https://wiki.archlinux.org/api.php?action=feedcontributions&user=Gen2ly&feedformat=atomArchWiki - User contributions [en]2024-03-29T15:24:38ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=User_talk:Lahwaacz&diff=368032User talk:Lahwaacz2015-03-31T15:18:57Z<p>Gen2ly: /* Article discussion prior to deletion argument */ Response, close section</p>
<hr />
<div>== Regex for replacing = codes ==<br />
<br />
Hi, regarding [[User:Lahwaacz#User:Lahwaacz#Regex_for_replacing_.3D_codes]] do you intend to use a similar expression with the editor assistant or directly with the bot? In the latter case I think it would be pretty dangerous, for example it would break templates that already use a named parameter, e.g. {{ic|<nowiki>{{Template|parameter=value}}</nowiki>}} would be turned into {{ic|<nowiki>{{Template|1=parameter=value}}</nowiki>}}. -- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 16:57, 21 March 2014 (UTC)<br />
<br />
:I used it [https://wiki.archlinux.org/index.php?title=Systemd-networkd&diff=prev&oldid=306182 only once] and don't have any specific plans, but I'm quite certain I will need to use it again sometimes... Thanks for the warning, I will be cautious. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 17:50, 21 March 2014 (UTC)<br />
<br />
== PodCastXDL ==<br />
<br />
About [https://wiki.archlinux.org/index.php?title=List_of_applications/Internet&diff=prev&oldid=323048] (and [https://wiki.archlinux.org/index.php?title=List_of_applications/Internet&diff=next&oldid=323048]) [[User:Levi0x0x]], who should have indeed provided an edit summary, appears to be the developer of the application and the maintainer of the PKGBUILD. I would keep his edit. -- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 00:45, 5 July 2014 (UTC)<br />
<br />
:I know - I've seen also [https://wiki.archlinux.org/index.php?title=MPlayer&diff=next&oldid=322278 bash-player] removed, both from wiki and Github (it seems the repo has been recreated from scratch). PodCastXDL has always been available upstream. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 08:20, 5 July 2014 (UTC)<br />
<br />
::Didn't he add it to the list one week ago? [https://wiki.archlinux.org/index.php?title=List_of_applications/Internet&diff=prev&oldid=322258] Maybe he's found some bug and doesn't want people to use it until he fixes it? Anyway I'm not that interested, we can as well see if/how Levi0x0x reacts. -- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 04:32, 6 July 2014 (UTC)<br />
<br />
== Netctl ==<br />
The variables ACTION, INTERFACE, SSID, and Profile are '''only''' exported by auto.action and '''only'''<br />
netctl-auto uses that script. So if your not using netctl-auto then they don't do anything. [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 08:35, 27 December 2014 (UTC)<br />
<br />
:That may be true, but that's not reason to remove the ''expansion'' flag from the page. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 08:45, 27 December 2014 (UTC)<br />
<br />
== <del>Article discussion prior to deletion argument</del> ==<br />
<br />
On 2015-03-24T13:21:22, [[User:Lahwaacz|Lahwaacz]] deleted article [[Firefox/Font_type_and_size]].<br />
<br />
I believe that it is Arch Linux wiki policy and general wiki policy to have discussions before article deletions. Exceptions that I have known have been for has been instances, for example, like original research, intentional vandalism, sensitive details related to personal biographies, and similar criteria. The reasons given for the deletion do not belong to the noted exceptions and any other reasons that I know:<br />
<br />
: "ArchWiki is not your blog (inappropriate language, not specific to Firefox, duplicates other pages: Fonts, Font configuration)"<br />
<br />
[[User:Gen2ly|Gently]] ([[User talk:Gen2ly|talk]]) 14:26, 25 March 2015 (UTC)<br />
<br />
:The page was not deleted but moved to [[User:Gen2ly/Firefox/Font_type_and_size]]. This is not an excuse, just to set things right. This case indeed does not fall into the exceptions you've named, but I believe that low quality is good enough reason to move a page into the userspace. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 15:31, 25 March 2015 (UTC)<br />
<br />
:: The "low quality" quip is unnecessary and I think we as wiki administrators would do good to try and be accurately descriptive particularly on such serious actions. If this action and comment is for personal reasons, please mention so and I'll contact you by email where that discussion would be more appropriate. Otherwise, if can be gotten over please continue to read.<br />
<br />
:: I went to the article the day after and saw initially the notice "This page has been deleted...". This was new to me. I have since learned that moving a page without a redirect would leave this message. This message may bear discussion in similar form in the future but as it is now, this topic is erroneous and considered closed by me. (To deal with the "moving to userspace" reasoning I will take a tangential angle and open a discussion bearing the reasons for the move and attempt to resolve them (in the attempt to be as helpful as possible). If the topic is of interest, please visit and leave a comment if it is desirable [[User_talk:Gen2ly/Web_browser_font_type_and_size#Article_adoption_inquiry|there]].)<br />
<br />
:: [[User:Gen2ly|Gently]] ([[User talk:Gen2ly|talk]]) 15:18, 31 March 2015 (UTC)</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User_talk:Gen2ly/Web_browser_font_type_and_size&diff=368031User talk:Gen2ly/Web browser font type and size2015-03-31T15:17:51Z<p>Gen2ly: Discussion for possible article acceptance</p>
<hr />
<div>== Article adoption inquiry ==<br />
<br />
This section is an attempt to resolve any conflicting thoughts this article may encounter so as to attempt its acceptance. As its sole author to this point I would like to mention that the time span for this an article's acceptance is open — it could be a day, days, weeks, whatever users may feel is necessary.<br />
<br />
This article has been moved to userspace by [[User:Lahwaacz]] for the following reasons:<br />
<br />
# ArchWiki is not your blog<br />
# Inappropriate language<br />
# Not specific to Firefox<br />
# Duplicates other pages: Fonts, Font configuration<br />
<br />
I have made several edits to this page that to help resolve these issues, particularly two and three. It has been rewritten to be web browser agnostic and reviewed for leniencies that may have effect a neutral point of view. For four, I have removed specific font mentions and put a referral to [[Fonts]] as this is my best guess as to what the [[Font configuration]] reasoning was meant for. The original version is [https://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&oldid=366981 this] and the current version is [[User:Gen2ly/Web browser font type and size|this]] to use for comparison.<br />
<br />
Users thoughts, contributions, and suggestions are appreciated. Please be free to do any edits, comments below...</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Firefox/Font_type_and_size&diff=367534User:Gen2ly/Firefox/Font type and size2015-03-28T14:35:28Z<p>Gen2ly: Gen2ly moved page User:Gen2ly/Firefox/Font type and size to User:Gen2ly/Web browser font type and size: Browser agnostic changes to make article represent other web browser</p>
<hr />
<div>#REDIRECT [[User:Gen2ly/Web browser font type and size]]</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367533User:Gen2ly/Web browser font type and size2015-03-28T14:35:28Z<p>Gen2ly: Gen2ly moved page User:Gen2ly/Firefox/Font type and size to User:Gen2ly/Web browser font type and size: Browser agnostic changes to make article represent other web browser</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A majority of web pages define their fonts with Microsoft's fonts, typically Arial. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. See [[Fonts]] for noted font packages that may be of use.<br />
<br />
{{Note|There are other fonts on a web page that may be discovered but are not required to be installed. These fonts are attached to the web page and get downloaded along with it. FYI for those that are interested, for the web browers and web pages that allow it, these fonts can be downloaded (typically from the right-click menu).}}<br />
<br />
== Font type ==<br />
<br />
Most web browsers have the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help their recognition. This typeface can improve readability and is the one commonly used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because on these type of monitors serif typefaces cannot be accurately reproduced (and hence, readable). ''San-serif'' typefaces are still used on a good number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code easier to review.<br />
<br />
When choosing a font keep in mind that tastes are personal. Deciphering what font to use based on how the user reads is the primary consideration. Also keep in mind to not choose a font that just grabs the attention. See the examples below to compare various font types.<br />
<br />
{{Note|The overall effect when defining web browser typefaces will vary on the pages the user views — many web pages define a specific font type rather than a generic typeface. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other typefaces. Occasionally different typefaces are placed together so sizing them physically alike can help reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table displays the defined typefaces and their sizes. To be sure and get an accurate representation, check that the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
These tables displays the common font types in various sizes. The CSS values of {{ic|small}}, {{ic|medium}}, and {{ic|large}} are used.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|-<br />
| colspan="3"|<br />
|-<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|-<br />
| colspan="3"|<br />
|-<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|-<br />
| colspan="3"|<br />
|-<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|-<br />
| colspan="3"|<br />
|-<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367532User:Gen2ly/Web browser font type and size2015-03-28T14:33:37Z<p>Gen2ly: /* Common fonts example */ Tables return to singular format — read alignment, easier.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A majority of web pages define their fonts with Microsoft's fonts, typically Arial. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. See [[Fonts]] for noted font packages that may be of use.<br />
<br />
{{Note|There are other fonts on a web page that may be discovered but are not required to be installed. These fonts are attached to the web page and get downloaded along with it. FYI for those that are interested, for the web browers and web pages that allow it, these fonts can be downloaded (typically from the right-click menu).}}<br />
<br />
== Font type ==<br />
<br />
Most web browsers have the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help their recognition. This typeface can improve readability and is the one commonly used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because on these type of monitors serif typefaces cannot be accurately reproduced (and hence, readable). ''San-serif'' typefaces are still used on a good number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code easier to review.<br />
<br />
When choosing a font keep in mind that tastes are personal. Deciphering what font to use based on how the user reads is the primary consideration. Also keep in mind to not choose a font that just grabs the attention. See the examples below to compare various font types.<br />
<br />
{{Note|The overall effect when defining web browser typefaces will vary on the pages the user views — many web pages define a specific font type rather than a generic typeface. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other typefaces. Occasionally different typefaces are placed together so sizing them physically alike can help reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table displays the defined typefaces and their sizes. To be sure and get an accurate representation, check that the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
These tables displays the common font types in various sizes. The CSS values of {{ic|small}}, {{ic|medium}}, and {{ic|large}} are used.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|-<br />
| colspan="3"|<br />
|-<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|-<br />
| colspan="3"|<br />
|-<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|-<br />
| colspan="3"|<br />
|-<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|-<br />
| colspan="3"|<br />
|-<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367531User:Gen2ly/Web browser font type and size2015-03-28T14:28:14Z<p>Gen2ly: /* Common fonts example */ Reorder wording of introduction for better explanation, and expand two topic into two sentences.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A majority of web pages define their fonts with Microsoft's fonts, typically Arial. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. See [[Fonts]] for noted font packages that may be of use.<br />
<br />
{{Note|There are other fonts on a web page that may be discovered but are not required to be installed. These fonts are attached to the web page and get downloaded along with it. FYI for those that are interested, for the web browers and web pages that allow it, these fonts can be downloaded (typically from the right-click menu).}}<br />
<br />
== Font type ==<br />
<br />
Most web browsers have the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help their recognition. This typeface can improve readability and is the one commonly used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because on these type of monitors serif typefaces cannot be accurately reproduced (and hence, readable). ''San-serif'' typefaces are still used on a good number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code easier to review.<br />
<br />
When choosing a font keep in mind that tastes are personal. Deciphering what font to use based on how the user reads is the primary consideration. Also keep in mind to not choose a font that just grabs the attention. See the examples below to compare various font types.<br />
<br />
{{Note|The overall effect when defining web browser typefaces will vary on the pages the user views — many web pages define a specific font type rather than a generic typeface. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other typefaces. Occasionally different typefaces are placed together so sizing them physically alike can help reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table displays the defined typefaces and their sizes. To be sure and get an accurate representation, check that the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
These tables displays the common font types in various sizes. The CSS values of {{ic|small}}, {{ic|medium}}, and {{ic|large}} are used.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367530User:Gen2ly/Web browser font type and size2015-03-28T14:26:58Z<p>Gen2ly: /* Defined typefaces example */ Introduction redefine "representation" to "displays" as seems appropriate for a table.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A majority of web pages define their fonts with Microsoft's fonts, typically Arial. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. See [[Fonts]] for noted font packages that may be of use.<br />
<br />
{{Note|There are other fonts on a web page that may be discovered but are not required to be installed. These fonts are attached to the web page and get downloaded along with it. FYI for those that are interested, for the web browers and web pages that allow it, these fonts can be downloaded (typically from the right-click menu).}}<br />
<br />
== Font type ==<br />
<br />
