Previous Next Table of Contents

2. User gps

Add yourself as a user so that you only need root access occasionally (in another Virtual Console - Use ALT-F2 to switch to the second, CRTL-ALT-F2 within X11.

Learning not to be root is an uphill struggle. It saves you hassle later when you (don't) have to chown your own files.

It also allows others to use your system without needing the root password to access floppies, cd's, modems (etc).

IE when you go on holiday, you can leave the system password in a sealed envelope, and find it unopened on return!

2.1 File permission

I don't want to duplicate the chown man page, or LDP User Guide, but:

Every file has a single owner (UID) and group owner (GID) and access permission bits (-rwx rwx rwx), arranged as user-group-other.

If the process accessing the file has the same UID as the file, then the user rwx (read-write-execute) bits are tried FIRST.

If the process accessing the file has GID (or can get it from its login owners group list), the group rwx bits apply.

If neither of those worked, the accessing process is not the files user, or the group but a stranger 'other'. The other rwx bits apply.

The Three lots of 3 bits are usually written in octal (the one place I can stand octal), so an executable script is usually 775 or 755, depending on whether the group is allowed to write the file, or just read it. Plain data files are ususlly 664, 644, or 640. Files you really don't want to accidently mess with are ususally 444 or 400.

Other bits are also possible, but less often used. See man chmod(1) chmod(2) stat(2).

Pay special attention to system files that contain passwords to other systems, eg your dial-in ISP.dip script contains your password to access the ISP's machine. If someone gets that, they can login to your ISP as you, take your email, send email as you, and you might never know.

2.2 adduser

Use the adduser command, and follow the prompts.

Your login name is something daft, but unique, like gps (but different).

Your Full name will be posted in all Email headings, and such. It is the field in /etc/passwd.

Your GID is the default group (files you create will be group-owned by this group).

You can be in any number of groups, when attempting to open a file, the kernel will cycle through the group list (NFS also?). This is done later by editing /etc/group.

Your UID (number) should be unique to you, it identifies you for file access permissions and such.

Your $HOME dir is /home/gps. You can use a symbolic link to move it to another disk.

Your Shell is /bin/bash. Much like SVR4 /bin/sh (Bourne Again Shell), not at all like BSD /bin/csh. bash has command line editing and good standards.

Your Password is YOUR password. Root can change it with passwd gps, so can you, but you will have to prove you know the old one.

Is that Correct Y/N ? If you say N, you'll have to type it all again.

2.3 /etc/passwd

All that information is put in /etc/passwd, for all to read.

The password is encoded, only the correct password or a coincidence will generate the same encrypted checksum that is in /etc/passwd.

If this is no-login user, eg lpd, or nobody, or .. edit /etc/passwd to put in a key that is not a logal crypted key. EG '*' or 'no-login'

The primary group is set here, files you create will have this GID.

The shell can be /bin/sh for a normal login, /bin/sh for a BBS login, or /bin/BBS-BINARY or even /bin/BBS-SCRIPT.

The script must have #!/bin/sh (or other) as it's first line, otherwise the kernel won't be able to make sense of the scipt text.

The name of the script will be put into $SHELL as a sign of preference. Secure applications would check SHELL with /etc/passwd.

2.4 /etc/shadow

This isn't used by the default Slackware, but you can switch to using it by replacing & re-configuring your distribution components. There is probably a FAQ somewhere.

The point is to remove the password-key from /etc/passwd, and put it in /etc/shadow, which only root can read. This stops hackers walking off with your list of crypted-password-keys, and finding the password by brute-force testing every combination of letters (or known previous passwords).

/etc/shadow also adds password age control parameters.

2.5 /etc/group

This lists the NAMES of the groups (the kernel uses UID numbers internally), and lists group members (if not already in group from /etc/passwd).

Add yourself to the any number of secondary groups, as:

        floppy::11:root,gps
You will probably have to logout and in again, for it to take effect.

2.6 /dev/fd0

To be able to re-format disks, and to mount them (unless the user tag is used in /etc/fstab), you need rw access to /dev/fd0. This should already be done as the device is 660 UID=root, GID=floppy.

        ls -l /dev/fd0* | less
        chgrp floppy /dev/fd0*
/dev/fd0 does an autodetect floppy format (sectors per tract etc), so that pre-formatted diskettes work every time (almost).

2.7 fdformat /dev/fd0h1440

If the disk has not already been formatted, the auto-detect on the /dev/fd0 device will fail, and the driver wont know how many sectors/tracks you want. It says: ioctl(FDGETPRM): No such devicea

Naming /dev/fd0h1440 goes past the autodetect. /etc/fdprm also has an effect (I once formatted a 1440 as a 1200, but can't remmeber how or why).

With this release (kernel / distribution / bad-disk?) I had the following mystery:

        Single-sided, 0 tracks, 0 sec/track. Total capacity 0 kB.

2.8 /etc/fdprm

Is related to /dev/fd*, the man page is setfdprm.

2.9 chmod, chown chgrp

These are used to change to permissions / ownerships of files, devices etc. It isn't possible to change a symbolic link, you change it's target!

        chgrp floppy /dev/cdrom
        chmod 644 *.tcl
        chown -R gps /home/gps/new-package

2.10 Symbolic Links

This command appears to be backwards, until you realise it follows the cp and mv command. Ie bring some thing that exists to something new.

ln -s doesn't check whether it exists, and deleting the target doesn't remove the link.

        ln -s /home/gps/.Xdefaults /home/root
        ln -s /tmp/pkgs_ftp/package-0.55/lib /usr/lib/package
        ln -s /tmp/pkgs_ftp/package-0.55/lib /usr/src/package
This IS a confusing area, as files might not exist when the link does, or a link to a directory might actually be the link to a file (add /. to the end to make it fail sooner!).


Previous Next Table of Contents