[deployment-guide/comm-rel: 625/727] Merge branch 'master' of git+ssh://git.engineering.redhat.com/srv/git/users/dhensley/Deployment_Guid
Jaromir Hradilek
jhradile at fedoraproject.org
Tue Oct 19 13:18:10 UTC 2010
commit beebeecb09eb0fa2b543c8b8a4d9dfa43feb2f22
Merge: 4ceef5f... bac4714...
Author: Douglas Silas <dhensley at redhat.com>
Date: Tue Sep 7 21:40:49 2010 +0200
Merge branch 'master' of git+ssh://git.engineering.redhat.com/srv/git/users/dhensley/Deployment_Guide
Conflicts:
en-US/Users_and_Groups.xml
Indented Users_and_Groups chapter.
en-US/Book_Info.xml | 2 +-
en-US/Controlling_Access_to_Services.xml | 2 +-
en-US/Date_and_Time_Configuration.xml | 2 +-
en-US/Dynamic_Host_Configuration_Protocol_DHCP.xml | 3 +-
en-US/FTP.xml | 16 +-
en-US/Samba.xml | 114 ++-
en-US/The_Apache_HTTP_Server.xml | 1189 +++++++++++---------
en-US/The_proc_File_System.xml | 145 +--
en-US/Users_and_Groups.xml | 38 -
9 files changed, 791 insertions(+), 720 deletions(-)
---
diff --cc en-US/Users_and_Groups.xml
index d69aa8c,3377937..c190883
--- a/en-US/Users_and_Groups.xml
+++ b/en-US/Users_and_Groups.xml
@@@ -125,7 -125,7 +125,6 @@@
<para>&MAJOROS; uses a <firstterm>user private group</firstterm> (UPG) scheme. The UPG scheme does not add or change anything in the standard UNIX way of handling groups; it offers a new convention. Whenever you create a new user, by default, a unique group with the same name as the user is created. If you do not want to create this group, unselect <guilabel>Create a private group for the user</guilabel>.</para>
<para>To specify a user ID for the user, select <guibutton>Specify user ID manually</guibutton>. If the option is not selected, the next available user ID above 500 is assigned to the new user. Because &MAJOROS; reserves user IDs below 500 for system users, it is not advisable to manually assign user IDs 1-499.</para>
<para>Click <guibutton>OK</guibutton> to create the user.</para>
--
<figure
id="user-new-fig">
<title>Creating a new user</title>
@@@ -530,358 -530,287 +529,321 @@@
</tbody>
</tgroup>
</table>
-<bridgehead>Adding a Group</bridgehead>
- <indexterm significance="normal">
- <primary>group configuration</primary>
- <secondary><command>groupadd</command>
- </secondary>
- </indexterm>
- <indexterm significance="normal">
- <primary>adding</primary>
- <secondary>group</secondary>
- </indexterm>
- <para>
- To add a group to the system, use the command <command>groupadd</command>:
+ <bridgehead>Adding a Group</bridgehead>
+ <indexterm
+ significance="normal">
+ <primary>group configuration</primary>
+ <secondary>
+ <command
+ moreinfo="none">groupadd</command>
+ </secondary>
+ </indexterm>
+ <indexterm
+ significance="normal">
+ <primary>adding</primary>
+ <secondary>group</secondary>
+ </indexterm>
+ <para>
+ To add a group to the system, use the command <command
+ moreinfo="none">groupadd</command>:
</para>
-<screen>
-<command>groupadd <replaceable><group-name></replaceable></command>
-</screen>
- <para>
- Command line options for <command>groupadd</command> are detailed in <xref linkend="table-groupadd-options"/>.
+ <screen>
+<command
+ moreinfo="none">groupadd <replaceable><group-name></replaceable>
+ </command>
+ </screen>
+ <para>
+ Command line options for <command
+ moreinfo="none">groupadd</command> are detailed in <xref
+ linkend="table-groupadd-options"/>.
