Default account and group
The Built account in Solaris 9 is existing for management purposes. Every default account has a specific UID, friendship reminder, do not easily modify the default user name and UID of these accounts. UID 0 ~ 99 is reserved for system accounts by the system. The default account list is shown in Table 4.1:
When using these default accounts attempts to execute system tasks, the executed program first checks the username or UID, so as to see if you have the appropriate permissions. That is, some of the programs will treat the account of the UID as a super user (SUPERUSER), and some programs find the user name as the ROOT as a super user. So, the renaming of the default account or change the uid, it is not a wise try.
There are also some services, such as UNIX-To-UNIX Copy Program (UUCP), and the background program associated with it, you need two accounts to run normally: Account Listen is the service to detect network conditions; account nobody and nobody4 are anonymous Connection; NoAccess provides connections to untrusted users (for authenticated users).
The built-in group is also present for management purposes. For example, if a user wants to run adminTool (a system program such as information such as a management system account), one of the implementations is to add the user to the sysadmin group (GID = 4). The system default group, the corresponding GID and the default member user are shown in Figure 4.1.
Table 4.1 Default account
Username
User ID (UID)
Comment
root
0
Superuser
Daemon
1
bin
2
SYS
3
ADM
4
Admin
UUCP
5
UUCP Admin
Nuucp
9
UUCP Admin
SMMSP
25
Sendmail Message Submission Program
Listen
37
NetWork Admin
LP
71
Line Printer Admin
NoBody
60001
NoBody
NoAccess
60002
No Access User
NoBody4
65534
Sunos 4.x NoBody
Figure 4.1 Default Group
Like the default account, the renaming or modification of the internal group is unwise, while we can add the user to the default group, but cannot delete the default account generated during the system installation.
Manage user
The user account is saved on its created machine, if you have 10 Solaris workstations and 10 users, then you have to create an account on every workstation that you need to use in him (her). Soon you will find that it is just a very distressed thing. Fortunately, we can use alternatives for use: Naming services and directory services, such as LDAP, NIS or NIS . These three services will be discussed in detail in subsequent Chapter 15 "Naming Services". Here we will discuss the way to create users on a local machine.
Username and UID
Each account we have created must have a username. In an organization, the username must be unique. In fact, when we try to use an existing user name, we will get the following information:
Warning! This user name is already being used in the name service user map.
To avoid this happening, a better suggestion is to use a unified naming rule within the company. Some common rules are, using the first letter of the user name, or the first five letters of the last name plus the first letter of the name. For example, a user named Joe Smith can use JSMith or Smithj as its login name. In Solaris, the length of the username must be between two characters or 8 characters, can contain cases, numbers, numbers, decimal points (.), Even characters (-) and underscores (_). Note: Although we can use decimal points (.), Even characters (-) and underscores (_) in the username, but we do not recommend using these characters, because for some software, these characters can cause unknown issues Produce.
In addition, it is necessary to ensure that the username is not repeated with the MAIL alias known in the system, otherwise, it will also result in an unknown issue.
Each account will have a UID associated with it. The UID can be any integer between 0 ~ 2147483647 (ie: a maximum of the symbol integer). Among them, the UID between 0 ~ 99 is retained for system account, so conventional users should not use these UIDs. Although a UID can be 2147483647, we do not recommend using a UID with a size of more than 60000. The UID60001 and 60002 belong to the default user Nobody and NoAccess, respectively.
UID more than 60003 accounts will have problems when using some naming or service. For example, NFS and NIS services, PS -L, CPIO, AR, and TAR commands. And the old version of Solaris will also generate compatibility issues because some old version of Solaris cannot recognize the UID greater than 65534.
UID is not only used to identify the user, but also by the system to identify the owner of the file and directory. In an example of 10 users and 10 workstations we have just used, the best way to create different users on all machines is to use the same UID on all machines for the same username. This will not appear when the file is transmitted between the computer.
The user cannot use the already existing UID when creating, but after being created, it can modify the UID to the UID of other users. Multiple users use the same UID to bring serious security issues, so we do not recommend such operations.
Note: To minimize security hidden dangers, do not reuse the UID from which the user who has already been deleted. Solaris permission management is based on the UID. Reuters the old UID (already deleted), will have access to our users who do not want him to access the resources without the intention.
