Configuring user accounts
As I have hinted already, it is not good practice to run all programs as root, since if
one program is compromised by an outside attack, then the whole system is at risk.
It is preferable to create unprivileged user accounts and use them where full root is
not necessary.
Usernames are configured in /etc/passwd. There is one line per user, with seven fields of information separated by colons, which are, in order, the following:
- The login name
- A hash code used to verify the password or, more usually, an
xto indicate that the password is stored in/etc/shadow - The user ID
- The group ID
- A comment field, often left blank
- The user's
homedirectory - The shell this user will use (optional)
Here is a simple example in which we have user root with UID 0 and user daemon
with UID 1:
root:x:0:0:root:/root:/bin/sh daemon:x:1:1:daemon:/usr/sbin:/bin/false
Setting the shell for user daemon to /bin/false ensures that any attempt...