Most web browsers have the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help their recognition. This typeface can improve readability and is the one commonly used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because on these type of monitors serif typefaces cannot be accurately reproduced (and hence, readable). ''San-serif'' typefaces are still used on a good number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code easier to review.<br />
<br />
When choosing a font keep in mind that tastes are personal. Deciphering what font to use based on how the user reads is the primary consideration. Also keep in mind to not choose a font that just grabs the attention. See the examples below to compare various font types.<br />
<br />
{{Note|The overall effect when defining web browser typefaces will vary on the pages the user views — many web pages define a specific font type rather than a generic typeface. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other typefaces. Occasionally different typefaces are placed together so sizing them physically alike can help reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table displays the defined typefaces and their sizes. To be sure and get an accurate representation, check that the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367529User:Gen2ly/Web browser font type and size2015-03-28T14:25:01Z<p>Gen2ly: /* Font size */ Remove italics on typefaces as no real purpose here for it. Reorder last sentence wording for better explanation.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A majority of web pages define their fonts with Microsoft's fonts, typically Arial. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. See [[Fonts]] for noted font packages that may be of use.<br />
<br />
{{Note|There are other fonts on a web page that may be discovered but are not required to be installed. These fonts are attached to the web page and get downloaded along with it. FYI for those that are interested, for the web browers and web pages that allow it, these fonts can be downloaded (typically from the right-click menu).}}<br />
<br />
== Font type ==<br />
<br />
Most web browsers have the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help their recognition. This typeface can improve readability and is the one commonly used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because on these type of monitors serif typefaces cannot be accurately reproduced (and hence, readable). ''San-serif'' typefaces are still used on a good number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code easier to review.<br />
<br />
When choosing a font keep in mind that tastes are personal. Deciphering what font to use based on how the user reads is the primary consideration. Also keep in mind to not choose a font that just grabs the attention. See the examples below to compare various font types.<br />
<br />
{{Note|The overall effect when defining web browser typefaces will vary on the pages the user views — many web pages define a specific font type rather than a generic typeface. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other typefaces. Occasionally different typefaces are placed together so sizing them physically alike can help reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367528User:Gen2ly/Web browser font type and size2015-03-28T14:23:31Z<p>Gen2ly: /* Font type */ Expand on note to mention that web browsers define typefaces.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A majority of web pages define their fonts with Microsoft's fonts, typically Arial. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. See [[Fonts]] for noted font packages that may be of use.<br />
<br />
{{Note|There are other fonts on a web page that may be discovered but are not required to be installed. These fonts are attached to the web page and get downloaded along with it. FYI for those that are interested, for the web browers and web pages that allow it, these fonts can be downloaded (typically from the right-click menu).}}<br />
<br />
== Font type ==<br />
<br />
Most web browsers have the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help their recognition. This typeface can improve readability and is the one commonly used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because on these type of monitors serif typefaces cannot be accurately reproduced (and hence, readable). ''San-serif'' typefaces are still used on a good number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code easier to review.<br />
<br />
When choosing a font keep in mind that tastes are personal. Deciphering what font to use based on how the user reads is the primary consideration. Also keep in mind to not choose a font that just grabs the attention. See the examples below to compare various font types.<br />
<br />
{{Note|The overall effect when defining web browser typefaces will vary on the pages the user views — many web pages define a specific font type rather than a generic typeface. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367527User:Gen2ly/Web browser font type and size2015-03-28T14:22:18Z<p>Gen2ly: /* Font type */ "Deciphering what font" to own sentence as is its own topic.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A majority of web pages define their fonts with Microsoft's fonts, typically Arial. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. See [[Fonts]] for noted font packages that may be of use.<br />
<br />
{{Note|There are other fonts on a web page that may be discovered but are not required to be installed. These fonts are attached to the web page and get downloaded along with it. FYI for those that are interested, for the web browers and web pages that allow it, these fonts can be downloaded (typically from the right-click menu).}}<br />
<br />
== Font type ==<br />
<br />
Most web browsers have the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help their recognition. This typeface can improve readability and is the one commonly used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because on these type of monitors serif typefaces cannot be accurately reproduced (and hence, readable). ''San-serif'' typefaces are still used on a good number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code easier to review.<br />
<br />
When choosing a font keep in mind that tastes are personal. Deciphering what font to use based on how the user reads is the primary consideration. Also keep in mind to not choose a font that just grabs the attention. See the examples below to compare various font types.<br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own font types. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367526User:Gen2ly/Web browser font type and size2015-03-28T14:20:30Z<p>Gen2ly: /* Font type */ "more easily reviewed" to "easier to review" as it feels more natural to speak.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A majority of web pages define their fonts with Microsoft's fonts, typically Arial. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. See [[Fonts]] for noted font packages that may be of use.<br />
<br />
{{Note|There are other fonts on a web page that may be discovered but are not required to be installed. These fonts are attached to the web page and get downloaded along with it. FYI for those that are interested, for the web browers and web pages that allow it, these fonts can be downloaded (typically from the right-click menu).}}<br />
<br />
== Font type ==<br />
<br />
Most web browsers have the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help their recognition. This typeface can improve readability and is the one commonly used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because on these type of monitors serif typefaces cannot be accurately reproduced (and hence, readable). ''San-serif'' typefaces are still used on a good number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code easier to review.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own font types. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367525User:Gen2ly/Web browser font type and size2015-03-28T14:19:09Z<p>Gen2ly: /* Font type */ Re-describe sans-serif explanation of font reproducible accuracy to be more direct.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A majority of web pages define their fonts with Microsoft's fonts, typically Arial. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. See [[Fonts]] for noted font packages that may be of use.<br />
<br />
{{Note|There are other fonts on a web page that may be discovered but are not required to be installed. These fonts are attached to the web page and get downloaded along with it. FYI for those that are interested, for the web browers and web pages that allow it, these fonts can be downloaded (typically from the right-click menu).}}<br />
<br />
== Font type ==<br />
<br />
Most web browsers have the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help their recognition. This typeface can improve readability and is the one commonly used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because on these type of monitors serif typefaces cannot be accurately reproduced (and hence, readable). ''San-serif'' typefaces are still used on a good number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own font types. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367524User:Gen2ly/Web browser font type and size2015-03-28T14:17:39Z<p>Gen2ly: /* Font type */ Reword serif description for partiality.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A majority of web pages define their fonts with Microsoft's fonts, typically Arial. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. See [[Fonts]] for noted font packages that may be of use.<br />
<br />
{{Note|There are other fonts on a web page that may be discovered but are not required to be installed. These fonts are attached to the web page and get downloaded along with it. FYI for those that are interested, for the web browers and web pages that allow it, these fonts can be downloaded (typically from the right-click menu).}}<br />
<br />
== Font type ==<br />
<br />
Most web browsers have the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help their recognition. This typeface can improve readability and is the one commonly used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces cannot accurately reproduce serif fonts that will improve their readability. ''San-serif'' typefaces are still used by number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own font types. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367523User:Gen2ly/Web browser font type and size2015-03-28T14:16:42Z<p>Gen2ly: /* Font type */ Remove Firefox-specific mention on typeface introduction and apply it to "Most web browsers".</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A majority of web pages define their fonts with Microsoft's fonts, typically Arial. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. See [[Fonts]] for noted font packages that may be of use.<br />
<br />
{{Note|There are other fonts on a web page that may be discovered but are not required to be installed. These fonts are attached to the web page and get downloaded along with it. FYI for those that are interested, for the web browers and web pages that allow it, these fonts can be downloaded (typically from the right-click menu).}}<br />
<br />
== Font type ==<br />
<br />
Most web browsers have the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease their recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces cannot accurately reproduce serif fonts that will improve their readability. ''San-serif'' typefaces are still used by number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own font types. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367522User:Gen2ly/Web browser font type and size2015-03-28T14:15:04Z<p>Gen2ly: /* Font availability */ Edit note to better describe that not action is required for web page attached fonts. Make sure note is browser agnostic.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A majority of web pages define their fonts with Microsoft's fonts, typically Arial. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. See [[Fonts]] for noted font packages that may be of use.<br />
<br />
{{Note|There are other fonts on a web page that may be discovered but are not required to be installed. These fonts are attached to the web page and get downloaded along with it. FYI for those that are interested, for the web browers and web pages that allow it, these fonts can be downloaded (typically from the right-click menu).}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease their recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces cannot accurately reproduce serif fonts that will improve their readability. ''San-serif'' typefaces are still used by number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own font types. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367521User:Gen2ly/Web browser font type and size2015-03-28T14:12:50Z<p>Gen2ly: /* Font availability */ Removal of specific font mentions, instead use referral to Fonts article.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A majority of web pages define their fonts with Microsoft's fonts, typically Arial. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. See [[Fonts]] for noted font packages that may be of use.<br />
<br />
{{Note|There are other fonts that may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease their recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces cannot accurately reproduce serif fonts that will improve their readability. ''San-serif'' typefaces are still used by number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own font types. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367520User:Gen2ly/Web browser font type and size2015-03-28T14:11:25Z<p>Gen2ly: /* Font availability */ Firefox specific plugin mention change to all web browsers, new paragraph as is separate subject.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts, one way to discover what they are would be to use an add-on or plugin. Various web browser extensions exist that can do this; for instance, Firefox has as add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] that when a web page font is selected, right clicking on the font will display the its type and size.<br />
<br />
A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts that may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease their recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces cannot accurately reproduce serif fonts that will improve their readability. ''San-serif'' typefaces are still used by number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own font types. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367519User:Gen2ly/Web browser font type and size2015-03-28T14:09:34Z<p>Gen2ly: /* Font availability */ "feel right" removed to help point of view, some expansion for better explanation of first paragraph.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel as the designer had in mind, the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Any missing fonts that are made available to a web page can have an influence on the design and have a emotional affect that may not have been realized before.<br />
<br />
To help discover any missing fonts a Firefox add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] can be used. When it is installed and a web page font is selected, right clicking on the font will display the its type and size. A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts that may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease their recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces cannot accurately reproduce serif fonts that will improve their readability. ''San-serif'' typefaces are still used by number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own font types. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367518User:Gen2ly/Web browser font type and size2015-03-28T13:57:58Z<p>Gen2ly: /* Lead */ Expand "example representation..." to "example is given..." as is easier to understand.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, so that they may be judged, an example is given that displays the font type and size of the current settings.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel right — as the designer had in mind — the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Making available any missing fonts to a web page uses can add extra touches that may have not been realized before.<br />