</para>
--
- <table id="table-groupadd-options">
- <title><command>groupadd</command> Command Line Options</title>
-
- <tgroup cols="2">
- <colspec colnum="1" colname="option" colwidth="20*"></colspec>
-
- <colspec colnum="2" colname="description" colwidth="50*"></colspec>
- <thead><row>
- <entry>
+ <table
+ id="table-groupadd-options">
+ <title>
+ <command
+ moreinfo="none">groupadd</command> Command Line Options</title>
-
+ <tgroup
+ cols="2">
+ <colspec
+ colnum="1"
+ colname="option"
+ colwidth="20*"></colspec>
-
+ <colspec
+ colnum="2"
+ colname="description"
+ colwidth="50*"></colspec>
+ <thead>
+ <row>
+ <entry>
Option
</entry>
--
- <entry>
+ <entry>
Description
</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>-f, --force</entry>
- <entry>When used with <option>-g</option> <replaceable><gid></replaceable> and <replaceable><gid></replaceable> already exists, <command>groupadd</command> will choose another unique <replaceable><gid></replaceable> for the group.</entry>
- </row>
- <row>
- <entry>
- <option>-g</option> <replaceable><gid></replaceable>
- </entry>
- <entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>-f, --force</entry>
+ <entry>When used with <option>-g</option>
+ <replaceable><gid></replaceable> and <replaceable><gid></replaceable> already exists, <command>groupadd</command> will choose another unique <replaceable><gid></replaceable> for the group.</entry>
+ </row>
+ <row>
+ <entry>
+ <option>-g</option>
+ <replaceable><gid></replaceable>
+ </entry>
+ <entry>
Group ID for the group, which must be unique and greater than 499
</entry>
- </row>
- <row>
- <entry><option>-K, --key KEY=VALUE</option></entry>
- <entry>override <code>/etc/login.defs</code> defaults</entry></row>
- <row>
- <entry><option>-o</option>, <option>--non-unique</option></entry>
- <entry>allow to create groups with duplicate</entry>
- </row>
- <row>
- <entry><option>-p</option>, <option>--password</option> <option>PASSWORD</option></entry>
- <entry>use this encrypted password for the new group</entry>
- </row>
- <row>
- <entry>
- <option>-r</option>
- </entry>
- <entry> Create a system group with a GID less than 500</entry>
- </row>
- </tbody>
- </tgroup>
- </table>
-<bridgehead>Password Aging</bridgehead>
- <indexterm significance="normal">
- <primary>password</primary>
- <secondary>expire</secondary>
- </indexterm>
- <indexterm significance="normal">
- <primary>password</primary>
- <secondary>aging</secondary>
- </indexterm>
- <indexterm significance="normal">
- <primary>expiration of password, forcing</primary>
- </indexterm>
- <indexterm significance="normal">
- <primary><command>chage</command> command</primary>
- <secondary>forcing password expiration with</secondary>
- </indexterm>
- <indexterm significance="normal">
- <primary>user configuration</primary>
- <secondary>password</secondary>
- <tertiary>forcing expiration of</tertiary>
- </indexterm>
-
- <para>
- For security reasons, it is advisable to require users to change their passwords periodically. This can be done when adding or editing a user on the <guilabel>Password Info</guilabel> tab of the <application>User Manager</application>.
+ </row>
+ <row>
+ <entry>
+ <option>-K, --key KEY=VALUE</option>
+ </entry>
+ <entry>override <code>/etc/login.defs</code> defaults</entry>
+ </row>
+ <row>
+ <entry>
+ <option>-o</option>, <option>--non-unique</option>
+ </entry>
+ <entry>allow to create groups with duplicate</entry>
+ </row>
+ <row>
+ <entry>
+ <option>-p</option>, <option>--password</option>
+ <option>PASSWORD</option>
+ </entry>
+ <entry>use this encrypted password for the new group</entry>
+ </row>
+ <row>
+ <entry>
+ <option>-r</option>
+ </entry>
+ <entry> Create a system group with a GID less than 500</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <bridgehead>Password Aging</bridgehead>
+ <indexterm
+ significance="normal">
+ <primary>password</primary>
+ <secondary>expire</secondary>
+ </indexterm>
+ <indexterm
+ significance="normal">
+ <primary>password</primary>
+ <secondary>aging</secondary>
+ </indexterm>
+ <indexterm
+ significance="normal">
+ <primary>expiration of password, forcing</primary>
+ </indexterm>
+ <indexterm
+ significance="normal">
+ <primary>
+ <command
+ moreinfo="none">chage</command> command</primary>
+ <secondary>forcing password expiration with</secondary>
+ </indexterm>
+ <indexterm
+ significance="normal">
+ <primary>user configuration</primary>
+ <secondary>password</secondary>
+ <tertiary>forcing expiration of</tertiary>
+ </indexterm>
-
+ <para>
+ For security reasons, it is advisable to require users to change their passwords periodically. This can be done when adding or editing a user on the <guilabel
+ moreinfo="none">Password Info</guilabel> tab of the <application>User Manager</application>.
</para>
--
- <para>
- To configure password expiration for a user from a shell prompt, use the <command>chage</command> command with an option from <xref linkend="table-chage-options"/>, followed by the username.
