Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
GNU/Linux
/etc/passwd
Como puedes ver, es bastante directo. Cada entrada contiene los seis campos
que descritos en el párrafo anterior, con cada campo separado por dos puntos.
Contraseñas ocultas
/etc/group y /etc/gshadow
Sugiero crear una cuenta especial para las tareas de entrenamiento, para
efectos prácticos la llamaremos penguin y será añadida al grupo adm para
permitirle el acceso de lectura a los diversos archivos de registros situados en
/var/log/. Véase passwd(5), group(5), shadow(5), group(5), vipw(8) y
vigr(8). Para el significado oficial de usuarios y grupos, vea la lista a
continuación:
daemon
bin
sys
NOTA: Como bin, con la excepción que no se para que fue bueno
históricamente.
sync
games
Muchos juegos hacen sgid a juegos de tal forma que puedan escribir en
sus archivos de mejores jugadas. Esto es explicado en Debian Policy.
man
lp
En los dispositivos lp* se puede escribir con este grupo de modo que los
usuarios en éste grupo podrán tener acceso al puerto paralelo
directamente. Tradicionalmente éste trabajo es tomado por un demonio
de impresión en lugar de otro que necesite ejecutarse en éste grupo.
El sistema lpr mantiene sus directorios spool bajo el dominio lp/lp. Estos
demonios y herramientas finales para el usuario (a través de setuid) se
ejecutan como superusuario.
news
uucp
proxy
majordom
postgres
www-data
backup
operator
list
gnats
nobody, nogroup
NOTA: Quizás la política debe indicar el propósito de este grupo así como
los usuarios pueden ser agregados con seguridad a él, ciertamente que
todos ellos estarán habilitados para leer registros. Que tal si alguien
renombra un 'log' por ejemplo...
tty
HELP: Well, I have some disk devices in /dev owned by the group, but I
can't see the point. On another system, I noticed that some of the files
lilo puts in /boot are also owned by disk. I can imagine local uses for
such a group, like if you want to give some users in the group direct
access to some hard disk. But these uses I've found on my systems seem
to preclude doing that easily; if I put a user in group disk here, they'd
have write access to the root filesystem.
kmem
/dev/kmem and similar files are readable by this group. This is mostly a
BSD relic, but any programs that need direct read access to the system's
memory can thus be made setgid kmem.
dialout
Full and direct access to serial ports. Members of this group can
reconfigure the modem, dial anywhere, etc.
dip
The group's name stands for "Dialup IP". Being in group dip allows you to
use a tool such as ppp or dip to dial up a connection.
fax
voice
cdrom
This group can be used locally to give a set of users access to a CD-ROM
drive.
floppy
This group can be used locally to give a set of users access to a floppy
drive.
tape
This group can be used locally to give a set of users access to a tape
drive.
sudo
Members of this group do not need to type their password when using
sudo. See /usr/share/doc/sudo/OPTIONS.
audio
This group can be used locally to give a set of users access to an audio
device.
src
This group owns source code, including files in /usr/src. It can be used
locally to give a user the ability to manage system source code.
HELP: /usr/src is owned by group src and is setgid. This doesn't make
files put there by foo-src packages necessarily be owned by group src
though. If the intent is to make group src be able to manage source code,
perhaps policy should say that foo-src packages make files in /usr/src
owned and writeable by the group (and files in tarballs dropped there
likewise)?
shadow
utmp
video
This group can be used locally to give a set of users access to a video
device.
plugdev
Members of this group can mount removable devices in limited ways via
pmount without a matching entry in /etc/fstab. This is useful for local
users who expect to be able to insert and use CDs, USB drives, and so on.
Since pmount always mounts with the nodev and nosuid options and
applies other checks, this group is not intended to be root-equivalent in
the ways that the ability to mount filesystems might ordinarily allow.
Implementors of semantics involving this group should be careful not to
allow root-equivalence.
staff
Allows users to add local modifications to the system (/usr/local, /home)
without needing root privileges. Compare with group 'adm', which is
more related to monitoring/security.
users
While Debian systems use the user-group system by default (each user
has their own group), some prefer to use a more traditional group system.
In that system, each user is a member of the 'users' group.