<br />
To help discover any missing fonts a Firefox add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] can be used. When it is installed and a web page font is selected, right clicking on the font will display the its type and size. A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts that may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease their recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces cannot accurately reproduce serif fonts that will improve their readability. ''San-serif'' typefaces are still used by number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own font types. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367517User:Gen2ly/Web browser font type and size2015-03-28T13:55:29Z<p>Gen2ly: /* Lead */ "To setup preferential..." to "define... font settings" as is more commonly stated.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To define the web browser's font settings involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, an example representation of the font type and size of the current settings if given so that they may be judged.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel right — as the designer had in mind — the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Making available any missing fonts to a web page uses can add extra touches that may have not been realized before.<br />
<br />
To help discover any missing fonts a Firefox add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] can be used. When it is installed and a web page font is selected, right clicking on the font will display the its type and size. A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts that may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease their recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces cannot accurately reproduce serif fonts that will improve their readability. ''San-serif'' typefaces are still used by number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own font types. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367516User:Gen2ly/Web browser font type and size2015-03-28T13:53:40Z<p>Gen2ly: /* Lead */ Remove good and just use "help the experience" to help neutral point of view</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help the experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To setup preferential font definitions the process involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, an example representation of the font type and size of the current settings if given so that they may be judged.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel right — as the designer had in mind — the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Making available any missing fonts to a web page uses can add extra touches that may have not been realized before.<br />
<br />
To help discover any missing fonts a Firefox add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] can be used. When it is installed and a web page font is selected, right clicking on the font will display the its type and size. A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts that may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease their recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces cannot accurately reproduce serif fonts that will improve their readability. ''San-serif'' typefaces are still used by number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own font types. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367392User:Gen2ly/Web browser font type and size2015-03-27T14:35:30Z<p>Gen2ly: /* Font type */ Added "font types" to end of sentence as the sentences direction isn't clearly explicit.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help create a good experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To setup preferential font definitions the process involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, an example representation of the font type and size of the current settings if given so that they may be judged.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel right — as the designer had in mind — the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Making available any missing fonts to a web page uses can add extra touches that may have not been realized before.<br />
<br />
To help discover any missing fonts a Firefox add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] can be used. When it is installed and a web page font is selected, right clicking on the font will display the its type and size. A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts that may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease their recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces cannot accurately reproduce serif fonts that will improve their readability. ''San-serif'' typefaces are still used by number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own font types. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367390User:Gen2ly/Web browser font type and size2015-03-27T14:33:56Z<p>Gen2ly: /* Font type */ "well used" to "a number of web pages" to to and help point of view... though real fix would probably require attribution</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help create a good experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To setup preferential font definitions the process involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, an example representation of the font type and size of the current settings if given so that they may be judged.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel right — as the designer had in mind — the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Making available any missing fonts to a web page uses can add extra touches that may have not been realized before.<br />
<br />
To help discover any missing fonts a Firefox add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] can be used. When it is installed and a web page font is selected, right clicking on the font will display the its type and size. A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts that may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease their recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces cannot accurately reproduce serif fonts that will improve their readability. ''San-serif'' typefaces are still used by number of web pages.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367386User:Gen2ly/Web browser font type and size2015-03-27T14:28:48Z<p>Gen2ly: /* Font type */ "well reproduced" to more fact based description to try and help neutral point of view.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help create a good experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To setup preferential font definitions the process involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, an example representation of the font type and size of the current settings if given so that they may be judged.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel right — as the designer had in mind — the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Making available any missing fonts to a web page uses can add extra touches that may have not been realized before.<br />
<br />
To help discover any missing fonts a Firefox add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] can be used. When it is installed and a web page font is selected, right clicking on the font will display the its type and size. A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts that may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease their recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces cannot accurately reproduce serif fonts that will improve their readability. ''Sans-serif'' fonts are still well used.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367384User:Gen2ly/Web browser font type and size2015-03-27T14:25:52Z<p>Gen2ly: /* Font type */ "character recognition" to just "their recog..." as the topic is obvious</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help create a good experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To setup preferential font definitions the process involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, an example representation of the font type and size of the current settings if given so that they may be judged.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel right — as the designer had in mind — the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Making available any missing fonts to a web page uses can add extra touches that may have not been realized before.<br />
<br />
To help discover any missing fonts a Firefox add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] can be used. When it is installed and a web page font is selected, right clicking on the font will display the its type and size. A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts that may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease their recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces can not be very well reproduced, and hence readable. ''Sans-serif'' fonts are still well used.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367377User:Gen2ly/Web browser font type and size2015-03-27T14:18:29Z<p>Gen2ly: /* Font availability */ "fonts may" to "fonts that may" — missing a "that" that is required for introducing a description.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help create a good experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To setup preferential font definitions the process involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, an example representation of the font type and size of the current settings if given so that they may be judged.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel right — as the designer had in mind — the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Making available any missing fonts to a web page uses can add extra touches that may have not been realized before.<br />
<br />
To help discover any missing fonts a Firefox add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] can be used. When it is installed and a web page font is selected, right clicking on the font will display the its type and size. A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts that may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease character recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces can not be very well reproduced, and hence readable. ''Sans-serif'' fonts are still well used.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367376User:Gen2ly/Web browser font type and size2015-03-27T14:16:43Z<p>Gen2ly: /* Font availability */ "define their font with others", adopting form from previous two other explanations.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help create a good experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To setup preferential font definitions the process involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, an example representation of the font type and size of the current settings if given so that they may be judged.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel right — as the designer had in mind — the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Making available any missing fonts to a web page uses can add extra touches that may have not been realized before.<br />
<br />
To help discover any missing fonts a Firefox add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] can be used. When it is installed and a web page font is selected, right clicking on the font will display the its type and size. A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define their fonts with others. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease character recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces can not be very well reproduced, and hence readable. ''Sans-serif'' fonts are still well used.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367375User:Gen2ly/Web browser font type and size2015-03-27T14:14:46Z<p>Gen2ly: /* Font availability */ "nice" to "extra" to try and help support neutral point of view</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help create a good experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To setup preferential font definitions the process involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, an example representation of the font type and size of the current settings if given so that they may be judged.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel right — as the designer had in mind — the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Making available any missing fonts to a web page uses can add extra touches that may have not been realized before.<br />
<br />
To help discover any missing fonts a Firefox add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] can be used. When it is installed and a web page font is selected, right clicking on the font will display the its type and size. A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define other fonts. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease character recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces can not be very well reproduced, and hence readable. ''Sans-serif'' fonts are still well used.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=367303User:Gen2ly/Users and groups2015-03-26T17:02:51Z<p>Gen2ly: /* Pre-systemd groups */ Added description to what systemd is defined as.</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, the description means the names which represent those users. The name may be Mary or Bill, or it may be an assumed name like Dragonlady or Pirate that are used in place of the real name. The important detail to know is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To learn about file permissions read [[File permissions and attributes]].<br />
<br />
{{Warning|The following tools are powerful and should only be used with knowledgeable effect, improper settings may damage the functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines the user's initial login group by name or number. It must refer to an already existing group. If not specified the {{ic|USERGROUPS_ENAB}} variable in the file {{ic|/etc/login.defs}} will be used and the default value of {{ic|yes}} will specify the creation a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell by its executable path. The path will need to match shells listed in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any amount as long as a they are uniquely named (a few reserved names exist, however, for use with system services or for privileged user accounts such as "root").}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{Warning|For a system with multiple users, sharing a common initial group such as "users" may have security concerns. When working with shared directories, there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to any in this group. If this is a possibility, consider omitting the {{ic|--gid}} option to have ''useradd'' create a custom initial group that matches the username. (The {{ic|/home/username}} directories are not effected as are created with user-only allowances.}}<br />
<br />
=== User manipulation ===<br />
<br />