+ <para>
+ To configure password expiration for a user from a shell prompt, use the <command
+ moreinfo="none">chage</command> command with an option from <xref
+ linkend="table-chage-options"/>, followed by the username.
</para>
--
- <important>
- <title>Important</title>
-
- <para>
- Shadow passwords must be enabled to use the <command>chage</command> command. For more information, see <xref linkend="s1-users-groups-shadow-utilities" />.
+ <important>
+ <title>Important</title>
-
+ <para>
+ Shadow passwords must be enabled to use the <command
+ moreinfo="none">chage</command> command. For more information, see <xref
+ linkend="s1-users-groups-shadow-utilities" />.
</para>
- </important>
-
- <table id="table-chage-options">
- <title><command>chage</command> Command Line Options</title>
-
- <tgroup cols="2">
- <colspec colnum="1" colname="option" colwidth="20*"></colspec>
-
- <colspec colnum="2" colname="description" colwidth="50*"></colspec>
- <thead><row>
- <entry>
+ </important>
-
+ <table
+ id="table-chage-options">
+ <title>
+ <command
+ moreinfo="none">chage</command> Command Line Options</title>
-
+ <tgroup
+ cols="2">
+ <colspec
+ colnum="1"
+ colname="option"
+ colwidth="20*"></colspec>
-
+ <colspec
+ colnum="2"
+ colname="description"
+ colwidth="50*"></colspec>
+ <thead>
+ <row>
+ <entry>
Option
</entry>
--
- <entry>
+ <entry>
Description
</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>
- <option>-d</option> <replaceable><days></replaceable>
- </entry>
-
- <entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <option>-d</option>
+ <replaceable><days></replaceable>
+ </entry>
-
+ <entry>
Specifies the number of days since January 1, 1970 the password was changed
</entry>
- </row>
- <row>
- <entry>
- <option>-E</option> <replaceable><date></replaceable>
- </entry>
- <entry>
+ </row>
+ <row>
+ <entry>
+ <option>-E</option>
+ <replaceable><date></replaceable>
+ </entry>
+ <entry>
Specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used.
</entry>
- </row>
- <row>
- <entry>
- <option>-I</option> <replaceable><days></replaceable>
- </entry>
-
- <entry>
+ </row>
+ <row>
+ <entry>
+ <option>-I</option>
+ <replaceable><days></replaceable>
+ </entry>
-
+ <entry>
Specifies the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires.
</entry>
- </row>
- <row>
- <entry>
- <option>-l</option>
- </entry>
- <entry>
+ </row>
+ <row>
+ <entry>
+ <option>-l</option>
+ </entry>
+ <entry>
Lists current account aging settings.
</entry>
- </row>
- <row>
- <entry>
- <option>-m</option> <replaceable><days></replaceable>
- </entry>
- <entry>
+ </row>
+ <row>
+ <entry>
+ <option>-m</option>
+ <replaceable><days></replaceable>
+ </entry>
+ <entry>
Specify the minimum number of days after which the user must change passwords. If the value is 0, the password does not expire.
</entry>
- </row>
- <row>
- <entry>
- <option>-M</option> <replaceable><days></replaceable>
- </entry>
- <entry>
+ </row>
+ <row>
+ <entry>
+ <option>-M</option>
+ <replaceable><days></replaceable>
+ </entry>
+ <entry>
Specify the maximum number of days for which the password is valid. When the number of days specified by this option plus the number of days specified with the <option>-d</option> option is less than the current day, the user must change passwords before using the account.
</entry>
- </row>
- <row>
- <entry>
- <option>-W</option> <replaceable><days></replaceable>
- </entry>
-
- <entry>
+ </row>
+ <row>
+ <entry>
+ <option>-W</option>
+ <replaceable><days></replaceable>
+ </entry>
-
+ <entry>
Specifies the number of days before the password expiration date to warn the user.
</entry>
- </row>
- </tbody>
- </tgroup>
- </table>
- <note><title>Tip</title>
- <para>
- If the <command>chage</command> command is followed directly by a username (with no options), it displays the current password aging values and allows them to be changed interactively.
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <note>
+ <title>Tip</title>
+ <para>
+ If the <command
+ moreinfo="none">chage</command> command is followed directly by a username (with no options), it displays the current password aging values and allows them to be changed interactively.
</para>
- </note>
-
- <para>
+ </note>
-
+ <para>
You can configure a password to expire the first time a user logs in. This forces users to change passwords immediately.
