OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Michael Schloh
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-doc Date: 14-Jan-2003 11:36:10
Branch: HEAD Handle: 2003011410360900
Modified files:
openpkg-doc/handbook openpkg.xml
Log:
Add text for forgotten user and group name superuser.
Summary:
Revision Changes Path
1.63 +39 -18 openpkg-doc/handbook/openpkg.xml
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-doc/handbook/openpkg.xml
============================================================================
$ cvs diff -u -r1.62 -r1.63 openpkg.xml
--- openpkg-doc/handbook/openpkg.xml 14 Jan 2003 10:11:40 -0000 1.62
+++ openpkg-doc/handbook/openpkg.xml 14 Jan 2003 10:36:09 -0000 1.63
@@ -715,37 +715,48 @@
<title>Security Through Userids and Groupids</title>
<para>
OpenPKG installs three userid and groupid pairs during bootstrap.
- OpenPKG is designed with good security in mind, and thus provides
- three userid and groupid pairs. Whereas one pair might often suffice,
- the three distinct pairs allow for finer granularity. In some cases, a
+ OpenPKG is designed with good security in mind, and thus provides four
+ userid and groupid pairs. Whereas one pair might often suffice, the
+ four distinct pairs allow for finer granularity. In some cases, a
software application will actually require a more privileged or less
privileged user and group pair in addition to the normal pair. Many
- daemon packages use the special user and group for improving security,
- for example.
+ daemon packages use such special users and groups for improving
+ security, for example.
</para>
<para>
- By default, one userid created during bootstrap has the same name as
- the OpenPKG instance. Another userid simply adds a '-r' extension to
- the first, and indicates the restricted user. The last userid adds a
- '-n' extension to the first, and indicates the non-priviledged user.
+ As described in <xref linkend='bstrap-linked'/>, the installing
+ administrator must give a user and group name as arguments when
+ bootstrapping a new OpenPKG instance. This user and group name pair
+ indicates the management user and group. If the administrator does not
+ explicitly specify the additional superuser, restricted and
+ non-priviledged user and group names, they will be determined by using
+ the given management user and group names as a template.
+
+ By default, the restricted user name will match that of the management
+ user, adding a '-r' extension. The non-priviledged user name will match
+ that of the management user, but add a '-n' extension instead. The
+ superuser user name is 'root' by default.
+
The new OpenPKG groupids are handled in the same way. For example, if
an OpenPKG instance is bootstrapped to the directory called 'cw', then
- the three associated userids will be 'cw', 'cw-r', and 'cw-n'. The
- three associated groupids will be 'cw', 'cw-r', and 'cw-n'. The
- administrator can read the unix password file /etc/passwd and unix
- group file /etc/group to see the new entries.
+ the four associated userids will be 'cw', 'cw-r', 'cw-n', and 'root'.
+ The four associated groupids will be 'cw', 'cw-r', 'cw-n', and 'root'
+ or 'wheel' (or whatever the system-particular superuser group name
+ is). The administrator can read the unix password file /etc/passwd and
+ unix group file /etc/group to see the new entries.
</para>
<sect2>
<title>Arguments given during bootstrap</title>
<para>
- This behaviour is true by default, but may be customized to suit the
+ The additional user and group names may be customized to suit the
needs of the administrator. Additional arguments may be give when
- running the bootstrapper (see <xref linkend='bstrap-overview'/>)
- to accommodate special user and group names. Specify the name of the
+ running the bootstrapper (see <xref linkend='bstrap-overview'/>) to
+ accommodate special user and group names. Specify the name of the
management user with --musr=<name>, the restricted user with
- --rusr=<name>, and the non-priviledged user with --nusr=<name>.
+ --rusr=<name>, the non-priviledged user with
+ --nusr=<name>, and the superuser user with --susr=<name>.
Accordingly, group names can be specified with --mgrp=<name>,
- --rgrp=<name>, and --ngrp=<name>.
+ --rgrp=<name>, --ngrp=<name>, and --sgrp=<name>.
</para>
<itemizedlist>
<listitem>
@@ -765,6 +776,11 @@
</listitem>
<listitem>
<simpara>
+ --susr=<superuser user name>
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
--mgrp=<management group name>
</simpara>
</listitem>
@@ -776,6 +792,11 @@
<listitem>
<simpara>
--ngrp=<non-priviledged group name>
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ --sgrp=<superuser group name>
</simpara>
</listitem>
</itemizedlist>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