To modify a password an a user account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Finger information may be connected to the user (it is not necessary however and has limited usage). A few programs may query finger for Full Name, work room, phone, or home phone, read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available with the AUR packages: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that carries out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To display all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To modify the initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Group memberships become effective only on user login — membership alterations for currently logged in users will require another login for them to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privilege escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]] system management. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=367302User:Gen2ly/Users and groups2015-03-26T16:59:06Z<p>Gen2ly: /* Group management */ "change" to "modify" to follow article terminology. Tip reword for brevity.</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, the description means the names which represent those users. The name may be Mary or Bill, or it may be an assumed name like Dragonlady or Pirate that are used in place of the real name. The important detail to know is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To learn about file permissions read [[File permissions and attributes]].<br />
<br />
{{Warning|The following tools are powerful and should only be used with knowledgeable effect, improper settings may damage the functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines the user's initial login group by name or number. It must refer to an already existing group. If not specified the {{ic|USERGROUPS_ENAB}} variable in the file {{ic|/etc/login.defs}} will be used and the default value of {{ic|yes}} will specify the creation a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell by its executable path. The path will need to match shells listed in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any amount as long as a they are uniquely named (a few reserved names exist, however, for use with system services or for privileged user accounts such as "root").}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{Warning|For a system with multiple users, sharing a common initial group such as "users" may have security concerns. When working with shared directories, there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to any in this group. If this is a possibility, consider omitting the {{ic|--gid}} option to have ''useradd'' create a custom initial group that matches the username. (The {{ic|/home/username}} directories are not effected as are created with user-only allowances.}}<br />
<br />
=== User manipulation ===<br />
<br />
To modify a password an a user account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Finger information may be connected to the user (it is not necessary however and has limited usage). A few programs may query finger for Full Name, work room, phone, or home phone, read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available with the AUR packages: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that carries out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To display all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To modify the initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Group memberships become effective only on user login — membership alterations for currently logged in users will require another login for them to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privilege escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=367300User:Gen2ly/Users and groups2015-03-26T16:52:22Z<p>Gen2ly: /* User manipulation */ Correct verb "add" to "modify" as is correct term, re-describe finger usage in hopefully a more neutralway</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, the description means the names which represent those users. The name may be Mary or Bill, or it may be an assumed name like Dragonlady or Pirate that are used in place of the real name. The important detail to know is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To learn about file permissions read [[File permissions and attributes]].<br />
<br />
{{Warning|The following tools are powerful and should only be used with knowledgeable effect, improper settings may damage the functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines the user's initial login group by name or number. It must refer to an already existing group. If not specified the {{ic|USERGROUPS_ENAB}} variable in the file {{ic|/etc/login.defs}} will be used and the default value of {{ic|yes}} will specify the creation a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell by its executable path. The path will need to match shells listed in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any amount as long as a they are uniquely named (a few reserved names exist, however, for use with system services or for privileged user accounts such as "root").}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{Warning|For a system with multiple users, sharing a common initial group such as "users" may have security concerns. When working with shared directories, there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to any in this group. If this is a possibility, consider omitting the {{ic|--gid}} option to have ''useradd'' create a custom initial group that matches the username. (The {{ic|/home/username}} directories are not effected as are created with user-only allowances.}}<br />
<br />
=== User manipulation ===<br />
<br />
To modify a password an a user account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Finger information may be connected to the user (it is not necessary however and has limited usage). A few programs may query finger for Full Name, work room, phone, or home phone, read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available with the AUR packages: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that carries out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To display all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To change the initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Group membership alterations only become effective for the user on a new login, currently logged in users will need to re-login for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privilege escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=367283User:Gen2ly/Users and groups2015-03-26T15:28:25Z<p>Gen2ly: /* User addition example */ "potentiality" to "possibility" as is more common and just as descriptive.</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, the description means the names which represent those users. The name may be Mary or Bill, or it may be an assumed name like Dragonlady or Pirate that are used in place of the real name. The important detail to know is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To learn about file permissions read [[File permissions and attributes]].<br />
<br />
{{Warning|The following tools are powerful and should only be used with knowledgeable effect, improper settings may damage the functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines the user's initial login group by name or number. It must refer to an already existing group. If not specified the {{ic|USERGROUPS_ENAB}} variable in the file {{ic|/etc/login.defs}} will be used and the default value of {{ic|yes}} will specify the creation a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell by its executable path. The path will need to match shells listed in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any amount as long as a they are uniquely named (a few reserved names exist, however, for use with system services or for privileged user accounts such as "root").}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{Warning|For a system with multiple users, sharing a common initial group such as "users" may have security concerns. When working with shared directories, there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to any in this group. If this is a possibility, consider omitting the {{ic|--gid}} option to have ''useradd'' create a custom initial group that matches the username. (The {{ic|/home/username}} directories are not effected as are created with user-only allowances.}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available with the AUR packages: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that carries out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To display all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To change the initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Group membership alterations only become effective for the user on a new login, currently logged in users will need to re-login for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privilege escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=367282User:Gen2ly/Users and groups2015-03-26T15:26:41Z<p>Gen2ly: /* User addition */ Put reserved account names description in parenthesis as is adding to description and only a sentence fragment.</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, the description means the names which represent those users. The name may be Mary or Bill, or it may be an assumed name like Dragonlady or Pirate that are used in place of the real name. The important detail to know is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To learn about file permissions read [[File permissions and attributes]].<br />
<br />
{{Warning|The following tools are powerful and should only be used with knowledgeable effect, improper settings may damage the functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines the user's initial login group by name or number. It must refer to an already existing group. If not specified the {{ic|USERGROUPS_ENAB}} variable in the file {{ic|/etc/login.defs}} will be used and the default value of {{ic|yes}} will specify the creation a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell by its executable path. The path will need to match shells listed in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any amount as long as a they are uniquely named (a few reserved names exist, however, for use with system services or for privileged user accounts such as "root").}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{Warning|For a system with multiple users, sharing a common initial group such as "users" may have security concerns. When working with shared directories, there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to any in this group. If this is a potentiality, consider omitting the {{ic|--gid}} option to have ''useradd'' create a custom initial group that matches the username. (The {{ic|/home/username}} directories are not effected as are created with user-only allowances.}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available with the AUR packages: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that carries out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To display all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To change the initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Group membership alterations only become effective for the user on a new login, currently logged in users will need to re-login for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privilege escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=367281User:Gen2ly/Users and groups2015-03-26T15:23:58Z<p>Gen2ly: /* User addition */ Clarify the value USERGROUPS_ENAB description. "shells listing" to "shells listed" verb use as is descriptive, "number" to "amount" as more uniquely describes.</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, the description means the names which represent those users. The name may be Mary or Bill, or it may be an assumed name like Dragonlady or Pirate that are used in place of the real name. The important detail to know is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To learn about file permissions read [[File permissions and attributes]].<br />
<br />
{{Warning|The following tools are powerful and should only be used with knowledgeable effect, improper settings may damage the functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines the user's initial login group by name or number. It must refer to an already existing group. If not specified the {{ic|USERGROUPS_ENAB}} variable in the file {{ic|/etc/login.defs}} will be used and the default value of {{ic|yes}} will specify the creation a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell by its executable path. The path will need to match shells listed in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any amount as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{Warning|For a system with multiple users, sharing a common initial group such as "users" may have security concerns. When working with shared directories, there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to any in this group. If this is a potentiality, consider omitting the {{ic|--gid}} option to have ''useradd'' create a custom initial group that matches the username. (The {{ic|/home/username}} directories are not effected as are created with user-only allowances.}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available with the AUR packages: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that carries out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To display all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To change the initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Group membership alterations only become effective for the user on a new login, currently logged in users will need to re-login for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privilege escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=367279User:Gen2ly/Users and groups2015-03-26T15:14:44Z<p>Gen2ly: /* Overview */ "names" reference is singular to "name", grammar touch-ups</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, the description means the names which represent those users. The name may be Mary or Bill, or it may be an assumed name like Dragonlady or Pirate that are used in place of the real name. The important detail to know is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To learn about file permissions read [[File permissions and attributes]].<br />
<br />
{{Warning|The following tools are powerful and should only be used with knowledgeable effect, improper settings may damage the functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines the user's initial login group by name or number. It must refer to an already existing group. If not specified the {{ic|USERGROUPS_ENAB}} variable contained in {{ic|/etc/login.defs}} will be used and the default of {{ic|yes}} value will create a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell by its executable path. The path will need to match shells listing in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any number as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{Warning|For a system with multiple users, sharing a common initial group such as "users" may have security concerns. When working with shared directories, there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to any in this group. If this is a potentiality, consider omitting the {{ic|--gid}} option to have ''useradd'' create a custom initial group that matches the username. (The {{ic|/home/username}} directories are not effected as are created with user-only allowances.}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available with the AUR packages: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that carries out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To display all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To change the initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Group membership alterations only become effective for the user on a new login, currently logged in users will need to re-login for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privilege escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=367139User:Gen2ly/Web browser font type and size2015-03-25T15:28:26Z<p>Gen2ly: /* Common fonts example */ Table broke into font groups for more distinct legibility, removed spacing.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help create a good experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To setup preferential font definitions the process involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, an example representation of the font type and size of the current settings if given so that they may be judged.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel right — as the designer had in mind — the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Making available any missing fonts to a web page uses can add nice touches that may have not been realized before.<br />
