7.2.3.3. /etc/passwd
The format of /etc/passwd can be obtained by reading the passwd(5) manpage. We can easily create a
user account by adding a line like "root::0:0:superuser:/root:/bin/sh" to the file.
Maintaining passwords will be somewhat challenging because of the system being loaded into ramdisk. Any
changes to /etc/passwd will be lost when the system is shutdown. So to make things easy, we will create
all users with null passwords.
7.2.3.4. /etc/group
The structure of /etc/group is available from the group(5) manpage. A line of "root::0:root" would define
a group called "root" with no password, a group id of zero and the user root assigned to it as the only member.
7.2.3.5. Conventions
User and group names and id's are generally not chosen at random. Most Linux systems have very similar
looking /etc/passwd and /etc/group files. Definitions for commonly used user id and group id
assignments may be found in one of several places:
The /etc/passwd and /etc/group files on any popular GNU/Linux distribution.•
The Debian Policy Manual −− available online at http://www.debian.org/doc/debian−policy.•
The Linux Standard Base specification −− downloadable in many formats from
http://www.linuxbase.org/spec/index.shtml.
•
Essential System Administration, 3rd Edition by Aeleen Frisch −− available at libraries, bookstores or
directly from O'Reilly Publishing at http://www.oreilly.com/.
•
7.2.4. Dependencies
Running ldd on the login program from util−linux will reveal that it is linked to the libraries
libcrypt.so.1, libc.so.6 and ld−linux.so.2. In addition to these libraries there is another,
unseen dependency on libnss_files.so.2 and the configuration file /etc/nsswitch.conf.
The name service switch library libnss_files.so.2 and nsswitch.conf are required for
libc.so.6, and consequently the login program, to access the /etc/passwd file. Without libnss and
its configuration file, all logins will mysteriously fail. More information about glibc's use of the name service
switch libraries can be found at
http://www.gnu.org/software/libc/manual/html_node/Name−Service−Switch.html.
7.2.5. Assigning ownership and permissions
Previously, with the single user system, there was no need to worry about permissions when installing
directories, files and device nodes. The shell was effectively operating as root, so everything was accessible.
Things become more complex with the addition of multiple user capability. Now we need to make sure that
every user has access to what they need and at the same time gets blocked from what they do not need.
A good guideline for assigning ownership and permissions would be to give the minimum level of access
required. Take the /bin directory as an example. The Filesystem Hierarchy (FHS) document says, "/bin
Pocket Linux Guide
Chapter 7. Enabling Multiple Users 36
To Next Page
Loading...
General