diff options
Diffstat (limited to 'misc/slackbook/html/essential-sysadmin.html')
| -rw-r--r-- | misc/slackbook/html/essential-sysadmin.html | 524 |
1 files changed, 524 insertions, 0 deletions
diff --git a/misc/slackbook/html/essential-sysadmin.html b/misc/slackbook/html/essential-sysadmin.html new file mode 100644 index 00000000..85e127ed --- /dev/null +++ b/misc/slackbook/html/essential-sysadmin.html @@ -0,0 +1,524 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<meta name="generator" content="HTML Tidy, see www.w3.org" /> +<title>Essential System Administration</title> +<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" /> +<link rel="HOME" title="Slackware Linux Essentials" href="index.html" /> +<link rel="PREVIOUS" title="top" href="process-control-top.html" /> +<link rel="NEXT" title="Users and Groups, the Hard Way" +href="essential-sysadmin-hardusers.html" /> +<link rel="STYLESHEET" type="text/css" href="docbook.css" /> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> +</head> +<body class="CHAPTER" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084" +alink="#0000FF"> +<div class="NAVHEADER"> +<table summary="Header navigation table" width="100%" border="0" cellpadding="0" +cellspacing="0"> +<tr> +<th colspan="3" align="center">Slackware Linux Essentials</th> +</tr> + +<tr> +<td width="10%" align="left" valign="bottom"><a href="process-control-top.html" +accesskey="P">Prev</a></td> +<td width="80%" align="center" valign="bottom"></td> +<td width="10%" align="right" valign="bottom"><a href="essential-sysadmin-hardusers.html" +accesskey="N">Next</a></td> +</tr> +</table> + +<hr align="LEFT" width="100%" /> +</div> + +<div class="CHAPTER"> +<h1><a id="ESSENTIAL-SYSADMIN" name="ESSENTIAL-SYSADMIN"></a>Chapter 12 Essential System +Administration</h1> + +<div class="TOC"> +<dl> +<dt><b>Table of Contents</b></dt> + +<dt>12.1 <a href="essential-sysadmin.html#ESSENTIAL-SYSADMIN-USERS">Users and +Groups</a></dt> + +<dt>12.2 <a href="essential-sysadmin-hardusers.html">Users and Groups, the Hard +Way</a></dt> + +<dt>12.3 <a href="essential-sysadmin-shutdown.html">Shutting Down Properly</a></dt> +</dl> +</div> + +<p>Whoa whoa whoa whoa whoa.... I know what you're thinking. “I'm not a system +administrator! I don't even want to be a system administrator!”</p> + +<p>Fact is, you are the administrator of any computers for which you have the <tt +class="USERNAME">root</tt> password. This might be your desktop box with one or two +users, or it might be a big server with several hundred. Regardless, you'll need to know +how to manage users, and how to shut down the system safely. These tasks seem simple, but +they have some quirks to keep in mind.</p> + +<div class="SECT1"> +<h1 class="SECT1"><a id="ESSENTIAL-SYSADMIN-USERS" name="ESSENTIAL-SYSADMIN-USERS">12.1 +Users and Groups</a></h1> + +<p>As mentioned in <a href="shell.html">Chapter 8</a>, you shouldn't normally use your +system logged in as <tt class="USERNAME">root</tt>. Instead, you should create a normal +user account for everyday use, and use the root account only for system administration +tasks. To create a user, you can either use the tools supplied with Slackware, or you can +edit the password files by hand.</p> + +<div class="SECT2"> +<h2 class="SECT2"><a id="ESSENTIAL-SYSADMIN-USERS-SCRIPTS" +name="ESSENTIAL-SYSADMIN-USERS-SCRIPTS">12.1.1 Supplied Scripts</a></h2> + +<p>The easiest way to manage users and groups is with the supplied scripts and programs. +Slackware includes the programs <tt class="COMMAND">adduser</tt>, <tt +class="COMMAND">userdel</tt>(8), <tt class="COMMAND">chfn</tt>(1), <tt +class="COMMAND">chsh</tt>(1), and <tt class="COMMAND">passwd</tt>(1) for dealing with +users. The commands <tt class="COMMAND">groupadd</tt>(8), <tt +class="COMMAND">groupdel</tt>(8), and <tt class="COMMAND">groupmod</tt>(8) are for +dealing with groups. With the exception of <tt class="COMMAND">chfn</tt>, <tt +class="COMMAND">chsh</tt>, and <tt class="COMMAND">passwd</tt>, these programs are +generally only run as <tt class="USERNAME">root</tt>, and are therefore located in <tt +class="FILENAME">/usr/sbin</tt>. <tt class="COMMAND">chfn</tt>, <tt +class="COMMAND">chsh</tt>, and <tt class="COMMAND">passwd</tt> can be run by anyone, and +are located in <tt class="FILENAME">/usr/bin</tt>.</p> + +<p>Users can be added with the <tt class="COMMAND">adduser</tt> program. We'll start out +by going through the whole procedure, showing all the questions that are asked and a +brief description of what everything means. The default answer is in the brackets, and +can be chosen for almost all the questions, unless you really want to change +something.