<br />
To help discover any missing fonts a Firefox add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] can be used. When it is installed and a web page font is selected, right clicking on the font will display the its type and size. A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define other fonts. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease character recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces can not be very well reproduced, and hence readable. ''Sans-serif'' fonts are still well used.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
{{Accuracy|The rendering of the table depends on the fonts being available on the reader's system. The only portable "preview" method is using raster images, which can't be hosted on ArchWiki.}}<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" |!@#$1234—The quick brown<br />
| style="font-family:Arial;" |!@#$1234—The quick brown<br />
| style="font-family:Courier New;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" |!@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" |!@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" |!@#$1234—The quick brown<br />
| style="font-family:FreeSans;" |!@#$1234—The quick brown<br />
| style="font-family:FreeMono;" |!@#$1234—The quick brown<br />
|}<br />
<br />
{| class="wikitable"<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" |!@#$1234—The quick brown<br />
| style="font-family:Open Sans;" |!@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User_talk:Lahwaacz&diff=367133User talk:Lahwaacz2015-03-25T14:26:36Z<p>Gen2ly: Article discussion prior to deletion argument</p>
<hr />
<div>== Regex for replacing = codes ==<br />
<br />
Hi, regarding [[User:Lahwaacz#User:Lahwaacz#Regex_for_replacing_.3D_codes]] do you intend to use a similar expression with the editor assistant or directly with the bot? In the latter case I think it would be pretty dangerous, for example it would break templates that already use a named parameter, e.g. {{ic|<nowiki>{{Template|parameter=value}}</nowiki>}} would be turned into {{ic|<nowiki>{{Template|1=parameter=value}}</nowiki>}}. -- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 16:57, 21 March 2014 (UTC)<br />
<br />
:I used it [https://wiki.archlinux.org/index.php?title=Systemd-networkd&diff=prev&oldid=306182 only once] and don't have any specific plans, but I'm quite certain I will need to use it again sometimes... Thanks for the warning, I will be cautious. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 17:50, 21 March 2014 (UTC)<br />
<br />
== PodCastXDL ==<br />
<br />
About [https://wiki.archlinux.org/index.php?title=List_of_applications/Internet&diff=prev&oldid=323048] (and [https://wiki.archlinux.org/index.php?title=List_of_applications/Internet&diff=next&oldid=323048]) [[User:Levi0x0x]], who should have indeed provided an edit summary, appears to be the developer of the application and the maintainer of the PKGBUILD. I would keep his edit. -- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 00:45, 5 July 2014 (UTC)<br />
<br />
:I know - I've seen also [https://wiki.archlinux.org/index.php?title=MPlayer&diff=next&oldid=322278 bash-player] removed, both from wiki and Github (it seems the repo has been recreated from scratch). PodCastXDL has always been available upstream. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 08:20, 5 July 2014 (UTC)<br />
<br />
::Didn't he add it to the list one week ago? [https://wiki.archlinux.org/index.php?title=List_of_applications/Internet&diff=prev&oldid=322258] Maybe he's found some bug and doesn't want people to use it until he fixes it? Anyway I'm not that interested, we can as well see if/how Levi0x0x reacts. -- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 04:32, 6 July 2014 (UTC)<br />
<br />
== Netctl ==<br />
The variables ACTION, INTERFACE, SSID, and Profile are '''only''' exported by auto.action and '''only'''<br />
netctl-auto uses that script. So if your not using netctl-auto then they don't do anything. [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 08:35, 27 December 2014 (UTC)<br />
<br />
:That may be true, but that's not reason to remove the ''expansion'' flag from the page. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 08:45, 27 December 2014 (UTC)<br />
<br />
== Article discussion prior to deletion argument ==<br />
<br />
On 2015-03-24T13:21:22, [[User:Lahwaacz|Lahwaacz]] deleted article [[Firefox/Font_type_and_size]].<br />
<br />
I believe that it is Arch Linux wiki policy and general wiki policy to have discussions before article deletions. Exceptions that I have known have been for has been instances, for example, like original research, intentional vandalism, sensitive details related to personal biographies, and similar criteria. The reasons given for the deletion do not belong to the noted exceptions and any other reasons that I know:<br />
<br />
: "ArchWiki is not your blog (inappropriate language, not specific to Firefox, duplicates other pages: Fonts, Font configuration)"<br />
<br />
[[User:Gen2ly|Gently]] ([[User talk:Gen2ly|talk]]) 14:26, 25 March 2015 (UTC)</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Web_browser_font_type_and_size&diff=366981User:Gen2ly/Web browser font type and size2015-03-24T15:09:51Z<p>Gen2ly: New page. Article to explain setting Firefox's font type and size with examples.</p>
<hr />
<div>A professional typesetter knows the importance of a good font. For centuries they have evolved fonts to provide the general ease of reading that we know today. Having a similar replication in a web browser can help create a good experience — the right font type and size can reduce the strain on the eyes, especially if used quite a bit.<br />
<br />
To setup preferential font definitions the process involves these steps:<br />
<br />
# install the common web browser fonts on to the system<br />
# choose the fonts that are good for one to read with<br />
# adjust the fonts to an appropriately viewable size<br />
<br />
Thereafter, an example representation of the font type and size of the current settings if given so that they may be judged.<br />
<br />
== Font availability ==<br />
<br />
To have a web page feel right — as the designer had in mind — the fonts that a page requires should be available to the browser. A typical desktop creation may only requisite a few fonts to be installed. Making available any missing fonts to a web page uses can add nice touches that may have not been realized before.<br />
<br />
To help discover any missing fonts a Firefox add-on named [https://addons.mozilla.org/en-US/firefox/addon/context-font/ Context Font] can be used. When it is installed and a web page font is selected, right clicking on the font will display the its type and size. A good number of web pages define their fonts as Microsoft's Arial or as another of their fonts. Some web pages define their fonts with Apple's versions, and some web pages define other fonts. Microsoft fonts are available for download in many Linux distribution's software repositories or they can be done so [https://www.microsoft.com/typography/fonts/web.aspx directly]. The following font packages are used by a good number of average Arch Linux users and will include many fonts on web pages:<br />
<br />
font-bh-ttf otf-fira-mono ttf-freefont ttf-linux-libertine ttf-win7-fonts<br />
otf-bitter otf-fira-sans ttf-gentium ttf-mac-fonts<br />
otf-exo ttf-dejavu ttf-liberation ttf-opensans<br />
<br />
{{Note|There are other fonts may be detected that are not necessary to worry about. These fonts are attached to the web page and get downloaded along with it. For the web sites that allow it some of these fonts can be downloaded from the right-click menu.}}<br />
<br />
== Font type ==<br />
<br />
Firefox has the ability to define three font types, called ''typefaces''. These are generic ''typefaces'' and are defined in Firefox's settings. Go to '''Preferences''' → '''Content''' → '''Advanced button''' to get to the right section. The typefaces are called ''serif'', ''sans-serif'', and ''monospace''.<br />
<br />
A ''serif'' typeface has short lines at the end of each main stroke of the character. The extra flourish is called the serif and its purpose is to further define characters to help ease character recognition. This typeface can help readability quite a bit and it is the one commonly type used in books.<br />
<br />
A ''sans-serif'' typeface is without serifs. Because a number of monitors have a lower resolution, ''sans-serif'' typefaces are used because serif typefaces can not be very well reproduced, and hence readable. ''Sans-serif'' fonts are still well used.<br />
<br />
A ''monospace'' typeface defines all its characters as an equal width. ''Monospace'' typefaces are typically seen when writing programming code. They make the formatting more structured which makes the code more easily reviewed.<br />
<br />
When choosing a font keep in mind that tastes are personal, deciphering what is best on how the user reads is the primary consideration. Also, keep in mind to, choose a font that works good for readability and not just one that grabs attention. See the examples below to compare various font types. <br />
<br />
{{Note|The overall effect one will experience when defining a font type will vary per user because many web pages define their own. Though this behavior can be overridden it is usually recommended to use the font the web page has defined as the design itself may have an effect on readability.}}<br />
<br />
== Font size ==<br />
<br />
To get a good idea of what to use for the font size, take a look at a book. Books vary a bit but a book held at a comfortable length while sitting down will give a good approximation. If screen real-estate is a consideration (that it is preferable that fonts take up less space), go one or two sizes below. If doing a considerable amount of reading, pick the size that feels most comfortable. <br />
<br />
Additionaly, when picking the font size, try to match the physical font size to that of the other ''typefaces''. Other typefaces are occasionally placed together so sizing them physically alike can ease reading transitions.<br />
<br />
== Defined typefaces example ==<br />
<br />
This table is a representation of the defined typefaces and their sizes. To get an accurate one, be sure the default zoom level is used on the web page.<br />
<br />
{| class="wikitable" style="cellpadding:.8em;"<br />
! style="text-align:left;" | ·Typeface·<br />
! style="text-align:left;" | ·Example·<br />
|- <br />
| Serif: || style="font-family:serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Sans-serif: || style="font-family:sans-serif; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| Monospace: || style="font-family:monospace; font-size:medium;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Vestibulum non arcu a ante feugiat vestibulum. Suspendisse potenti. Suspendisse potenti. Phasellus lacinia iaculis mi. Sed elementum, felis quis porttitor sollicitudin, augue nulla sodales sapien...<br />
|-<br />
| rowspan="3" | Very-small:<br />
| style="font-family:serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:sans-serif; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| style="font-family:monospace; font-size:xx-small;" | Lorem ipsum dolor sit amet, consectetuer adipiscing elit.<br />
|-<br />
| One-liner: || <span style="font-family: serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: sans-serif;">Lorem ipsum dolor sit amet</span> <span style="font-family: monospace;">Lorem ipsum dolor sit amet</span><br />
|}<br />
<br />
== Common fonts example ==<br />
<br />
Common font type representations are given below in CSS measured {{ic|small}}, {{ic|medium}}, and {{ic|large}} values.<br />
<br />
{| class="wikitable"<br />
! New Times Roman !! Arial !! Courier New<br />
|- style="font-size:small;"<br />
| style="font-family:New Times Roman;" | !@#$1234—The quick brown<br />
| style="font-family:Arial;" | !@#$1234—The quick brown<br />
| style="font-family:Courier New;" | !@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:New Times Roman;" | !@#$1234—The quick brown<br />
| style="font-family:Arial;" | !@#$1234—The quick brown<br />
| style="font-family:Courier New;" | !@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:New Times Roman;" | !@#$1234—The quick brown<br />
| style="font-family:Arial;" | !@#$1234—The quick brown<br />
| style="font-family:Courier New;" | !@#$1234—The quick brown<br />
|-<br />
! DejaVu Serif !! DejaVu Sans !! DejaVu Mono<br />
|- style="font-size:small;"<br />
| style="font-family:DejaVu Serif;" | !@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" | !@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" | !@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:DejaVu Serif;" | !@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" | !@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" | !@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:DejaVu Serif;" | !@#$1234—The quick brown<br />
| style="font-family:DejaVu Sans;" | !@#$1234—The quick brown<br />
| style="font-family:DejaVu Mono;" | !@#$1234—The quick brown<br />
|-<br />
! Liberation Serif !! Liberation Sans !! Liberation Mono<br />
|- style="font-size:small;"<br />
| style="font-family:Liberation Serif;" | !@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" | !@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" | !@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Liberation Serif;" | !@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" | !@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" | !@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Liberation Serif;" | !@#$1234—The quick brown<br />
| style="font-family:Liberation Sans;" | !@#$1234—The quick brown<br />
| style="font-family:Liberation Mono;" | !@#$1234—The quick brown<br />
|-<br />
! FreeSerif !! FreeSans !! FreeMono<br />
|- style="font-size:small;"<br />
| style="font-family:FreeSerif;" | !@#$1234—The quick brown<br />
| style="font-family:FreeSans;" | !@#$1234—The quick brown<br />
| style="font-family:FreeMono;" | !@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:FreeSerif;" | !@#$1234—The quick brown<br />
| style="font-family:FreeSans;" | !@#$1234—The quick brown<br />
| style="font-family:FreeMono;" | !@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:FreeSerif;" | !@#$1234—The quick brown<br />
| style="font-family:FreeSans;" | !@#$1234—The quick brown<br />
| style="font-family:FreeMono;" | !@#$1234—The quick brown<br />
|-<br />
! Open Serif !! Open Sans<br />
|- style="font-size:small;"<br />
| style="font-family:Open Serif;" | !@#$1234—The quick brown<br />
| style="font-family:Open Sans;" | !@#$1234—The quick brown<br />
|- style="font-size:medium;"<br />
| style="font-family:Open Serif;" | !@#$1234—The quick brown<br />
| style="font-family:Open Sans;" | !@#$1234—The quick brown<br />
|- style="font-size:large;"<br />
| style="font-family:Open Serif;" | !@#$1234—The quick brown<br />
| style="font-family:Open Sans;" | !@#$1234—The quick brown<br />
