Hardened Linux From Scratch - Version SVN-20070501

Chapter 6. Installing Basic System Software

6.7. Creating the passwd, group, and log Files

In order for user root to be able to login and for the name “root” to be recognized, there need to be relevant entries in the /etc/passwd and /etc/group files.

The nobody user is also added so it can be used by testsuites which prefer to run as an unprivileged user, and can be used later for some daemons.

Create the /etc/passwd file by running the following command: 

cat > /etc/passwd << "EOF"
root:x:0:0:root:/root:/bin/bash
nobody:x:99:99:Unprivileged User:/nonexistent:/sbin/nologin
EOF

The actual password for root (the “x” used here is just a placeholder) will be set later.

Create the /etc/group file by running the following command: 

cat > /etc/group << "EOF"
root:x:0:
bin:x:1:
sys:x:2:
kmem:x:3:
tty:x:4:
tape:x:5:
daemon:x:6:
floppy:x:7:
disk:x:8:
lp:x:9:
dialout:x:10:
audio:x:11:
video:x:12:
utmp:x:13:
usb:x:14:
cdrom:x:15:
mail:x:34:
nobody:x:99:
EOF

The created groups are not part of any standard—they are some of the groups that the Udev configuration will be using in the next section. For information about adding more groups reffer to The Linux Standard Base (LSB, available at http://www.linuxbase.org)

To remove the “I have no name!” prompt, start a new shell. Since a full Glibc was installed in Chapter 5 and the /etc/passwd and /etc/group files have been created, user name and group name resolution will now work. 

exec /tools/bin/bash --login +h

Note the use of the +h directive. This tells bash not to use its internal path hashing. Without this directive, bash would remember the paths to binaries it has executed. In order to use the newly compiled binaries as soon as they are installed, turn off this function for the duration of this chapter.

A proper Linux system maintains a list of the mounted file systems in the file /etc/mtab. Normally, this file would be created when we mount a new file system. Since we will not be mounting any file systems inside our chroot environment, create an empty file for utilities that expect the presence of /etc/mtab: 

touch /etc/mtab

The login, agetty, and init programs (and others) use a number of log files to record information such as who was logged into the system and when. However, these programs will not write to the log files if they do not already exist. Initialize the log files and give them proper permissions: 

touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
chgrp -v utmp /var/run/utmp /var/log/lastlog
chmod -v 664 /var/run/utmp /var/log/lastlog

The /var/run/utmp file records the users that are currently logged in. The /var/log/wtmp file records all logins and logouts. The /var/log/lastlog file records when each user last logged in. The /var/log/btmp file records the bad login attempts.