.html#ESSENTIAL-SYSADMIN-USERS">Users and
-Groups</a></dt>
-
-<dt>12.2 <a href="essential-sysadmin-hardusers.html">Users and Groups, the Hard
-Way</a></dt>
-
-<dt>12.3 <a href="essential-sysadmin-shutdown.html">Shutting Down Properly</a></dt>
-</dl>
-</div>
-
-<p>Whoa whoa whoa whoa whoa.... I know what you're thinking. &#8220;I'm not a system
-administrator! I don't even want to be a system administrator!&#8221;</p>
-
-<p>Fact is, you are the administrator of any computers for which you have the <tt
-class="USERNAME">root</tt> password. This might be your desktop box with one or two
-users, or it might be a big server with several hundred. Regardless, you'll need to know
-how to manage users, and how to shut down the system safely. These tasks seem simple, but
-they have some quirks to keep in mind.</p>
-
-<div class="SECT1">
-<h1 class="SECT1"><a id="ESSENTIAL-SYSADMIN-USERS" name="ESSENTIAL-SYSADMIN-USERS">12.1
-Users and Groups</a></h1>
-
-<p>As mentioned in <a href="shell.html">Chapter 8</a>, you shouldn't normally use your
-system logged in as <tt class="USERNAME">root</tt>. Instead, you should create a normal
-user account for everyday use, and use the root account only for system administration
-tasks. To create a user, you can either use the tools supplied with Slackware, or you can
-edit the password files by hand.</p>
-
-<div class="SECT2">
-<h2 class="SECT2"><a id="ESSENTIAL-SYSADMIN-USERS-SCRIPTS"
-name="ESSENTIAL-SYSADMIN-USERS-SCRIPTS">12.1.1 Supplied Scripts</a></h2>
-
-<p>The easiest way to manage users and groups is with the supplied scripts and programs.
-Slackware includes the programs <tt class="COMMAND">adduser</tt>, <tt
-class="COMMAND">userdel</tt>(8), <tt class="COMMAND">chfn</tt>(1), <tt
-class="COMMAND">chsh</tt>(1), and <tt class="COMMAND">passwd</tt>(1) for dealing with
-users. The commands <tt class="COMMAND">groupadd</tt>(8), <tt
-class="COMMAND">groupdel</tt>(8), and <tt class="COMMAND">groupmod</tt>(8) are for
-dealing with groups. With the exception of <tt class="COMMAND">chfn</tt>, <tt
-class="COMMAND">chsh</tt>, and <tt class="COMMAND">passwd</tt>, these programs are
-generally only run as <tt class="USERNAME">root</tt>, and are therefore located in <tt
-class="FILENAME">/usr/sbin</tt>. <tt class="COMMAND">chfn</tt>, <tt
-class="COMMAND">chsh</tt>, and <tt class="COMMAND">passwd</tt> can be run by anyone, and
-are located in <tt class="FILENAME">/usr/bin</tt>.</p>
-
-<p>Users can be added with the <tt class="COMMAND">adduser</tt> program. We'll start out
-by going through the whole procedure, showing all the questions that are asked and a
-brief description of what everything means. The default answer is in the brackets, and
-can be chosen for almost all the questions, unless you really want to change
-something.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">adduser</kbd>
-Login name for new user []: jellyd
-</pre>
-</td>
-</tr>
-</table>
-
-<p>This is the name that the user will use to login. Traditionally, login names are eight
-characters or fewer, and all lowercase characters. (You may use more than eight
-characters, or use digits, but avoid doing so unless you have a fairly important
-reason.)</p>
-
-<p>You can also provide the login name as an argument on the command line:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">adduser jellyd</kbd>
-</pre>
-</td>
-</tr>
-</table>
-
-<p>In either case, after providing the login name, adduser will prompt for the user
-ID:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-User ID ('UID') [ defaults to next available ]:
-</pre>
-</td>
-</tr>
-</table>
-
-<p>The user ID (UID) is how ownerships are really determined in Linux. Each user has a
-unique number, starting at 1000 in Slackware. You can pick a UID for the new user, or you
-can just let adduser assign the user the next free one.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-Initial group [users]:
-</pre>
-</td>
-</tr>
-</table>
-
-<p>All users are placed into the <tt class="USERNAME">users</tt> group by default. You
-might want to place the new user into a different group, but it is not recommended unless
-you know what you're doing.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-Additional groups (comma separated) []:
-</pre>
-</td>
-</tr>
-</table>
-
-<p>This question allows you to place the new user into additional groups. It is possible
-for a user to be in several groups at the same time. This is useful if you have
-established groups for things like modifying web site files, playing games, and so on.