|}</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=366880User:Gen2ly/Users and groups2015-03-23T17:13:53Z<p>Gen2ly: /* Group management */ "list" to display to match previous form; missing preceding "the" for initial group; reword tip.</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, the description means the names which represent those users. The names may be Mary or Bill, or they may be assumed names like Dragonlady or Pirate that are used in place of their real name. The important detail to know is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To manipulate file access controls read [[File permissions and attributes]].<br />
<br />
{{Warning|The following tools are powerful should only be used with knowledgeable intent, improper settings may damage functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines the user's initial login group by name or number. It must refer to an already existing group. If not specified the {{ic|USERGROUPS_ENAB}} variable contained in {{ic|/etc/login.defs}} will be used and the default of {{ic|yes}} value will create a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell by its executable path. The path will need to match shells listing in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any number as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{Warning|For a system with multiple users, sharing a common initial group such as "users" may have security concerns. When working with shared directories, there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to any in this group. If this is a potentiality, consider omitting the {{ic|--gid}} option to have ''useradd'' create a custom initial group that matches the username. (The {{ic|/home/username}} directories are not effected as are created with user-only allowances.}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available with the AUR packages: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that carries out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To display all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To change the initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Group membership alterations only become effective for the user on a new login, currently logged in users will need to re-login for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privilege escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=366879User:Gen2ly/Users and groups2015-03-23T17:11:49Z<p>Gen2ly: /* User manipulation */ Expand AUR to AUR packages.</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, the description means the names which represent those users. The names may be Mary or Bill, or they may be assumed names like Dragonlady or Pirate that are used in place of their real name. The important detail to know is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To manipulate file access controls read [[File permissions and attributes]].<br />
<br />
{{Warning|The following tools are powerful should only be used with knowledgeable intent, improper settings may damage functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines the user's initial login group by name or number. It must refer to an already existing group. If not specified the {{ic|USERGROUPS_ENAB}} variable contained in {{ic|/etc/login.defs}} will be used and the default of {{ic|yes}} value will create a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell by its executable path. The path will need to match shells listing in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any number as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{Warning|For a system with multiple users, sharing a common initial group such as "users" may have security concerns. When working with shared directories, there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to any in this group. If this is a potentiality, consider omitting the {{ic|--gid}} option to have ''useradd'' create a custom initial group that matches the username. (The {{ic|/home/username}} directories are not effected as are created with user-only allowances.}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available with the AUR packages: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that carries out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To list all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To change initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Effective changes in groups only becomes available on a new login. Currently logged in users will have to logout and login again for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privilege escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=366876User:Gen2ly/Users and groups2015-03-23T17:09:34Z<p>Gen2ly: /* User addition example */ Reword warning for better explanation — generally expanding of abbreviated concepts.</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, the description means the names which represent those users. The names may be Mary or Bill, or they may be assumed names like Dragonlady or Pirate that are used in place of their real name. The important detail to know is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To manipulate file access controls read [[File permissions and attributes]].<br />
<br />
{{Warning|The following tools are powerful should only be used with knowledgeable intent, improper settings may damage functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines the user's initial login group by name or number. It must refer to an already existing group. If not specified the {{ic|USERGROUPS_ENAB}} variable contained in {{ic|/etc/login.defs}} will be used and the default of {{ic|yes}} value will create a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell by its executable path. The path will need to match shells listing in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any number as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{Warning|For a system with multiple users, sharing a common initial group such as "users" may have security concerns. When working with shared directories, there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to any in this group. If this is a potentiality, consider omitting the {{ic|--gid}} option to have ''useradd'' create a custom initial group that matches the username. (The {{ic|/home/username}} directories are not effected as are created with user-only allowances.}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account some of the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available in the AUR: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that allows carrying out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To list all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To change initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Effective changes in groups only becomes available on a new login. Currently logged in users will have to logout and login again for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privilege escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=366875User:Gen2ly/Users and groups2015-03-23T17:06:00Z<p>Gen2ly: /* User management */ Extraneous wording of "--gid" option trimmed. And "--shell" explanation add that path is the "executable path".</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, the description means the names which represent those users. The names may be Mary or Bill, or they may be assumed names like Dragonlady or Pirate that are used in place of their real name. The important detail to know is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To manipulate file access controls read [[File permissions and attributes]].<br />
<br />
{{Warning|The following tools are powerful should only be used with knowledgeable intent, improper settings may damage functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines the user's initial login group by name or number. It must refer to an already existing group. If not specified the {{ic|USERGROUPS_ENAB}} variable contained in {{ic|/etc/login.defs}} will be used and the default of {{ic|yes}} value will create a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell by its executable path. The path will need to match shells listing in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any number as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{warning|Before including the user in the {{ic|users}} group, think about its security implications. When working with shared directories there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to this group. For a multiple-user system with this security concern, omit the {{ic|--gid}} option to have the command create a custom initial group matching the username. (Nested directories in {{ic|/home/username}} are not effected as home directories are created with user-only allowances.)}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account some of the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available in the AUR: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that allows carrying out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To list all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To change initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Effective changes in groups only becomes available on a new login. Currently logged in users will have to logout and login again for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privilege escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=366849User:Gen2ly/Users and groups2015-03-23T15:29:00Z<p>Gen2ly: /* Overview */ Replacing "we" with a generic point of view as is only instance and more a descriptive article rather than a tutorial. Tip to Warning as is appropriate.</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, the description means the names which represent those users. The names may be Mary or Bill, or they may be assumed names like Dragonlady or Pirate that are used in place of their real name. The important detail to know is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To manipulate file access controls read [[File permissions and attributes]].<br />
<br />
{{Warning|The following tools are powerful should only be used with knowledgeable intent, improper settings may damage functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines user's initial login group by name or number. It must refer to an already existing group. If not specified, the {{ic|USERGROUPS_ENAB}} variable contained in {{ic|/etc/login.defs}} will be read and a default of {{ic|yes}} value will create a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell path and file name, it will need to match shells listing in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any number as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{warning|Before including the user in the {{ic|users}} group, think about its security implications. When working with shared directories there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to this group. For a multiple-user system with this security concern, omit the {{ic|--gid}} option to have the command create a custom initial group matching the username. (Nested directories in {{ic|/home/username}} are not effected as home directories are created with user-only allowances.)}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account some of the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available in the AUR: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that allows carrying out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To list all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To change initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Effective changes in groups only becomes available on a new login. Currently logged in users will have to logout and login again for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privilege escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=365793User:Gen2ly/Users and groups2015-03-17T14:49:41Z<p>Gen2ly: /* User groups */ Grammar, present tense: "privileged escalation" → "privilege escalation"</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, we are describing the names which represent those users. The names may be Mary or Bill, or they may be assumed names like Dragonlady or Pirate in place of their real name. What matters is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To manipulate file access controls read [[File permissions and attributes]].<br />
<br />
{{Tip|The following tools are powerful should only be used with knowledgeable intent, improper settings may damage functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines user's initial login group by name or number. It must refer to an already existing group. If not specified, the {{ic|USERGROUPS_ENAB}} variable contained in {{ic|/etc/login.defs}} will be read and a default of {{ic|yes}} value will create a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell path and file name, it will need to match shells listing in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any number as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{warning|Before including the user in the {{ic|users}} group, think about its security implications. When working with shared directories there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to this group. For a multiple-user system with this security concern, omit the {{ic|--gid}} option to have the command create a custom initial group matching the username. (Nested directories in {{ic|/home/username}} are not effected as home directories are created with user-only allowances.)}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account some of the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available in the AUR: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that allows carrying out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To list all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To change initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Effective changes in groups only becomes available on a new login. Currently logged in users will have to logout and login again for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privilege escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=365792User:Gen2ly/Users and groups2015-03-17T14:46:53Z<p>Gen2ly: /* User groups */ uucp deprecation not not a full sentence removing related punctuation</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, we are describing the names which represent those users. The names may be Mary or Bill, or they may be assumed names like Dragonlady or Pirate in place of their real name. What matters is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To manipulate file access controls read [[File permissions and attributes]].<br />
<br />
{{Tip|The following tools are powerful should only be used with knowledgeable intent, improper settings may damage functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines user's initial login group by name or number. It must refer to an already existing group. If not specified, the {{ic|USERGROUPS_ENAB}} variable contained in {{ic|/etc/login.defs}} will be read and a default of {{ic|yes}} value will create a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell path and file name, it will need to match shells listing in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any number as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{warning|Before including the user in the {{ic|users}} group, think about its security implications. When working with shared directories there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to this group. For a multiple-user system with this security concern, omit the {{ic|--gid}} option to have the command create a custom initial group matching the username. (Nested directories in {{ic|/home/username}} are not effected as home directories are created with user-only allowances.)}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account some of the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available in the AUR: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that allows carrying out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To list all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To change initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Effective changes in groups only becomes available on a new login. Currently logged in users will have to logout and login again for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access (this group may be deprecated)<br />
