summaryrefslogtreecommitdiff
path: root/slackbook/html/essential-sysadmin.html
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2011-04-25 13:37:00 +0000
committerEric Hameleers <alien@slackware.com>2018-05-31 22:45:18 +0200
commit75a4a592e5ccda30715f93563d741b83e0dcf39e (patch)
tree502f745607e77a2c4386ad38d818ddcafe81489c /slackbook/html/essential-sysadmin.html
parentb76270bf9e6dd375e495fec92140a79a79415d27 (diff)
downloadcurrent-75a4a592e5ccda30715f93563d741b83e0dcf39e.tar.gz
Slackware 13.37slackware-13.37
Mon Apr 25 13:37:00 UTC 2011 Slackware 13.37 x86_64 stable is released! Thanks to everyone who pitched in on this release: the Slackware team, the folks producing upstream code, and linuxquestions.org for providing a great forum for collaboration and testing. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. As always, thanks to the Slackware community for testing, suggestions, and feedback. :-) Have fun!
Diffstat (limited to 'slackbook/html/essential-sysadmin.html')
-rw-r--r--slackbook/html/essential-sysadmin.html524
1 files changed, 524 insertions, 0 deletions
diff --git a/slackbook/html/essential-sysadmin.html b/slackbook/html/essential-sysadmin.html
new file mode 100644
index 00000000..85e127ed
--- /dev/null
+++ b/slackbook/html/essential-sysadmin.html
@@ -0,0 +1,524 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content="HTML Tidy, see www.w3.org" />
+<title>Essential System Administration</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
+<link rel="HOME" title="Slackware Linux Essentials" href="index.html" />
+<link rel="PREVIOUS" title="top" href="process-control-top.html" />
+<link rel="NEXT" title="Users and Groups, the Hard Way"
+href="essential-sysadmin-hardusers.html" />
+<link rel="STYLESHEET" type="text/css" href="docbook.css" />
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+</head>
+<body class="CHAPTER" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
+alink="#0000FF">
+<div class="NAVHEADER">
+<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
+cellspacing="0">
+<tr>
+<th colspan="3" align="center">Slackware Linux Essentials</th>
+</tr>
+
+<tr>
+<td width="10%" align="left" valign="bottom"><a href="process-control-top.html"
+accesskey="P">Prev</a></td>
+<td width="80%" align="center" valign="bottom"></td>
+<td width="10%" align="right" valign="bottom"><a href="essential-sysadmin-hardusers.html"
+accesskey="N">Next</a></td>
+</tr>
+</table>
+
+<hr align="LEFT" width="100%" />
+</div>
+
+<div class="CHAPTER">
+<h1><a id="ESSENTIAL-SYSADMIN" name="ESSENTIAL-SYSADMIN"></a>Chapter 12 Essential System
+Administration</h1>
+
+<div class="TOC">
+<dl>
+<dt><b>Table of Contents</b></dt>
+
+<dt>12.1 <a href="essential-sysadmin.html#ESSENTIAL-SYSADMIN-USERS">Users and
+Groups</a></dt>
+
+<dt>12.2 <a href="essential-sysadmin-hardusers.html">Users and Groups, the Hard
+Way</a></dt>
+
+<dt>12.3 <a href="essential-sysadmin-shutdown.html">Shutting Down Properly</a></dt>
+</dl>
+</div>
+
+<p>Whoa whoa whoa whoa whoa.... I know what you're thinking. &#8220;I'm not a system
+administrator! I don't even want to be a system administrator!&#8221;</p>
+
+<p>Fact is, you are the administrator of any computers for which you have the <tt
+class="USERNAME">root</tt> password. This might be your desktop box with one or two
+users, or it might be a big server with several hundred. Regardless, you'll need to know
+how to manage users, and how to shut down the system safely. These tasks seem simple, but
+they have some quirks to keep in mind.</p>
+
+<div class="SECT1">
+<h1 class="SECT1"><a id="ESSENTIAL-SYSADMIN-USERS" name="ESSENTIAL-SYSADMIN-USERS">12.1
+Users and Groups</a></h1>
+
+<p>As mentioned in <a href="shell.html">Chapter 8</a>, you shouldn't normally use your
+system logged in as <tt class="USERNAME">root</tt>. Instead, you should create a normal
+user account for everyday use, and use the root account only for system administration
+tasks. To create a user, you can either use the tools supplied with Slackware, or you can
+edit the password files by hand.</p>
+
+<div class="SECT2">
+<h2 class="SECT2"><a id="ESSENTIAL-SYSADMIN-USERS-SCRIPTS"
+name="ESSENTIAL-SYSADMIN-USERS-SCRIPTS">12.1.1 Supplied Scripts</a></h2>
+
+<p>The easiest way to manage users and groups is with the supplied scripts and programs.