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">#</samp> <kbd class="USERINPUT">adduser</kbd> +Login name for new user []: jellyd +</pre> +</td> +</tr> +</table> + +<p>This is the name that the user will use to login. Traditionally, login names are eight +characters or fewer, and all lowercase characters. (You may use more than eight +characters, or use digits, but avoid doing so unless you have a fairly important +reason.)</p> + +<p>You can also provide the login name as an argument on the command line:</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">#</samp> <kbd class="USERINPUT">adduser jellyd</kbd> +</pre> +</td> +</tr> +</table> + +<p>In either case, after providing the login name, adduser will prompt for the user +ID:</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +User ID ('UID') [ defaults to next available ]: +</pre> +</td> +</tr> +</table> + +<p>The user ID (UID) is how ownerships are really determined in Linux. Each user has a +unique number, starting at 1000 in Slackware. You can pick a UID for the new user, or you +can just let adduser assign the user the next free one.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +Initial group [users]: +</pre> +</td> +</tr> +</table> + +<p>All users are placed into the <tt class="USERNAME">users</tt> group by default. You +might want to place the new user into a different group, but it is not recommended unless +you know what you're doing.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +Additional groups (comma separated) []: +</pre> +</td> +</tr> +</table> + +<p>This question allows you to place the new user into additional groups. It is possible +for a user to be in several groups at the same time. This is useful if you have +established groups for things like modifying web site files, playing games, and so on. +For example, some sites define group <tt class="USERNAME">wheel</tt> as the only group +that can use the <tt class="COMMAND">su</tt> command. Or, a default Slackware +installation uses the <tt class="USERNAME">sys</tt> group for users authorized to play +sounds through the internal sound card.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +Home directory [/home/jellyd] +</pre> +</td> +</tr> +</table> + +<p>Home directories default to being placed under <tt class="FILENAME">/home</tt>. If you +run a very large system, it's possible that you have moved the home directories to a +different location (or to many locations). This step allows you to specify where the +user's home directory will be.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +Shell [ /bin/bash ] +</pre> +</td> +</tr> +</table> + +<p><tt class="COMMAND">bash</tt> is the default shell for Slackware Linux, and will be +fine for most people. If your new user comes from a Unix background, they may be familiar +with a different shell. You can change their shell now, or they can change it themselves +later using the <tt class="COMMAND">chsh</tt> command.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +Expiry date (YYYY-MM-DD) []: +</pre> +</td> +</tr> +</table> + +<p>Accounts can be set up to expire on a specified date. By default, there is no +expiration date. You can change that, if you'd like. This option might be useful for +people running an ISP who might want to make an account expire upon a certain date, +unless they receive the next year's payment.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +New account will be created as follows: +--------------------------------------- +Login name: jellyd +UID: [ Next available ] +Initial group: users +Additional groups: [ None ] +Home directory: /home/jellyd +Shell: /bin/bash +Expiry date: [ Never ] +</pre> +</td> +</tr> +</table> + +<p>This is it... if you want to bail out, hit <b class="KEYCAP">Control</b>+<b +class="KEYCAP">C</b>. Otherwise, press <kbd class="USERINPUT">ENTER</kbd> to go ahead and +make the account.</p> + +<p>You now see all the information that you've entered about the new account and are +given the opportunity to abort the account creation. If you entered something +incorrectly, you should hit <b class="KEYCAP">Control</b>+<b class="KEYCAP">C</b> and +start over. Otherwise, you can hit <kbd class="USERINPUT">enter</kbd> and the account +will be made.