|-<br />
| wheel || || Administration group to grant privileged escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=365791User:Gen2ly/Users and groups2015-03-17T14:45:22Z<p>Gen2ly: /* Group management */ usermod 'username'' missing italics</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, we are describing the names which represent those users. The names may be Mary or Bill, or they may be assumed names like Dragonlady or Pirate in place of their real name. What matters is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To manipulate file access controls read [[File permissions and attributes]].<br />
<br />
{{Tip|The following tools are powerful should only be used with knowledgeable intent, improper settings may damage functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines user's initial login group by name or number. It must refer to an already existing group. If not specified, the {{ic|USERGROUPS_ENAB}} variable contained in {{ic|/etc/login.defs}} will be read and a default of {{ic|yes}} value will create a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell path and file name, it will need to match shells listing in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any number as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{warning|Before including the user in the {{ic|users}} group, think about its security implications. When working with shared directories there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to this group. For a multiple-user system with this security concern, omit the {{ic|--gid}} option to have the command create a custom initial group matching the username. (Nested directories in {{ic|/home/username}} are not effected as home directories are created with user-only allowances.)}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account some of the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available in the AUR: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that allows carrying out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To list all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' ''username''<br />
<br />
To change initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Effective changes in groups only becomes available on a new login. Currently logged in users will have to logout and login again for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access. (This group may be depracated.)<br />
|-<br />
| wheel || || Administration group to grant privileged escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=365790User:Gen2ly/Users and groups2015-03-17T14:39:22Z<p>Gen2ly: /* Program groups */ "These groups" vague, greater clarification</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, we are describing the names which represent those users. The names may be Mary or Bill, or they may be assumed names like Dragonlady or Pirate in place of their real name. What matters is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To manipulate file access controls read [[File permissions and attributes]].<br />
<br />
{{Tip|The following tools are powerful should only be used with knowledgeable intent, improper settings may damage functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines user's initial login group by name or number. It must refer to an already existing group. If not specified, the {{ic|USERGROUPS_ENAB}} variable contained in {{ic|/etc/login.defs}} will be read and a default of {{ic|yes}} value will create a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell path and file name, it will need to match shells listing in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any number as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{warning|Before including the user in the {{ic|users}} group, think about its security implications. When working with shared directories there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to this group. For a multiple-user system with this security concern, omit the {{ic|--gid}} option to have the command create a custom initial group matching the username. (Nested directories in {{ic|/home/username}} are not effected as home directories are created with user-only allowances.)}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account some of the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available in the AUR: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that allows carrying out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To list all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' 'username''<br />
<br />
To change initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Effective changes in groups only becomes available on a new login. Currently logged in users will have to logout and login again for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access. (This group may be depracated.)<br />
|-<br />
| wheel || || Administration group to grant privileged escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
Other groups exist that allow an aspect of a program's functionality to be transferred to the user. The program's documentation refer to more information.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=365690User:Gen2ly/Users and groups2015-03-16T15:23:18Z<p>Gen2ly: /* Permission control */ Tip and warning template error fixes</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, we are describing the names which represent those users. The names may be Mary or Bill, or they may be assumed names like Dragonlady or Pirate in place of their real name. What matters is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To manipulate file access controls read [[File permissions and attributes]].<br />
<br />
{{Tip|The following tools are powerful should only be used with knowledgeable intent, improper settings may damage functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines user's initial login group by name or number. It must refer to an already existing group. If not specified, the {{ic|USERGROUPS_ENAB}} variable contained in {{ic|/etc/login.defs}} will be read and a default of {{ic|yes}} value will create a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell path and file name, it will need to match shells listing in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any number as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{warning|Before including the user in the {{ic|users}} group, think about its security implications. When working with shared directories there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to this group. For a multiple-user system with this security concern, omit the {{ic|--gid}} option to have the command create a custom initial group matching the username. (Nested directories in {{ic|/home/username}} are not effected as home directories are created with user-only allowances.)}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account some of the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available in the AUR: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that allows carrying out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To list all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' 'username''<br />
<br />
To change initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Effective changes in groups only becomes available on a new login. Currently logged in users will have to logout and login again for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access. (This group may be depracated.)<br />
|-<br />
| wheel || || Administration group to grant privileged escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
These groups are to allow an aspect of a program's functionality to be transferred to the user. Refer to the program's documentation for more information about these groups.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning|The proceeding advice is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=365689User:Gen2ly/Users and groups2015-03-16T15:20:47Z<p>Gen2ly: /* Ownership control */ /* Ownership and permissions */ "The '''owning''' user and group" to The user and group '''ownership''' to better fit with section title</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, we are describing the names which represent those users. The names may be Mary or Bill, or they may be assumed names like Dragonlady or Pirate in place of their real name. What matters is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To manipulate file access controls read [[File permissions and attributes]].<br />
<br />
{{Tip|The following tools are powerful should only be used with knowledgeable intent, improper settings may damage functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines user's initial login group by name or number. It must refer to an already existing group. If not specified, the {{ic|USERGROUPS_ENAB}} variable contained in {{ic|/etc/login.defs}} will be read and a default of {{ic|yes}} value will create a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell path and file name, it will need to match shells listing in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any number as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{warning|Before including the user in the {{ic|users}} group, think about its security implications. When working with shared directories there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to this group. For a multiple-user system with this security concern, omit the {{ic|--gid}} option to have the command create a custom initial group matching the username. (Nested directories in {{ic|/home/username}} are not effected as home directories are created with user-only allowances.)}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account some of the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available in the AUR: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that allows carrying out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To list all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' 'username''<br />
<br />
To change initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Effective changes in groups only becomes available on a new login. Currently logged in users will have to logout and login again for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access. (This group may be depracated.)<br />
|-<br />
| wheel || || Administration group to grant privileged escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
These groups are to allow an aspect of a program's functionality to be transferred to the user. Refer to the program's documentation for more information about these groups.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The user and group '''ownership''' can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':''users'' file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''ic|chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning:The following tip is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2lyhttps://wiki.archlinux.org/index.php?title=User:Gen2ly/Users_and_groups&diff=365688User:Gen2ly/Users and groups2015-03-16T15:19:31Z<p>Gen2ly: /* Ownership and permissions */ "The '''owning''' user and group" to The user and group '''ownership''' to better fit with section title</p>
<hr />
<div>[[Category:Security]]<br />
[[de:Benutzer und Gruppen]]<br />
[[es:Users and Groups]]<br />
[[fr:Utilisateurs et Groupes]]<br />
[[it:Users and Groups]]<br />
[[ja:Users and Groups]]<br />
[[ru:Users and Groups]]<br />
[[sr:Users and Groups]]<br />
[[zh-CN:Users and Groups]]<br />
[[zh-TW:Users and Groups]]<br />
{{Related articles start}}<br />
{{Related|DeveloperWiki:UID / GID Database}}<br />
{{Related|polkit}}<br />
{{Related|File permissions and attributes}}<br />
{{Related|Change username}}<br />
{{Related articles end}}<br />
<br />
Users and groups have the purpose on a GNU/Linux system of defining [[Wikipedia:access_control#Computer_security|access control]] — to specify allowances of the system's files, directories, and peripherals. Linux offers shrewd yet basic access control mechanisms by default. For more advanced options see [[ACL]] and [[LDAP Authentication]].<br />
<br />
== Overview ==<br />
<br />
A ''user'' is any operator of a computer. In this case, we are describing the names which represent those users. The names may be Mary or Bill, or they may be assumed names like Dragonlady or Pirate in place of their real name. What matters is that the computer associates a name for each account that exists. It is by this name by which a person interacts with the computer.<br />
<br />
A ''group'' is an associative unit that by joining has the ability to extend file access permissions or grant privileges related to a program.<br />
<br />
''File access controls'' are settings for purposes of security to limit user and group access in certain specific ways. Only the superuser (root) has complete access to the operating system and its configuration — it is intended for administrative use only. Unprivileged users can use the [[su]] and [[sudo]] programs for controlled privilege escalation. To manipulate file access controls read [[File permissions and attributes]].<br />
<br />
{{Tip|The following tools are powerful should only be used with knowledgeable intent, improper settings may damage functionality of the system.}}<br />
<br />
== User management ==<br />
<br />
User management may entail adding a user, setting a user password, editing a users attributes, or deleting a user.<br />
<br />
=== User addition ===<br />
<br />
To add a new user the ''useradd'' command is available. The basic usage is:<br />
<br />
# useradd --gid ''initial_group'' --groups ''supplementary,groups'' --shell ''/login/shell'' --create-home ''username''<br />
<br />
* {{ic|--gid}}, {{ic|-g}} — defines user's initial login group by name or number. It must refer to an already existing group. If not specified, the {{ic|USERGROUPS_ENAB}} variable contained in {{ic|/etc/login.defs}} will be read and a default of {{ic|yes}} value will create a group with the same name as the username ({{ic|GID}} being equal to {{ic|UID}}).<br />
* {{ic|--groups}}, {{ic|-G}} — defines a list of supplementary groups to which to add the user to, each group is to be separated by a comma with no intervening spaces. For commonly used groups read [[#Group listings]].<br />
* {{ic|--shell}}, {{ic|-s}} — defines the default login shell path and file name, it will need to match shells listing in {{ic|/etc/shells}} (read warning below). For cases when the login shell is intended to be non-functional (e.g. when the user account is created for a specific service) {{ic|/usr/bin/nologin}} may be specified in place of a regular shell to politely refuse a login [see {{ic|nologin(8)}}].<br />
* {{ic|--create-home}}, {{ic|-m}} — will create a home directory for the user and add any skeleton files listed in {{ic|/etc/skel}}. If this option is omitted, the directory will need to be created (e.g. {{ic|1=install --directory --owner ''username'' --group ''users'' --mode ''700'' ''/home/username''}}).<br />
<br />
{{Warning|The pam_shell module will deny the login request if the shell path is not defined in {{ic|/etc/shells}}. At this time defining {{ic|/usr/bin/nameofshell}} is not possible.}}<br />
<br />
{{Note|User accounts can be created in any number as long as a they are uniquely named; a few reserved names exist, however, for use with system services or for privileged user accounts such as "root".}}<br />
<br />
=== User addition example ===<br />
<br />
To add a new user this is the typical command:<br />
<br />
# useradd --gid ''users'' --groups ''wheel'' --create-home ''username''<br />
<br />
This command will create the user {{ic|username}}, will be put in the initial group {{ic|users}}, included in the group {{ic|wheel}}, use the default shell, and have the home directory created with the skeleton files copied over.<br />