-For example, some sites define group <tt class="USERNAME">wheel</tt> as the only group
-that can use the <tt class="COMMAND">su</tt> command. Or, a default Slackware
-installation uses the <tt class="USERNAME">sys</tt> group for users authorized to play
-sounds through the internal sound card.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-Home directory [/home/jellyd]
-</pre>
-</td>
-</tr>
-</table>
-
-<p>Home directories default to being placed under <tt class="FILENAME">/home</tt>. If you
-run a very large system, it's possible that you have moved the home directories to a
-different location (or to many locations). This step allows you to specify where the
-user's home directory will be.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-Shell [ /bin/bash ]
-</pre>
-</td>
-</tr>
-</table>
-
-<p><tt class="COMMAND">bash</tt> is the default shell for Slackware Linux, and will be
-fine for most people. If your new user comes from a Unix background, they may be familiar
-with a different shell. You can change their shell now, or they can change it themselves
-later using the <tt class="COMMAND">chsh</tt> command.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-Expiry date (YYYY-MM-DD) []:
-</pre>
-</td>
-</tr>
-</table>
-
-<p>Accounts can be set up to expire on a specified date. By default, there is no
-expiration date. You can change that, if you'd like. This option might be useful for
-people running an ISP who might want to make an account expire upon a certain date,
-unless they receive the next year's payment.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-New account will be created as follows:
----------------------------------------
-Login name: jellyd
-UID: [ Next available ]
-Initial group: users
-Additional groups: [ None ]
-Home directory: /home/jellyd
-Shell: /bin/bash
-Expiry date: [ Never ]
-</pre>
-</td>
-</tr>
-</table>
-
-<p>This is it... if you want to bail out, hit <b class="KEYCAP">Control</b>+<b
-class="KEYCAP">C</b>. Otherwise, press <kbd class="USERINPUT">ENTER</kbd> to go ahead and
-make the account.</p>
-
-<p>You now see all the information that you've entered about the new account and are
-given the opportunity to abort the account creation. If you entered something
-incorrectly, you should hit <b class="KEYCAP">Control</b>+<b class="KEYCAP">C</b> and
-start over. Otherwise, you can hit <kbd class="USERINPUT">enter</kbd> and the account
-will be made.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-Creating new account...
-
-Changing the user information for jellyd
-Enter the new value, or press return for the default
- Full Name []: Jeremy
- Room Number []: Smith 130
- Work Phone []:
- Home Phone []:
- Other []:
-</pre>
-</td>
-</tr>
-</table>
-
-<p>All of this information is optional. You don't have to enter any of this if you don't
-want to, and the user can change it at any time using <tt class="COMMAND">chfn</tt>.
-However, you might find it helpful to enter at least the full name and a phone number, in
-case you need to get in touch with the person later.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-Changing password for jellyd
-Enter the new password (minimum of 5, maximum of 127 characters)
-Please use a combination of upper and lower case letters and numbers.
-New password:
-Re-enter new password:
-Password changed.
-
-Account setup complete.