+Slackware includes the programs <tt class="COMMAND">adduser</tt>, <tt
+class="COMMAND">userdel</tt>(8), <tt class="COMMAND">chfn</tt>(1), <tt
+class="COMMAND">chsh</tt>(1), and <tt class="COMMAND">passwd</tt>(1) for dealing with
+users. The commands <tt class="COMMAND">groupadd</tt>(8), <tt
+class="COMMAND">groupdel</tt>(8), and <tt class="COMMAND">groupmod</tt>(8) are for
+dealing with groups. With the exception of <tt class="COMMAND">chfn</tt>, <tt
+class="COMMAND">chsh</tt>, and <tt class="COMMAND">passwd</tt>, these programs are
+generally only run as <tt class="USERNAME">root</tt>, and are therefore located in <tt
+class="FILENAME">/usr/sbin</tt>. <tt class="COMMAND">chfn</tt>, <tt
+class="COMMAND">chsh</tt>, and <tt class="COMMAND">passwd</tt> can be run by anyone, and
+are located in <tt class="FILENAME">/usr/bin</tt>.</p>
+
+<p>Users can be added with the <tt class="COMMAND">adduser</tt> program. We'll start out
+by going through the whole procedure, showing all the questions that are asked and a
+brief description of what everything means. The default answer is in the brackets, and
+can be chosen for almost all the questions, unless you really want to change
+something.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">#</samp> <kbd class="USERINPUT">adduser</kbd>
+Login name for new user []: jellyd
+</pre>
+</td>
+</tr>
+</table>
+
+<p>This is the name that the user will use to login. Traditionally, login names are eight
+characters or fewer, and all lowercase characters. (You may use more than eight
+characters, or use digits, but avoid doing so unless you have a fairly important
+reason.)</p>
+
+<p>You can also provide the login name as an argument on the command line:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">#</samp> <kbd class="USERINPUT">adduser jellyd</kbd>
+</pre>
+</td>
+</tr>
+</table>
+
+<p>In either case, after providing the login name, adduser will prompt for the user
+ID:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+User ID ('UID') [ defaults to next available ]:
+</pre>
+</td>
+</tr>
+</table>
+
+<p>The user ID (UID) is how ownerships are really determined in Linux. Each user has a
+unique number, starting at 1000 in Slackware. You can pick a UID for the new user, or you
+can just let adduser assign the user the next free one.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+Initial group [users]:
+</pre>
+</td>
+</tr>
+</table>
+
+<p>All users are placed into the <tt class="USERNAME">users</tt> group by default. You
+might want to place the new user into a different group, but it is not recommended unless
+you know what you're doing.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+Additional groups (comma separated) []:
+</pre>
+</td>
+</tr>
+</table>
+
+<p>This question allows you to place the new user into additional groups. It is possible
+for a user to be in several groups at the same time. This is useful if you have
+established groups for things like modifying web site files, playing games, and so on.
+For example, some sites define group <tt class="USERNAME">wheel</tt> as the only group
+that can use the <tt class="COMMAND">su</tt> command. Or, a default Slackware
+installation uses the <tt class="USERNAME">sys</tt> group for users authorized to play
+sounds through the internal sound card.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+Home directory [/home/jellyd]
+</pre>
+</td>
+</tr>
+</table>
+
+<p>Home directories default to being placed under <tt class="FILENAME">/home</tt>. If you
+run a very large system, it's possible that you have moved the home directories to a
+different location (or to many locations). This step allows you to specify where the
+user's home directory will be.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+Shell [ /bin/bash ]
+</pre>
+</td>
+</tr>
+</table>
+
+<p><tt class="COMMAND">bash</tt> is the default shell for Slackware Linux, and will be
+fine for most people. If your new user comes from a Unix background, they may be familiar
+with a different shell. You can change their shell now, or they can change it themselves
+later using the <tt class="COMMAND">chsh</tt> command.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+Expiry date (YYYY-MM-DD) []:
+</pre>
+</td>
+</tr>
+</table>
+
+<p>Accounts can be set up to expire on a specified date. By default, there is no
+expiration date. You can change that, if you'd like. This option might be useful for
+people running an ISP who might want to make an account expire upon a certain date,
+unless they receive the next year's payment.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+New account will be created as follows:
+---------------------------------------
+Login name: jellyd
+UID: [ Next available ]
+Initial group: users
+Additional groups: [ None ]
+Home directory: /home/jellyd
+Shell: /bin/bash
+Expiry date: [ Never ]
+</pre>
+</td>
+</tr>
+</table>
+
+<p>This is it... if you want to bail out, hit <b class="KEYCAP">Control</b>+<b
+class="KEYCAP">C</b>. Otherwise, press <kbd class="USERINPUT">ENTER</kbd> to go ahead and
+make the account.</p>
+
+<p>You now see all the information that you've entered about the new account and are
+given the opportunity to abort the account creation. If you entered something
+incorrectly, you should hit <b class="KEYCAP">Control</b>+<b class="KEYCAP">C</b> and
+start over. Otherwise, you can hit <kbd class="USERINPUT">enter</kbd> and the account
+will be made.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+Creating new account...