<br />
{{warning|Before including the user in the {{ic|users}} group, think about its security implications. When working with shared directories there is a common methodology to create a [[umask]] of {{ic|020}} which would give write access to this group. For a multiple-user system with this security concern, omit the {{ic|--gid}} option to have the command create a custom initial group matching the username. (Nested directories in {{ic|/home/username}} are not effected as home directories are created with user-only allowances.)}}<br />
<br />
=== User manipulation ===<br />
<br />
To add a password to the account:<br />
<br />
# passwd ''username*''<br />
<br />
To expire a password (and thereby prompt for a new password on login):<br />
<br />
# chage --lastday 0<br />
<br />
To modify the account some of the basic options are:<br />
<br />
# usermod [-e] [-l] [-m] [-s] ''username''<br />
<br />
: • {{ic|--expiredate}}, {{ic|-e}} — account expiration date set<br />
: • {{ic|--login}}, {{ic|-l}} — username rename<br />
: • {{ic|--move-home}}, {{ic|-m}} — home directory move, use with {{ic|-d}}<br />
: • {{ic|--shell}}, {{ic|-s}} — login shell define<br />
<br />
To delete a user account ({{ic|--remove}} includes the home directory):<br />
<br />
# userdel --remove ''username''<br />
<br />
To list users logged in to the system:<br />
<br />
$ who<br />
<br />
{{Note|<br />
* Though rarely used anymore finger information may be connected to the user. A few programs may query finger for Full Name, work room, phone, or home phone — for those that prefer. Read {{ic|chfn(1)}} for more information.<br />
* Alternate choices for adding a user are available in the AUR: {{aur|adduser}}, {{aur|adduser-defaults}}, and {{aur|adduser-deb}}. They provide an ''adduser'' script that allows carrying out the jobs of ''useradd'', ''chfn'' and ''passwd'' interactively. See also {{bug|32893}}.}}<br />
<br />
== Group management ==<br />
<br />
To display group memberships:<br />
<br />
$ groups ''username*''<br />
<br />
To display group memberships with their respective numerical ID:<br />
<br />
$ id ''username*''<br />
<br />
To list all groups on the system:<br />
<br />
$ cat /etc/group<br />
<br />
To add a user to a group:<br />
<br />
# gpasswd [--add,-a] ''username'' ''group''<br />
<br />
To add a user to a group(s) with ''usermod'':<br />
<br />
# usermod [--append,-a] [--groups,-G] ''supplementary,groups'' 'username''<br />
<br />
To change initial group:<br />
<br />
# usermod [--gid,-g] ''group''<br />
<br />
To remove a user from a group:<br />
<br />
# gpasswd [--delete,-d] ''username'' ''group''<br />
<br />
To create a new group:<br />
<br />
# groupadd ''group''<br />
<br />
To rename a group:<br />
<br />
# groupmod [--new-name,-n] ''oldgroup'' ''newgroup''<br />
<br />
To delete a group:<br />
<br />
# groupdel ''group''<br />
<br />
To find files owned by a particular user or group:<br />
<br />
find /directory -user ''username''<br />
find /directory -group ''group''<br />
<br />
{{Tip|Effective changes in groups only becomes available on a new login. Currently logged in users will have to logout and login again for changes to be observed.}}<br />
<br />
=== Group listings ===<br />
<br />
Basic details of the more popular groups are detailed here plus a list of some deprecated ones.<br />
<br />
==== User groups ====<br />
<br />
These are the general user groups that might be of use:<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| games || {{ic|/var/games}} || Required membership for some games to run<br />
|-<br />
| rfkill || {{ic|/dev/rfkill}} || Wireless device power state access rights<br />
|-<br />
| users || || Common group used to share access permissions<br />
|-<br />
| uucp || {{ic|/dev/ttyS[0-9]}}, {{ic|/dev/tts[0-9]}}, {{ic|/dev/ttyACM[0-9]}} || Serial and USB devices such as modems, handhelds, and RS-232 access. (This group may be depracated.)<br />
|-<br />
| wheel || || Administration group to grant privileged escalation used by the [[sudo]] and [[su]] utilities<br />
|}<br />
<br />
==== System groups ====<br />
<br />
These groups are for system purposes and likely unnecessary for regular Arch Linux uses (some imply historic or legacy functions):<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| bin || || Historical<br />
|-<br />
| daemon || || Historical<br />
|-<br />
| dbus || || [[dbus]] internal usage<br />
|-<br />
| ftp || {{ic|/srv/ftp}} || [[List_of_applications/Internet#FTP|FTP]] server privileges (e.g. [[proftpd]]).<br />
|-<br />
| fuse || || fuse user mount allowances<br />
|-<br />
| http || || HTTP server privileges!?<br />
|-<br />
| kmem || {{ic|/dev/port}}, {{ic|/dev/mem}}, {{ic|/dev/kmem}} || virtual memory allowances<br />
|-<br />
| mail || {{ic|/usr/bin/mail}} ||<br />
|-<br />
| mem || || memory allowances<br />
|-<br />
| nobody || || An unspecified group (usually configuration definable)<br />
|-<br />
| polkitd || || Policy kit permissions, see [[polkit]]<br />
|-<br />
| smmsp || || [[Wikipedia:sendmail]] application usage<br />
|-<br />
| systemd-journal || {{ic|var/log/journal/}} || Systemd log complete access (otherwise only user-related messages are displayed)<br />
|-<br />
| tty || {{ic|/dev/tty}}, {{ic|/dev/vcc}}, {{ic|/dev/vc}}, {{ic|/dev/ptmx}} || (e.g. to access {{ic|/dev/ACMx}})<br />
|}<br />
<br />
==== Pre-systemd groups ====<br />
<br />
These groups were needed for most users before Arch Linux migrated to [[systemd]]. The ''logind'' session handles these now and as long it remains intact, membership in the groups is not essential; contrarily, if the ''logind'' sessions remains some of these groups may cause functionality breaks. Read [[General troubleshooting#Session]] to test for a ''logind'' session, and [[Sysvinit#Migration_to_systemd]] for more details.<br />
<br />
{| class="wikitable"<br />
! Group !! Effected files !! Purpose<br />
|-<br />
| audio || {{ic|/dev/audio}}, {{ic|/dev/rtc0}} , {{ic|/dev/snd/*}} || Sound hardware direct access allowances. Requirement is imposed by both [[ALSA]] and [[OSS]]. (Local sessions have the ability to play sound and access mixer controls.)<br />
|-<br />
| camera || || [[Digital Cameras]] access<br />
|-<br />
| disk || {{ic|/dev/sda[1-9]}}… || Storage device block access that are not in {{ic|optical}}, {{ic|floppy}}, and {{ic|storage}} groups<br />
|-<br />
| floppy || {{ic|/dev/fd[0-9]}} || Floppy drive access<br />
|-<br />
| lp || {{ic|/etc/cups}}, {{ic|/var/log/cups}}, {{ic|/var/cache/cups}}, {{ic|/var/spool/cups}}, {{ic|/dev/parport[0-9]}} || Printer hardware access, print jobs management<br />
|-<br />
| network || || Network settings management (e.g. [[NetworkManager]]) <br />
|-<br />
| optical || {{ic|/dev/sr[0-9]}}, {{ic|/dev/sg[0-9]}} || Optical devices access(CD, DVD drives…)<br />
|-<br />
| power || || [[Pm-utils]] power management utilities (suspend, hibernate…)<br />
|-<br />
| scanner || {{ic|/var/lock/sane}} || Scanner hardware access<br />
|-<br />
| storage || || Removable drives access such as USB hard drives, MP3 players; storage devices mounting<br />
|-<br />
| sys || || Printer administration in [[CUPS]]<br />
|-<br />
| video || {{ic|/dev/fb/0}}, {{ic|/dev/misc/agpgart}} || Video capture devices, 2D/3D hardware acceleration, framebuffer — not required for [[Xorg]]. (Local sessions have the ability to use hardware acceleration and video capture.)<br />
|}<br />
<br />
==== Deprecated groups ====<br />
<br />
These groups no longer carry any functionality:<br />
<br />
{| class="wikitable"<br />
! Group !! Purpose<br />
|-<br />
| kvm || Kernel Virtual Machine support, now done by udev rules<br />
|-<br />
| log || {{ic|/var/log}} files access (created by [[syslog-ng]])<br />
|-<br />
| stb-admin || '''Unused''', [http://system-tools-backends.freedesktop.org/ system-tools-backends] support<br />
|-<br />
| ssh || A non-standard group that has been unknowingly created to allow the membership thereof only to log in<br />
|}<br />
<br />
==== Program groups ====<br />
<br />
These groups are to allow an aspect of a program's functionality to be transferred to the user. Refer to the program's documentation for more information about these groups.<br />
<br />
== User and group effected files ==<br />
<br />
{{Deletion|The information is unnecessary to understanding the manipulation user, group, and file management.}}<br />
<br />
These files are related to user and group management to provide a peripheral knowledge of how things work. (Warning: an appropriate utility is typically used to manipulate these files, direct editing of these files should be avoided.)<br />
<br />
{| class="wikitable"<br />
! File !! Purpose<br />
|-<br />
| {{ic|/etc/gshadow}} || Secure group account information<br />
|-<br />
| {{ic|/etc/group}} || Group account information<br />
|-<br />
| {{ic|/etc/passwd}} || User account information<br />
|-<br />
| {{ic|/etc/shadow}} || Secure user account information<br />
|-<br />
| {{ic|/etc/sudoers}} || Sudo config. to define user and group privilege escalation<br />
|}<br />
<br />
User information is stored in the {{ic|/etc/passwd}} file. To list all user accounts on the system:<br />
<br />
$ cat /etc/passwd<br />
<br />
Each account owns one line and is of the format:<br />
<br />
account:password:UID:GID:GECOS:directory:shell<br />
<br />
* {{ic|account}} — the user name<br />
* {{ic|password}} — the user password<br />
* {{ic|UID}} — the user numerical ID<br />
* {{ic|GID}} — the initial group numerical ID<br />
* {{ic|GECOS}} — optional field used for information purposes (full name...)<br />
* {{ic|directory}} — the user home directory<br />
* {{ic|shell}} — the user command language interpreter<br />
<br />
{{Note|Arch Linux uses ''shadowed'' passwords. The {{ic|passwd}} file is world-readable so storing passwords (hashed or otherwise) in this file is insecure. Instead the password field contains a placeholder character {{ic|x}} that indicates that the hashed password is saved in the access-restricted file {{ic|/etc/shadow}}.}}<br />
<br />
== File access controls ==<br />
<br />
Learning the philosophy of how GNU/Linux regards a file is fundamental to understanding the basics of the operation system.<br />
<br />
From [http://ph7spot.com/musings/in-unix-everything-is-a-file In UNIX, Everything is a File] (lightly paraphrased):<br />
<br />
: "The UNIX operating system solidified several unifying ideas that shaped its design, user interface, culture, and evolution. One of the most important of these ideas is represented in the mantra "everything is a file" — it is widely regarded as one of the prominent characteristics of UNIX.<br />
<br />
: "The principle consists of providing a unified paradigm for accessing a varied range of input/output resources: CD-ROMs, directories, documents, hard-drives, keyboards, modems, monitors, printers, terminals, and even some inter-process and network communications. The result was to provide a common abstraction for all of these resources each of which the UNIX fathers called a "file". Since every "file" is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device."<br />
<br />
=== Ownership and permissions ===<br />
<br />
The ownership and permissions of files can be viewed with the ''ls'' command in its "long-listing" format:<br />
<br />
{{hc|$ ls -l /boot/|total 13740<br />
drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub<br />
-rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img<br />
-rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img<br />
-rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26<br />
-rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux}}<br />
<br />
The user and group '''ownership''' are defined in the third and fourth columns. The access '''permissions''' are defined in the first column. Above, for example, the file {{ic|initramfs-linux.img}} is owned by the user {{ic|root}}, owned by the group {{ic|root}}, and has the permissions of {{ic|-rw-r--r--}}. (This permission block is technically called the "the file mode bits" — "mode" referring to permissions and "bits" referring to each character.)<br />
<br />
Another command, called ''stat'', can also be used. For it to display owning user, group, and permissions do:<br />
<br />
{{hc|$ stat -c %U /var/log/journal/|root}}<br />
<br />
{{hc|$ stat -c %G /var/log/journal/|systemd-journal}}<br />
<br />
{{hc|$ stat -c %A /var/log/journal/|drwxr-sr-x}}<br />
<br />
The permission block encapsulates the permissions of the three "whos": the user, the group, and the other-groups. The first character is either {{ic|-}} for a file or {{ic|d}} for a directory. The remaining nine characters, divided into units of three, represent each "who's" permissions. The three characters are typically the permission types: {{ic|r}}ead, {{ic|w}}rite, and e{{ic|x}}ecute. In the above example, the permissions of {{ic|drwxr-sr-x}} says that the file is a directory, that the owning user has {{ic|r}}ead and {{ic|w}}rite and e{{ic|x}}ecute permissions, the group has {{ic|r}}ead and {{ic|s}}et-user-ID-on-execution permissions, and that other-groups have {{ic|r}}ead and e{{ic|x}}ecute permissions.<br />
<br />
=== Ownership control ===<br />
<br />
The '''owning''' user and group can be changed with the ''chown'' command:<br />
<br />
chown ''username'' file<br />
chown ''username'':users file<br />
<br />
=== Permission control ===<br />
<br />
The '''permissions''' of the "whos" can be changed with the ''chmod'' command. ''chmod'' can be implemented in two modes: symbolic mode and numeric mode.<br />
<br />
With ''symbolic'' mode, the argument applied to the file begins with the "who" symbols. The "who" symbols {{ic|u}}, {{ic|g}} and {{ic|o}} specify the user, group, and other-groups; the symbol {{ic|a}} specifies all of them. The "who" symbols require an action of add {{ic|+}}, subtract {{ic|-}}, or equals {{ic|1==}}, and they in turn effect the "perm" symbols. The "perm" symbols {{ic|r}}, {{ic|w}}, {{ic|x}} specify the read, write, and execute permission types. Other "perm" symbols exist; they are {{ic|X}} to set the execute/search permission, {{ic|s}} to set user or group ID on execution, and the symbol {{ic|t}} to set the restrict deletion flag (a.k.a. as the sticky bit). Basic usage is {{ic|1=chmod [ugoa][+-=][rwxXst] file}}. Some examples:<br />
<br />
touch file # -rw-r--r--<br />
chmod g+w file # -rw-rw-r--<br />
chmod ug-r file # --w--w-r--<br />
chmod ug+r-w file # -r--r--r--<br />
chmod u+w,g-r,o= file # -rw-------<br />
chmod +x file # -rwx--x--x<br />
<br />
With ''numeric mode'', the argument applied to the file is composed of up to four octal digits (0-7). The octal digits are derived from ''summed'' variances of 4, 2, and 1; these respectively specify the read, write, and execute permissions. An example: to set file permissions with user {{ic|rw}}, group {{ic|r}}, and other-groups as {{ic|r}} the unit-summation/argument would be {{ic|644}} ({{ic|-42-4--4--}}).<br />
<br />
chmod 644 file<br />
<br />
The octal digit argument is a four character total, omitted digits are assumed to be leading zeros (this would make above argument {{ic|0644}} wholly). The first digit is used for these permissions: set the user ID on execution ({{ic|4}}), group ID on execution ({{ic|2}}), or set the restrict deletion flag (sticky bit) (({{ic|1}}).<br />
<br />
{{Tip|1=Both ''chown'' and ''ic|chmod'' have a {{ic|--recursive}},{{ic|-R}} option for effecting ownership and permissions through multiple sub-levels.}}<br />
<br />
{{Warning:The following tip is erroneous, the {{ic|s}} perm does not refer to the sticky bit. It is unclear what the intention here is.}}<br />
<br />
To allow write access to a specific group, shared files/folders can be made writable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the group sticky bit on this directory:<br />
<br />
# chmod g+s our_shared_directory<br />
<br />
== See also ==<br />
<br />
* {{ic|chmod(1)}}, {{ic|chmod(1p)}} for more information; or read the [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions Linux.com] article.</div>Gen2ly