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +Creating new account... + +Changing the user information for jellyd +Enter the new value, or press return for the default + Full Name []: Jeremy + Room Number []: Smith 130 + Work Phone []: + Home Phone []: + Other []: +</pre> +</td> +</tr> +</table> + +<p>All of this information is optional. You don't have to enter any of this if you don't +want to, and the user can change it at any time using <tt class="COMMAND">chfn</tt>. +However, you might find it helpful to enter at least the full name and a phone number, in +case you need to get in touch with the person later.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +Changing password for jellyd +Enter the new password (minimum of 5, maximum of 127 characters) +Please use a combination of upper and lower case letters and numbers. +New password: +Re-enter new password: +Password changed. + +Account setup complete. +</pre> +</td> +</tr> +</table> + +<p>You'll have to enter a password for the new user. Generally, if the new user is not +physically present at this point, you'll just pick some default password and tell the +user to change it to something more secure.</p> + +<div class="NOTE"> +<table class="NOTE" width="100%" border="0"> +<tr> +<td width="25" align="CENTER" valign="TOP"><img src="./imagelib/admon/note.png" +hspace="5" alt="Note" /></td> +<td align="LEFT" valign="TOP"> +<p><span class="emphasis"><i class="EMPHASIS">Choosing a Password</i></span>: Having a +secure password is the first line of defense against getting cracked. You do not want to +have an easily guessed password, because that makes it easier for someone to break into +your system. Ideally, a secure password would be a random string of characters, including +upper and lowercase letters, numbers, and random characters. (A tab character might not +be a wise choice, depending on what kinds of computers you'll be logging in from.) There +are many software packages that can generate random passwords for you; search the +Internet for these utilities.</p> + +<p>In general, just use common sense: don't pick a password that is someone's birthday, a +common phrase, something found on your desk, or anything that is easily associated with +you. A password like “secure1” or any other password you see in print or +online is also bad.</p> +</td> +</tr> +</table> +</div> + +<p>Removing users is not difficult at all. Just run <tt class="COMMAND">userdel</tt> with +the name of the account to remove. You should verify that the user is not logged in, and +that no processes are running as that user. Also, remember that once you've deleted the +user, all of that user's password information is gone permanently.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">#</samp> <kbd class="USERINPUT">userdel jellyd</kbd> +</pre> +</td> +</tr> +</table> + +<p>This command removes that annoying <tt class="USERNAME">jellyd</tt> user from your +system. Good riddance! :) The user is removed from the <tt +class="FILENAME">/etc/passwd</tt>, <tt class="FILENAME">/etc/shadow</tt>, and <tt +class="FILENAME">/etc/group</tt> files, but doesn't remove the user's home directory.</p> + +<p>If you'd wanted to remove the home directory as well, you would instead use this +command:</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">#</samp> <kbd class="USERINPUT">userdel -r jellyd</kbd> +</pre> +</td> +</tr> +</table> + +<p>Temporarily disabling an account will be covered in the next section on passwords, +since a temporary change involves changing the user's password. Changing other account +information is covered in <a +href="essential-sysadmin.html#ESSENTIAL-SYSADMIN-USERS-CHANGING">Section 12.1.3</a>.</p> + +<p>The programs to add and remove groups are very simple. <tt +class="COMMAND">groupadd</tt> will just add another entry to the <tt +class="FILENAME">/etc/group</tt> file with a unique group ID, while <tt +class="COMMAND">groupdel</tt> will remove the specified group. It is up to you to edit +<tt class="FILENAME">/etc/group</tt> to add users to a specific group. For example, to +add a group called <tt class="USERNAME">cvs</tt>:</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">#</samp> <kbd class="USERINPUT">groupadd cvs</kbd> +</pre> +</td> +</tr> +</table> + +<p>And to remove it:</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">#</samp> <kbd class="USERINPUT">groupdel cvs</kbd> +</pre> +</td> +</tr> +</table> +</div> + +<div class="SECT2"> +<h2 class="SECT2"><a id="ESSENTIAL-SYSADMIN-USERS-PASSWDS" +name="ESSENTIAL-SYSADMIN-USERS-PASSWDS">12.1.2 Changing Passwords</a></h2> + +<p>The <tt class="COMMAND">passwd</tt> program changes passwords by modifying the <tt +class="FILENAME">/etc/shadow</tt> file. This file holds all the passwords for the system +in an encrypted format. In order to change your own password, you would