+
+Changing the user information for jellyd
+Enter the new value, or press return for the default
+ Full Name []: Jeremy
+ Room Number []: Smith 130
+ Work Phone []:
+ Home Phone []:
+ Other []:
+</pre>
+</td>
+</tr>
+</table>
+
+<p>All of this information is optional. You don't have to enter any of this if you don't
+want to, and the user can change it at any time using <tt class="COMMAND">chfn</tt>.
+However, you might find it helpful to enter at least the full name and a phone number, in
+case you need to get in touch with the person later.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+Changing password for jellyd
+Enter the new password (minimum of 5, maximum of 127 characters)
+Please use a combination of upper and lower case letters and numbers.
+New password:
+Re-enter new password:
+Password changed.
+
+Account setup complete.
+</pre>
+</td>
+</tr>
+</table>
+
+<p>You'll have to enter a password for the new user. Generally, if the new user is not
+physically present at this point, you'll just pick some default password and tell the
+user to change it to something more secure.</p>
+
+<div class="NOTE">
+<table class="NOTE" width="100%" border="0">
+<tr>
+<td width="25" align="CENTER" valign="TOP"><img src="./imagelib/admon/note.png"
+hspace="5" alt="Note" /></td>
+<td align="LEFT" valign="TOP">
+<p><span class="emphasis"><i class="EMPHASIS">Choosing a Password</i></span>: Having a
+secure password is the first line of defense against getting cracked. You do not want to
+have an easily guessed password, because that makes it easier for someone to break into
+your system. Ideally, a secure password would be a random string of characters, including
+upper and lowercase letters, numbers, and random characters. (A tab character might not
+be a wise choice, depending on what kinds of computers you'll be logging in from.) There
+are many software packages that can generate random passwords for you; search the
+Internet for these utilities.</p>
+
+<p>In general, just use common sense: don't pick a password that is someone's birthday, a
+common phrase, something found on your desk, or anything that is easily associated with
+you. A password like &#8220;secure1&#8221; or any other password you see in print or
+online is also bad.</p>
+</td>
+</tr>
+</table>
+</div>
+
+<p>Removing users is not difficult at all. Just run <tt class="COMMAND">userdel</tt> with
+the name of the account to remove. You should verify that the user is not logged in, and
+that no processes are running as that user. Also, remember that once you've deleted the
+user, all of that user's password information is gone permanently.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">#</samp> <kbd class="USERINPUT">userdel jellyd</kbd>
+</pre>
+</td>
+</tr>
+</table>
+
+<p>This command removes that annoying <tt class="USERNAME">jellyd</tt> user from your
+system. Good riddance! :) The user is removed from the <tt
+class="FILENAME">/etc/passwd</tt>, <tt class="FILENAME">/etc/shadow</tt>, and <tt
+class="FILENAME">/etc/group</tt> files, but doesn't remove the user's home directory.</p>
+
+<p>If you'd wanted to remove the home directory as well, you would instead use this
+command:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">#</samp> <kbd class="USERINPUT">userdel -r jellyd</kbd>
+</pre>
+</td>
+</tr>
+</table>
+
+<p>Temporarily disabling an account will be covered in the next section on passwords,
+since a temporary change involves changing the user's password. Changing other account
+information is covered in <a
+href="essential-sysadmin.html#ESSENTIAL-SYSADMIN-USERS-CHANGING">Section 12.1.3</a>.</p>
+
+<p>The programs to add and remove groups are very simple. <tt
+class="COMMAND">groupadd</tt> will just add another entry to the <tt
+class="FILENAME">/etc/group</tt> file with a unique group ID, while <tt
+class="COMMAND">groupdel</tt> will remove the specified group. It is up to you to edit
+<tt class="FILENAME">/etc/group</tt> to add users to a specific group. For example, to
+add a group called <tt class="USERNAME">cvs</tt>:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">#</samp> <kbd class="USERINPUT">groupadd cvs</kbd>
+</pre>
+</td>
+</tr>
+</table>
+
+<p>And to remove it:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">#</samp> <kbd class="USERINPUT">groupdel cvs</kbd>
+</pre>
+</td>
+</tr>
+</table>
+</div>
+
+<div class="SECT2">
+<h2 class="SECT2"><a id="ESSENTIAL-SYSADMIN-USERS-PASSWDS"
+name="ESSENTIAL-SYSADMIN-USERS-PASSWDS">12.1.2 Changing Passwords</a></h2>
+
+<p>The <tt class="COMMAND">passwd</tt> program changes passwords by modifying the <tt
+class="FILENAME">/etc/shadow</tt> file. This file holds all the passwords for the system
+in an encrypted format. In order to change your own password, you would type:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">passwd</kbd>
+Changing password for chris
+Old password:
+Enter the new password (minumum of 5, maximum of 127 characters)
+Please use a combination of upper and lower case letters and numbers.
