Systemusers andgroups

LILO booting off second IDE disk 1100
Java Jive wrote a very detailed response to my plea for help, including this crucial snippet: And that's a critical little bit of information I didn't know; and that was my problem. By...

I know this sounds like a newbie-question, but what does the various system-users and system-groups do? Which parts of the file-system (directories and files) could-should they own? Which executables couldshould be set SUID and-or SGID to them? Which processes could-should be run as these users? Which users (e.g. root, mail, bin, adm, mailmaster) should typically belong to which groups?

I of course "know" how these users and groups are used and what they do, but I don't *know*... What I really would like, is to see some standard, recomandation or summary over the common users and groups on a Linux-Unix system -- how they should be used (e.g. which files-directories they should own and which processes they should run). So if anybody knows of such a document, please point me the way...

+++

AFAIK, a Linux system *must* have at least two users and two groups -- the root-user and root-group, and the bin-user and the bin-group... the root-user has special-privliges hardwired into the kernel, but what about the root-group? And what about the bin-user (and bin-group)... does it too have priviliges hardwired into the kernel?

My main problem is that the use of users and groups varies hugely between distros... on top of that, there are a number of users and groups (mostly for various subsystems like man, halt, sync) that never seems to be used -- they don't own any files-directories and no processes are run as them (although there probably could and should).

I would think it would be desirable to run various system-processes (daemons) with as low privliges as possible, and to otherwise restrict access as much as possible.

+++

Take man...

Shouldn't the man-command be run SUID to the man-user? Shouldn't the man-pages and buttosiate directories be owned by the man-user and man-group? Wouldn't it make sense to let some users become members of the man-group, so they could add, edit or delete man-pages?

+++

LILO booting off second IDE disk
I'm running Slackware 9.1 with a linux 2.6.16.5 kernel and lilo 22.5.7.2. I have three IDE disks and a cd-rom drive connected to the two IDE...

Take the bin-group... on some system, this group owns the various bin-and sbin-directories and most of the files (executables) in them (unless the executable is run SGID and therefor must belong to some special group). Thus I would think that a normal user made member of the bin-group, would-could have enough privliges to install (copy in) or remove simple commands (e.g. ls, ps, vi; as opposed to larger packages that would require higher privliges).

Although the files in the various bin and sbin directories and their files are usually owned by the root-user, I guess they *could* be owned by the bin-user -- unless another UID was necessery because the executable was set SUID.

Though some distros typically uses the root:bin pair, most uses the root:root pair (as in user:group).

On some distros I have seen the odd daemon running as the bin-user, but that is rather seldom... aren't there more daemons that could -- and ought to -- run with less than root-priviliges?

+++

Then there is the adm-group and user... I buttume it's named from the adm-directory that has since been moved and renamed tovar-log. I have seen on some distros thatvar-log -- and most of the files under it -- belongs to the adm-group... so I buttume a user belonging to the adm-group would be able to check the system's health by looking at various logs.

I would think that the adm-user could run things like syslog.

+++

I buttume that users made member of the root-group can preform system-tasks with *near* root-users privliges... but I don't know if it's common (or wise) to make ordernary users members of this group.

+++

LILO booting off second IDE disk 1104
Brad WAG; Perhaps you did it in the past, but *maybe* by using the Secondary Master position -- my guess is the 'Slave' setting...

I have know idea what the sys user and group should own and run, or which users should belong to the group. I buttume *some* part of the file-system (other than bin, sbin and log) could-should be owned by this group.

+++

I guess it would be a good idea to let some users handle things like mail, web and printing -- and perhaps make a user-account especially for these tasks (e.g. mailmaster and webmaster) that a user could su to... and I buttume this could be accomplished by making these users member of the groups handling that particular system (e.g. mail, www and lpr).

+++

Then there are groups for...

wheel -- real users allowed to use su (to become root).

shadow -- for programs needing access to shadowed-pbuttwords.

LILO booting off second IDE disk 1102
Stanislaw Flatto My personal preference is to leave the MBR alone and instead get LILO to install its bootstrap in the active parbreastion of the disk off which I wish it to boot...

Various subsytems like mail, lpr, daemon...

For users allowed to use certain systems like cron and at...

Then there are groups for various devices (e.g. tty, disk, floppy, snd) to allow certain users -- real, system or psaudo (like games) -- a more direct access to devices without root-privliges.

+++

As I said, I've seen how groups and users are used... and I understand how they are used... but I *really* would like some standard or recomandation or description of the various users and groups; and how they *should* be used.

