From 39366733c3fe943363566756e2e152c45a1b3cb2 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Fri, 25 May 2018 23:29:36 +0000 Subject: Fri May 25 23:29:36 UTC 2018 patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.2.txz: Rebuilt. Handle removal of US/Pacific-New timezone. If we see that the machine is using this, it will be automatically switched to US/Pacific. --- slackbook/html/essential-sysadmin-hardusers.html | 202 ----------------------- 1 file changed, 202 deletions(-) delete mode 100644 slackbook/html/essential-sysadmin-hardusers.html (limited to 'slackbook/html/essential-sysadmin-hardusers.html') diff --git a/slackbook/html/essential-sysadmin-hardusers.html b/slackbook/html/essential-sysadmin-hardusers.html deleted file mode 100644 index f9ad54488..000000000 --- a/slackbook/html/essential-sysadmin-hardusers.html +++ /dev/null @@ -1,202 +0,0 @@ - - - - -Users and Groups, the Hard Way - - - - - - - - - -
- - - - - - - - - - -
Slackware Linux Essentials
PrevChapter 12 Essential System -AdministrationNext
- -
-
- -
-

12.2 Users and Groups, the Hard Way

- -

Of course, it is possible to add, modify, and remove users and groups without using -the scripts and programs that come with Slackware. It's not really difficult, although -after reading this process, you'll probably find it much easier to use the scripts. -However, it's important to know how your password information is actually stored, in case -you ever need to recover this information and don't have the Slackware tools -available.

- -

First, we'll add a new user to the /etc/passwd(5), /etc/shadow(5), and /etc/group(5) files. -The passwd file holds some information about the users on your -system, but (strangely enough) not their passwords. This was once the case, but was -halted long ago for security reasons. The passwd file must be readable by all users, but -you don't want encrypted passwords world-readable, as would-be intruders can use the -encrypted passwords as a starting point for decrypting a user's password. Instead, the -encrypted passwords are kept in the shadow file, which is only readable by root, and -everyone's password is entered into the passwd file simply as -“x”. The group file -lists all the groups and who is in each.

- -

You can use the vipw command to edit the /etc/passwd file safely, and the vigr -command to edit the /etc/group file safely. Use vipw -s to edit the /etc/shadow file -safely. (“Safely” in this context means someone else won't be able to modify -the file you're editing at the moment. If you're the only administrator of your system, -you're probably safe, but it's best to get into good habits from the start.)

- -

Let's examine the /etc/passwd file and look at how to add a -new user. A typical entry in passwd looks like this:

- - - - - -
-
-chris:x:1000:100:Chris Lumens,Room 2,,:/home/chris:/bin/bash
-
-
- -

Each line is an entry for one user, and fields on each line are separated by a colon. -The fields are the login name, encrypted password (“x” for everyone on a Slackware system, since Slackware uses -shadow passwords), user ID, group ID, the optional finger information (separated by -commas), home directory, and shell. To add a new user by hand, add a new line at the end -of the file, filling in the appropriate information.

- -

The information you add needs to meet some requirements, or your new user may have -problems logging in. First, make sure that the password field is an x, and that both the user name and user ID is unique. Assign the -user a group, either 100 (the “users” group in Slackware) or your default -group (use its number, not its name). Give the user a valid home directory (which you'll -create later) and shell (remember, valid shells are listed in /etc/shells).

- -

Next, we'll need to add an entry in the /etc/shadow file, which holds the encrypted -passwords. A typical entry looks like this:

- - - - - -
-
-chris:$1$w9bsw/N9$uwLr2bRER6YyBS.CAEp7R.:11055:0:99999:7:::
-
-
- -

Again, each line is an entry for one person, with each field delimited by a colon. The -fields are (in order) login name, encrypted password, days since the Epoch (January 1, -1970) that the password was last changed, days before the password may be changed, days -after which the password must be changed, days before password expiration that the user -is notified, days after expiration that the account is disabled, days since the Epoch -that the account is disabled, and a reserved field.

- -

As you can see, most of that is for account expiration information. If you aren't -using expiration information, you only need to fill in a few fields with some special -values. Otherwise, you'll need to do some calculations and decision making before you can -fill those fields in. For a new user, just put some random garbage in the password field. -Don't worry about what the password is right now, because you're going to change it in a -minute. The only character you cannot include in the password field is a colon. Leave the -“days since password was changed” field blank as well. Fill in 0, 99999, and 7 just as you see in the example entry, and leave the other fields -blank.

- -

(For those of you who think you see my encrypted password above and believe you've got -a leg up on breaking into my system, go right ahead. If you can crack that password, -you'll know the password to a firewalled test system. Now that's useful :) )

- -

All normal users are members of the “users” -group on a typical Slackware system. However, if you want to create a new group, or add -the new user to additional groups, you'll need to modify the /etc/group file. Here is a typical entry:

- - - - - -
-
-cvs::102:chris,logan,david,root
-
-
- -

The fields are group name, group password, group ID, and group members, separated by -commas. Creating a new group is a simple matter of adding a new line with a unique group -ID, and listing all the users you want to be in the group. Any users that are in this new -group and are logged in will have to log out and log back in for those changes to take -effect.

- -

At this point, it might be a good idea to use the pwck and -grpck commands to verify that the changes you've made are -consistent. First, use pwck -r and grpck --r: the -r switch makes no changes, but lists the changes -you would be asked to make if you ran the command without the switch. You can use this -output to decide whether you need to further modify any files, to run pwck or grpck without the -r switch, or to simply leave your changes as they are.

- -

At this point, you should use the passwd command to create a -proper password for the user. Then, use mkdir to create the new -user's home directory in the location you entered into the /etc/passwd file, and use chown to change -the owner of the new directory to the new user.

- -

Removing a user is a simple matter of deleting all of the entries that exist for that -user. Remove the user's entry from /etc/passwd and /etc/shadow, and remove the login name from any groups in the /etc/group file. If you wish, delete the user's home directory, the -mail spool file, and his crontab entry (if they exist).

- -

Removing groups is similar: remove the group's entry from /etc/group.

-
- -
-
- - - - - - - - - - - - -
PrevHomeNext
Essential System AdministrationUpShutting Down Properly
-
- - - -- cgit v1.2.3