Changes

CentOS Linux Distribution Reference

2,372 bytes added, 03:50, 22 January 2014
The following lines were added (+) and removed (-):
== iptables/netfilter ==see if iptables is actually running # lsmod | grep table # iptables -LSave new IP tables entered- writes the current iptables configuration to /etc/sysconfig/iptables # /sbin/service iptables saveDo not use 'service iptables save' == adding new users to system ==set up all the defaults for useradd # cd /etc/skelset all the profile defaults, such as in .bash_profile # vi /etc/login.defsEvery new user is assigned to an initial (or primary) group. Two conventions exist.Traditionally this primary group is the same for all users and is called users with a group id (GID) of 100. Many Linux distributions adhere to this convention such as Suse and Debian.The User Private Group scheme (UPG) was introduced by RedHat and changes this convention without changing the way in which UNIX groups work. With UPG each new user belongs to their own primary group. The group has the same name as the login-name (default), and the GID is in the 500 to 60000 range (same as UIDs).NOTE: When using the traditional scheme for groups the user’s umask (see LPI 101) is set to 022, whereas in the UPG scheme the umask is set to 002.ref: http://en.wikibooks.org/wiki/Ict-innovation/LPI/107.1== /sbin/nologin vs /bin/false ==When /sbin/nologin is set as the shell, if user with that shell logs in, they'll get a polite message saying 'This account is currently not available.'. This message can be changed with the file /etc/nologin.txt./bin/false is just a binary that immediately exits, returning false, when its called, so when someone who has false as shell logs in, they're immediately logged out when false exits. Setting the shell to /bin/true has the same affect of not allowing someone to log in but false is probably used as a convention over true since its much better at conveying the concept that person doesn't have a shell.Looking at nologin's man page, it says it was created in 4.4 BSD (early 1990s) so it came long after false was created. The use of false as a shell is probably just a convention carried over from the early days of UNIX.nologin is the more user friendly option, with a customizable message given to the user trying to login, so you would theoretically want to use that but both nologin and false will have the same end result of someone not having a shell and not being able to ssh in.
Bureaucrat, administrator
16,225
edits