-Koppe

List | Previous | Next

LILO booting off second IDE disk

Linux groups from Newsgroups

The #1 Usenet Provider on the Internet

how do you do this

PLEX86 x86- Virtual Machine (VM) Program


	Plex86 \| CVS \| Mailing List \| Download \| Linux \| Newsgroups

		Systemusers andgroups LILO booting off second IDE disk 1100 Java Jive wrote a very detailed response to my plea for help, including this crucial snippet: And that's a critical little bit of information I didn't know; and that was my problem. By... I know this sounds like a newbie-question, but what does the various system-users and system-groups do? Which parts of the file-system (directories and files) could-should they own? Which executables couldshould be set SUID and-or SGID to them? Which processes could-should be run as these users? Which users (e.g. root, mail, bin, adm, mailmaster) should typically belong to which groups? I of course "know" how these users and groups are used and what they do, but I don't know... What I really would like, is to see some standard, recomandation or summary over the common users and groups on a Linux-Unix system -- how they should be used (e.g. which files-directories they should own and which processes they should run). So if anybody knows of such a document, please point me the way... +++ AFAIK, a Linux system must have at least two users and two groups -- the root-user and root-group, and the bin-user and the bin-group... the root-user has special-privliges hardwired into the kernel, but what about the root-group? And what about the bin-user (and bin-group)... does it too have priviliges hardwired into the kernel? My main problem is that the use of users and groups varies hugely between distros... on top of that, there are a number of users and groups (mostly for various subsystems like man, halt, sync) that never seems to be used -- they don't own any files-directories and no processes are run as them (although there probably could and should). I would think it would be desirable to run various system-processes (daemons) with as low privliges as possible, and to otherwise restrict access as much as possible. +++ Take man... Shouldn't the man-command be run SUID to the man-user? Shouldn't the man-pages and buttosiate directories be owned by the man-user and man-group? Wouldn't it make sense to let some users become members of the man-group, so they could add, edit or delete man-pages? +++ LILO booting off second IDE disk I'm running Slackware 9.1 with a linux 2.6.16.5 kernel and lilo 22.5.7.2. I have three IDE disks and a cd-rom drive connected to the two IDE... Take the bin-group... on some system, this group owns the various bin-and sbin-directories and most of the files (executables) in them (unless the executable is run SGID and therefor must belong to some special group). Thus I would think that a normal user made member of the bin-group, would-could have enough privliges to install (copy in) or remove simple commands (e.g. ls, ps, vi; as opposed to larger packages that would require higher privliges). Although the files in the various bin and sbin directories and their files are usually owned by the root-user, I guess they could be owned by the bin-user -- unless another UID was necessery because the executable was set SUID. Though some distros typically uses the root:bin pair, most uses the root:root pair (as in user:group). On some distros I have seen the odd daemon running as the bin-user, but that is rather seldom... aren't there more daemons that could -- and ought to -- run with less than root-priviliges? +++ Then there is the adm-group and user... I buttume it's named from the adm-directory that has since been moved and renamed tovar-log. I have seen on some distros thatvar-log -- and most of the files under it -- belongs to the adm-group... so I buttume a user belonging to the adm-group would be able to check the system's health by looking at various logs. I would think that the adm-user could run things like syslog. +++ I buttume that users made member of the root-group can preform system-tasks with near root-users privliges... but I don't know if it's common (or wise) to make ordernary users members of this group. +++ LILO booting off second IDE disk 1104 Brad WAG; Perhaps you did it in the past, but maybe by using the Secondary Master position -- my guess is the 'Slave' setting... I have know idea what the sys user and group should own and run, or which users should belong to the group. I buttume some part of the file-system (other than bin, sbin and log) could-should be owned by this group. +++ I guess it would be a good idea to let some users handle things like mail, web and printing -- and perhaps make a user-account especially for these tasks (e.g. mailmaster and webmaster) that a user could su to... and I buttume this could be accomplished by making these users member of the groups handling that particular system (e.g. mail, www and lpr). +++ Then there are groups for... wheel -- real users allowed to use su (to become root). shadow -- for programs needing access to shadowed-pbuttwords. LILO booting off second IDE disk 1102 Stanislaw Flatto My personal preference is to leave the MBR alone and instead get LILO to install its bootstrap in the active parbreastion of the disk off which I wish it to boot... Various subsytems like mail, lpr, daemon... For users allowed to use certain systems like cron and at... Then there are groups for various devices (e.g. tty, disk, floppy, snd) to allow certain users -- real, system or psaudo (like games) -- a more direct access to devices without root-privliges. +++ As I said, I've seen how groups and users are used... and I understand how they are used... but I really would like some standard or recomandation or description of the various users and groups; and how they should be used. -Koppe List \| Previous \| Next



		LILO booting off second IDE disk Linux groups from Newsgroups The #1 Usenet Provider on the Internet how do you do this