+New password:
+</pre>
+</td>
+</tr>
+</table>
+
+<p>As you can see, you are prompted to enter your old password. It won't appear on the
+screen as you type it, just like when you log in. Then, you are prompted to enter the new
+password. <tt class="COMMAND">passwd</tt> performs a lot of checks on your new password,
+and it will complain if your new password doesn't pass its checks. You can ignore its
+warnings if you want. You will be prompted to enter your new password a second time for
+confirmation.</p>
+
+<p>If you are <tt class="USERNAME">root</tt>, you can also change another user's
+password:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">#</samp> <kbd class="USERINPUT">passwd ted</kbd>
+</pre>
+</td>
+</tr>
+</table>
+
+<p>You will then have to go through the same procedure as above, except that you won't
+have to enter the user's old password. (One of the many benefits of being <tt
+class="USERNAME">root</tt>...)</p>
+
+<p>If needed, you can also temporarily disable an account, and reenable it at a later
+time if needed. Both disabling an account and reenabling an account can be done with <tt
+class="COMMAND">passwd</tt>. To disable an account, do the following as <tt
+class="USERNAME">root</tt>:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">#</samp> <kbd class="USERINPUT">passwd -l david</kbd>
+</pre>
+</td>
+</tr>
+</table>
+
+<p>This will change david's password to something that can never match any encrypted
+value. You would reenable the account by using:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">#</samp> <kbd class="USERINPUT">passwd -u david</kbd>
+</pre>
+</td>
+</tr>
+</table>
+
+<p>Now, david's account is back to normal. Disabling an account might be useful if the
+user doesn't play by the rules you've set up on your system, or if they've exported a
+very large copy of <tt class="COMMAND">xeyes</tt>(1) to your X desktop.</p>
+</div>
+
+<div class="SECT2">
+<h2 class="SECT2"><a id="ESSENTIAL-SYSADMIN-USERS-CHANGING"
+name="ESSENTIAL-SYSADMIN-USERS-CHANGING">12.1.3 Changing User Information</a></h2>
+
+<p>There are two pieces of information that users can change at any time: their shell and
+their finger information. Slackware Linux uses <tt class="COMMAND">chsh</tt> (change
+shell) and <tt class="COMMAND">chfn</tt> (change finger) to modify these values.</p>
+
+<p>A user can pick any shell that is listed in the <tt class="FILENAME">/etc/shells</tt>
+file. For most people, <tt class="COMMAND">/bin/bash</tt> will do just fine. Others might
+be familiar with a shell found on their system at work or school and want to use what
+they already know. To change your shell, use <tt class="COMMAND">chsh</tt>:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chsh</kbd>
+Password:
+Changing the login shell for chris
+Enter the new value, or press return for the default
+ Login Shell [/bin/bash]:
+</pre>
+</td>
+</tr>
+</table>
+
+<p>After entering your password, enter the full path to the new shell. Make sure that
+it's listed in the <tt class="FILENAME">/etc/shells</tt>(5) file first. The <tt
+class="USERNAME">root</tt> user can also change any user's shell by running <tt
+class="COMMAND">chsh</tt> with a username as the argument.</p>
+
+<p>The finger information is the optional information such as your full name, phone
+numbers, and room number. This can be changed using <tt class="COMMAND">chfn</tt>, and
+follows the same procedure as it did during account creation. As usual, <tt
+class="USERNAME">root</tt> can change anyone's finger information.</p>
+</div>
+</div>
+</div>
+
+<div class="NAVFOOTER">
+<hr align="LEFT" width="100%" />
+<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
+cellspacing="0">
+<tr>
+<td width="33%" align="left" valign="top"><a href="process-control-top.html"
+accesskey="P">Prev</a></td>
+<td width="34%" align="center" valign="top"><a href="index.html"
+accesskey="H">Home</a></td>
+<td width="33%" align="right" valign="top"><a href="essential-sysadmin-hardusers.html"
+accesskey="N">Next</a></td>
+</tr>
+
+<tr>
+<td width="33%" align="left" valign="top"><tt class="COMMAND">top</tt></td>
+<td width="34%" align="center" valign="top">&nbsp;</td>
+<td width="33%" align="right" valign="top">Users and Groups, the Hard Way</td>
+</tr>
+</table>
+</div>
+</body>
+</html>
+