type:</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">%</samp> <kbd class="USERINPUT">passwd</kbd> +Changing password for chris +Old password: +Enter the new password (minumum of 5, maximum of 127 characters) +Please use a combination of upper and lower case letters and numbers. +New password: +</pre> +</td> +</tr> +</table> + +<p>As you can see, you are prompted to enter your old password. It won't appear on the +screen as you type it, just like when you log in. Then, you are prompted to enter the new +password. <tt class="COMMAND">passwd</tt> performs a lot of checks on your new password, +and it will complain if your new password doesn't pass its checks. You can ignore its +warnings if you want. You will be prompted to enter your new password a second time for +confirmation.</p> + +<p>If you are <tt class="USERNAME">root</tt>, you can also change another user's +password:</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">#</samp> <kbd class="USERINPUT">passwd ted</kbd> +</pre> +</td> +</tr> +</table> + +<p>You will then have to go through the same procedure as above, except that you won't +have to enter the user's old password. (One of the many benefits of being <tt +class="USERNAME">root</tt>...)</p> + +<p>If needed, you can also temporarily disable an account, and reenable it at a later +time if needed. Both disabling an account and reenabling an account can be done with <tt +class="COMMAND">passwd</tt>. To disable an account, do the following as <tt +class="USERNAME">root</tt>:</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">#</samp> <kbd class="USERINPUT">passwd -l david</kbd> +</pre> +</td> +</tr> +</table> + +<p>This will change david's password to something that can never match any encrypted +value. You would reenable the account by using:</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">#</samp> <kbd class="USERINPUT">passwd -u david</kbd> +</pre> +</td> +</tr> +</table> + +<p>Now, david's account is back to normal. Disabling an account might be useful if the +user doesn't play by the rules you've set up on your system, or if they've exported a +very large copy of <tt class="COMMAND">xeyes</tt>(1) to your X desktop.</p> +</div> + +<div class="SECT2"> +<h2 class="SECT2"><a id="ESSENTIAL-SYSADMIN-USERS-CHANGING" +name="ESSENTIAL-SYSADMIN-USERS-CHANGING">12.1.3 Changing User Information</a></h2> + +<p>There are two pieces of information that users can change at any time: their shell and +their finger information. Slackware Linux uses <tt class="COMMAND">chsh</tt> (change +shell) and <tt class="COMMAND">chfn</tt> (change finger) to modify these values.</p> + +<p>A user can pick any shell that is listed in the <tt class="FILENAME">/etc/shells</tt> +file. For most people, <tt class="COMMAND">/bin/bash</tt> will do just fine. Others might +be familiar with a shell found on their system at work or school and want to use what +they already know. To change your shell, use <tt class="COMMAND">chsh</tt>:</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chsh</kbd> +Password: +Changing the login shell for chris +Enter the new value, or press return for the default + Login Shell [/bin/bash]: +</pre> +</td> +</tr> +</table> + +<p>After entering your password, enter the full path to the new shell. Make sure that +it's listed in the <tt class="FILENAME">/etc/shells</tt>(5) file first. The <tt +class="USERNAME">root</tt> user can also change any user's shell by running <tt +class="COMMAND">chsh</tt> with a username as the argument.</p> + +<p>The finger information is the optional information such as your full name, phone +numbers, and room number. This can be changed using <tt class="COMMAND">chfn</tt>, and +follows the same procedure as it did during account creation. As usual, <tt +class="USERNAME">root</tt> can change anyone's finger information.</p> +</div> +</div> +</div> + +<div class="NAVFOOTER"> +<hr align="LEFT" width="100%" /> +<table summary="Footer navigation table" width="100%" border="0" cellpadding="0" +cellspacing="0"> +<tr> +<td width="33%" align="left" valign="top"><a href="process-control-top.html" +accesskey="P">Prev</a></td> +<td width="34%" align="center" valign="top"><a href="index.html" +accesskey="H">Home</a></td> +<td width="33%" align="right" valign="top"><a href="essential-sysadmin-hardusers.html" +accesskey="N">Next</a></td> +</tr> + +<tr> +<td width="33%" align="left" valign="top"><tt class="COMMAND">top</tt></td> +<td width="34%" align="center" valign="top"> </td> +<td width="33%" align="right" valign="top">Users and Groups, the Hard Way</td> +</tr> +</table> +</div> +</body> +</html> + |