</para>
--
- <orderedlist inheritnum="ignore" continuation="restarts">
-
- <listitem>
- <para>
- <emphasis>Set up an initial password</emphasis> — There are two common approaches to this step. The administrator can assign a default password or assign a null password.
+ <orderedlist
+ inheritnum="ignore"
+ continuation="restarts">
-
+ <listitem>
+ <para>
+ <emphasis>Set up an initial password</emphasis> — There are two common approaches to this step. The administrator can assign a default password or assign a null password.
</para>
--
- <para>
+ <para>
To assign a default password, use the following steps:
</para>
--
- <itemizedlist>
- <listitem>
- <para>
- Start the command line Python interpreter with the <command>python</command> command. It displays the following:
+ <itemizedlist>
+ <listitem>
+ <para>
+ Start the command line Python interpreter with the <command
+ moreinfo="none">python</command> command. It displays the following:
</para>
--
-<screen>
+ <screen>
Python 2.4.3 (#1, Jul 21 2006, 08:46:09)
[GCC 4.1.1 20060718 (Application Stack 4.1.1-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>></screen>
--
- </listitem>
-
- <listitem>
-
- <para>At the prompt, type the following commands. Replace <replaceable><password></replaceable> with the password to encrypt and <replaceable><salt></replaceable> with a random combination of at least 2 of the following: any alphanumeric character, the slash (/) character or a dot (.):
+ </listitem>
-
+ <listitem>
-
+ <para>At the prompt, type the following commands. Replace <replaceable><password></replaceable> with the password to encrypt and <replaceable><salt></replaceable> with a random combination of at least 2 of the following: any alphanumeric character, the slash (/) character or a dot (.):
</para>
--
-<screen>
-<command>import crypt; print
-
+ <screen>
+<command
+ moreinfo="none">import crypt; print
-
crypt.crypt("<replaceable><password></replaceable>","<replaceable><salt></replaceable>")</command>
-</screen>
-
- <para>
- The output is the encrypted password, similar to <computeroutput>'12CsGd8FRcMSM'</computeroutput>.
+ </screen>
-
+ <para>
+ The output is the encrypted password, similar to <computeroutput
+ moreinfo="none">'12CsGd8FRcMSM'</computeroutput>.
</para>
- </listitem>
-
- <listitem>
- <para>
- Press <keycap>Ctrl</keycap>-<keycap>D</keycap> to exit the Python interpreter.
+ </listitem>
-
+ <listitem>
+ <para>
+ Press <keycap
+ moreinfo="none">Ctrl</keycap>-<keycap
+ moreinfo="none">D</keycap> to exit the Python interpreter.
</para>
- </listitem>
-
- <listitem>
- <para>
+ </listitem>
-
+ <listitem>
+ <para>
At the shell, enter the following command (replacing <replaceable><encrypted-password></replaceable> with the encrypted output of the Python interpreter):
--
</para>
--
-<screen>usermod -p "<replaceable><encrypted-password></replaceable>" <replaceable><username></replaceable></screen>
- </listitem>
- </itemizedlist>
-
- <para>
+ <screen>usermod -p "<replaceable><encrypted-password></replaceable>" <replaceable><username></replaceable>
+ </screen>
+ </listitem>
+ </itemizedlist>
-
+ <para>
Alternatively, you can assign a null password instead of an initial password. To do this, use the following command:
</para>
--
-<screen>usermod -p "" <replaceable>username</replaceable></screen>
- <warning>
- <title>Caution</title>
-
- <para>
+ <screen>usermod -p "" <replaceable>username</replaceable>
+ </screen>
+ <warning>
+ <title>Caution</title>
-
+ <para>
Using a null password, while convenient, is a highly unsecure practice, as any third party can log in first and access the system using the unsecure username. Always make sure that the user is ready to log in before unlocking an account with a null password.
</para>
--
- </warning>
- </listitem>
-
- <listitem>
- <para>
- <emphasis>Force immediate password expiration</emphasis> — Type the following command:
+ </warning>
+ </listitem>
-
+ <listitem>
+ <para>
+ <emphasis>Force immediate password expiration</emphasis> — Type the following command:
</para>
-<screen>chage -d 0 <replaceable>username</replaceable></screen>
- <para>
+ <screen>chage -d 0 <replaceable>username</replaceable>
+ </screen>
+ <para>
This command sets the value for the date the password was last changed to the epoch (January 1, 1970). This value forces immediate password expiration no matter what password aging policy, if any, is in place.
</para>
- </listitem>
- </orderedlist>
-
+ </listitem>
+ </orderedlist>
-
<para>
Upon the initial log in, the user is now prompted for a new password.
</para>
More information about the docs-commits
mailing list