-</pre>
-</td>
-</tr>
-</table>
-
-<p>You'll have to enter a password for the new user. Generally, if the new user is not
-physically present at this point, you'll just pick some default password and tell the
-user to change it to something more secure.</p>
-
-<div class="NOTE">
-<table class="NOTE" width="100%" border="0">
-<tr>
-<td width="25" align="CENTER" valign="TOP"><img src="./imagelib/admon/note.png"
-hspace="5" alt="Note" /></td>
-<td align="LEFT" valign="TOP">
-<p><span class="emphasis"><i class="EMPHASIS">Choosing a Password</i></span>: Having a
-secure password is the first line of defense against getting cracked. You do not want to
-have an easily guessed password, because that makes it easier for someone to break into
-your system. Ideally, a secure password would be a random string of characters, including
-upper and lowercase letters, numbers, and random characters. (A tab character might not
-be a wise choice, depending on what kinds of computers you'll be logging in from.) There
-are many software packages that can generate random passwords for you; search the
-Internet for these utilities.</p>
-
-<p>In general, just use common sense: don't pick a password that is someone's birthday, a
-common phrase, something found on your desk, or anything that is easily associated with
-you. A password like &#8220;secure1&#8221; or any other password you see in print or
-online is also bad.</p>
-</td>
-</tr>
-</table>
-</div>
-
-<p>Removing users is not difficult at all. Just run <tt class="COMMAND">userdel</tt> with
-the name of the account to remove. You should verify that the user is not logged in, and
-that no processes are running as that user. Also, remember that once you've deleted the
-user, all of that user's password information is gone permanently.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">userdel jellyd</kbd>
-</pre>
-</td>
-</tr>
-</table>
-
-<p>This command removes that annoying <tt class="USERNAME">jellyd</tt> user from your
-system. Good riddance! :) The user is removed from the <tt
-class="FILENAME">/etc/passwd</tt>, <tt class="FILENAME">/etc/shadow</tt>, and <tt
-class="FILENAME">/etc/group</tt> files, but doesn't remove the user's home directory.</p>
-
-<p>If you'd wanted to remove the home directory as well, you would instead use this
-command:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">userdel -r jellyd</kbd>
-</pre>
-</td>
-</tr>
-</table>
-
-<p>Temporarily disabling an account will be covered in the next section on passwords,
-since a temporary change involves changing the user's password. Changing other account
-information is covered in <a
-href="essential-sysadmin.html#ESSENTIAL-SYSADMIN-USERS-CHANGING">Section 12.1.3</a>.</p>
-
-<p>The programs to add and remove groups are very simple. <tt
-class="COMMAND">groupadd</tt> will just add another entry to the <tt
-class="FILENAME">/etc/group</tt> file with a unique group ID, while <tt
-class="COMMAND">groupdel</tt> will remove the specified group. It is up to you to edit
-<tt class="FILENAME">/etc/group</tt> to add users to a specific group. For example, to
-add a group called <tt class="USERNAME">cvs</tt>:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">groupadd cvs</kbd>
-</pre>
-</td>
-</tr>
-</table>
-
-<p>And to remove it:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">groupdel cvs</kbd>
-</pre>
-</td>
-</tr>
-</table>
-</div>
-
-<div class="SECT2">
-<h2 class="SECT2"><a id="ESSENTIAL-SYSADMIN-USERS-PASSWDS"
-name="ESSENTIAL-SYSADMIN-USERS-PASSWDS">12.1.2 Changing Passwords</a></h2>
-
-<p>The <tt class="COMMAND">passwd</tt> program changes passwords by modifying the <tt
-class="FILENAME">/etc/shadow</tt> file. This file holds all the passwords for the system
-in an encrypted format. In order to change your own password, you would type:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">%</samp> <kbd class="USERINPUT">passwd</kbd>
-Changing password for chris
-Old password:
-Enter the new password (minumum of 5, maximum of 127 characters)
-Please use a combination of upper and lower case letters and numbers.
