Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
first of all excuse me for my english(I'm italian).
Since I have never had the need to create one, the first time I encounterd it I asked myself: what is it?
I was looking for MySql installation guidelines on mysql.com, when, reading them, I found this command:
shell> useradd -r -g mysql mysql
Now, I read the man page of useradd looking for explanation about -r option, but I didn't found it useful.
It just says that -r options creates a System account, but it doesn't say anything else.
So my question is: what is a system account?
Few lines under the command it says:
"Because the user is required only for ownership purposes, not login purposes, the useradd command uses the -r option to create a user that does not have login permissions to your server host."
What would be the benefits if mysql user has not login permission?
I hope I have been clear.
Thank you so much for any answer.
Interesting question. The passwd (/etc/passwd) file is the file with a list of users. If you look at the passwd file, you will see that users have uid and gid after the username. For example root is uid 0 and gid 0. If UID_MIN is set to 500 in /etc/login.defs that means that any user that is created with useradd will now have a uid greater than 500. But if you specify the -r option, that means that you create a uid which is less than 500. So, what's the significance? The password , home directory and other settings from login.defs will not apply to this user. You have to manually create a home directory with -m parameter (man useradd).
System accounts are reserved for services and daemons. Old Unix systems would typically allow daemons and services access to files as root, which can create serious security problems if a service is hijacked. Thus, system accounts were implemented to limit the access that certain services and daemons have to files, etc on the system. With system accounts, access by services can be restricted to files pertinent to the service, and in this way limit the amount of damage that can be caused if the service is hijacked. A shell of "/sbin/nologin" prevents anyone from logging in to a service account, making it that much more difficult to compromise the service.
If you are installing with .deb or .rpm packages the creation of special system accounts, files, and directories will most likely be handled by installation scripts within the package.
This flag is used to create a system account. That is, a user with a UID lower than the value of UID_MIN defined in /etc/login.defs and whose password does not expire. Note that useradd will not create a home directory for such an user, regardless of the default setting in /etc/login.defs. You have to specify -m option if you want a home directory for a system account to be created. This is an option added by Red Hat
As above, it's the fact its uid is < UID_MIN (not always 500, some use 1000) and no passwd expire and no login shell.
The uid thing is just for simple admin checking, no passwd expire is self-evident & no login is (as above) a security issue.
Ok, so system accounts are reserved for services and deamons.
In fact I should create one specifically to run apache's deamon httpd.
Here now another doubt about Apache Web Server and system accounts.
I have on my system a personal account, called marco with users privileges: that's the usually user I use(excuse me for this word trick). Since I have created the server system account just to run httpd daemon, doesn't this mean that every html document I want to put into my document root must be owned by the apache system account? Or should I create html documents with my usual account marco, and then switch its owner into apache with chown or change its read,write,execute privileges with chmod?
You should be able to create html content as any user any where on the system. After the files are created, just be sure to use cp and notmv (either as root or with sudo) to transfer them to your html directory.
With the cp command, files will inherit the ownership and permission of the directory they are copied into (and SELinux contexts, if your system uses SELinux). With mv, files will retain their original ownership and permissions and not be accessible by the apache daemon.