-New password:
-</pre>
-</td>
-</tr>
-</table>
-
-<p>As you can see, you are prompted to enter your old password. It won't appear on the
-screen as you type it, just like when you log in. Then, you are prompted to enter the new
-password. <tt class="COMMAND">passwd</tt> performs a lot of checks on your new password,
-and it will complain if your new password doesn't pass its checks. You can ignore its
-warnings if you want. You will be prompted to enter your new password a second time for
-confirmation.</p>
-
-<p>If you are <tt class="USERNAME">root</tt>, you can also change another user's
-password:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">passwd ted</kbd>
-</pre>
-</td>
-</tr>
-</table>
-
-<p>You will then have to go through the same procedure as above, except that you won't
-have to enter the user's old password. (One of the many benefits of being <tt
-class="USERNAME">root</tt>...)</p>
-
-<p>If needed, you can also temporarily disable an account, and reenable it at a later
-time if needed. Both disabling an account and reenabling an account can be done with <tt
-class="COMMAND">passwd</tt>. To disable an account, do the following as <tt
-class="USERNAME">root</tt>:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">passwd -l david</kbd>
-</pre>
-</td>
-</tr>
-</table>
-
-<p>This will change david's password to something that can never match any encrypted
-value. You would reenable the account by using:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">passwd -u david</kbd>
-</pre>
-</td>
-</tr>
-</table>
-
-<p>Now, david's account is back to normal. Disabling an account might be useful if the
-user doesn't play by the rules you've set up on your system, or if they've exported a
-very large copy of <tt class="COMMAND">xeyes</tt>(1) to your X desktop.</p>
-</div>
-
-<div class="SECT2">
-<h2 class="SECT2"><a id="ESSENTIAL-SYSADMIN-USERS-CHANGING"
-name="ESSENTIAL-SYSADMIN-USERS-CHANGING">12.1.3 Changing User Information</a></h2>
-
-<p>There are two pieces of information that users can change at any time: their shell and
-their finger information. Slackware Linux uses <tt class="COMMAND">chsh</tt> (change
-shell) and <tt class="COMMAND">chfn</tt> (change finger) to modify these values.</p>
-
-<p>A user can pick any shell that is listed in the <tt class="FILENAME">/etc/shells</tt>
-file. For most people, <tt class="COMMAND">/bin/bash</tt> will do just fine. Others might
-be familiar with a shell found on their system at work or school and want to use what
-they already know. To change your shell, use <tt class="COMMAND">chsh</tt>:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chsh</kbd>
-Password:
-Changing the login shell for chris
-Enter the new value, or press return for the default
- Login Shell [/bin/bash]:
-</pre>
-</td>
-</tr>
-</table>
-
-<p>After entering your password, enter the full path to the new shell. Make sure that
-it's listed in the <tt class="FILENAME">/etc/shells</tt>(5) file first. The <tt
-class="USERNAME">root</tt> user can also change any user's shell by running <tt
-class="COMMAND">chsh</tt> with a username as the argument.</p>
-
-<p>The finger information is the optional information such as your full name, phone
-numbers, and room number. This can be changed using <tt class="COMMAND">chfn</tt>, and
-follows the same procedure as it did during account creation. As usual, <tt
-class="USERNAME">root</tt> can change anyone's finger information.</p>
-</div>
-</div>
-</div>
-
-<div class="NAVFOOTER">
-<hr align="LEFT" width="100%" />
-<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
-cellspacing="0">
-<tr>
-<td width="33%" align="left" valign="top"><a href="process-control-top.html"
-accesskey="P">Prev</a></td>
-<td width="34%" align="center" valign="top"><a href="index.html"
-accesskey="H">Home</a></td>
-<td width="33%" align="right" valign="top"><a href="essential-sysadmin-hardusers.html"
-accesskey="N">Next</a></td>
-</tr>
-
-<tr>
-<td width="33%" align="left" valign="top"><tt class="COMMAND">top</tt></td>
-<td width="34%" align="center" valign="top">&nbsp;</td>
-<td width="33%" align="right" valign="top">Users and Groups, the Hard Way</td>
-</tr>
-</table>
-</div>
-</body>
-</html>
-