Professional Documents
Culture Documents
QuanTriNguoiDung
QuanTriNguoiDung
QuanTriNguoiDung
superuser thch hp cho tng dch v trnh dng root cho cc cng tc ny. V d nh superuser cho cng tc backup ch cn chc nng c (read-only) m khng cn chc nng ghi.
Nhm - groups
Mi ngi dng trong cc h unix hay Linux u thuc v mt nhm. Nhm dng gom nhm cc users c chung mt quyn hoc chnh sch ring i vi h thng nhm to thun li trong vic qun tr h thng Linux. V d nh trong mt c quan, c nhiu phng ban, mi phng ban c cc users v cc users ca cc phng ban khc nhau s c cc chnh sch bo mt khc nhau. Cc users thng ch c s dng ti nguyn h thng mt cch c h thng. Chng hn cc users ca vn phng v cc phng nghin cu c s dng cc ti nguyn sau: Truy cp Web S dng e-mail trao i thng tin S dng cc chng trnh chat, icq trao i tin tc Truy cp n cc file server trong cng ty Khng c login vo cc my ch, khng c chy chng trnh trn my ch Tuy nhin cc users ca phng qun tr h thng c th c cc quyn u tin hn: Bao gm cc quyn ca ngi dng bnh thng trn C quyn thc thi mt s lnh c bit dnh cho qun tr h thng C th login vo server. Cc nhm c t quyn cc thnh vin ca n c th truy nhp n cc thit b, file, h thng file hoc ton b my tnh m nhng ngi khc nhm c th b hn ch. Cc thng tin v nhm c lu trong file /etc/groups
suse:~ # more /etc/group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2: sys:x:3: kmem:x:9:
wheel:x:10: mail:x:12:cyrus news:x:13:news uucp:x:14:uucp,fax,root,fnet,tuanna shadow:x:15:root,gdm named:x:44:named dbmaker:x:52: oinstall:x:54: dba:x:55:oracle localham:x:56:dpbox logmastr:x:57: users:x:100: nogroup:x:65534:root suse:~ #
group name:group password:group ID:users group name: Tn duy nht xc nh mt nhm, thng di ti a 8 k t group password:Trng mt khu c m ho, thng trng hoc l du *. Cng c th l mt khu m user mun gia nhp nhm phi nhp vo. Tuy nhin khng phi phin bn no ca Unix u s dng trng ny do n c trng tng thch vi nhau. group ID: S duy nht cho mi nhm, c s dng bi h iu hnh users : Cha danh sch mi tn ngi dng thuc nhm , phn cch bi du ",". Danh sch ny khng k nhng ngi dng thuc nhm theo s hiu nhm c ghi trong file /etc/passwd ca ngi (tc l nhng thnh vin mc nh ca nhm).
Mi h Linux u c mt s cc nhm mc nh thuc h iu hnh. Cc nhm ny thng l bin,mail,uucp,sys, Do vy khng nn cho mt ngi s dng thuc vo nhm ny v chng s c quyn tng ng nh root. Ch c cc ng nhp h thng mi cho php truy nhp n cc nhm ca h iu hnh . Cc nhm mc nh ca h thng: 1 root/wheel/system: thng dng cho php ngi dng s dng lnh su chuyn ln quyn root.
2 deamon: dng ch nhng ngi lm ch th mc spool ( mail, squid, lpd,) 3 kmem: dng cho cc chng trnh truy cp n kernel, b nh trc tip ( ps ) 4 tty: lm ch tt c cc file c bit dng lm vic vi terminal Thm nhm groupadd hoc addgroup Xo nhm groupdel hoc delgroup
Tp tin /etc/passwd
Tp tin /etc/passwd ng mt vai tr sng cn i vi mt h thng Unix. Mi ngi u c th c c tp tin ny nhng ch c root mi c quyn thay i n. Tp tin /etc/passwd c lu di dng text nh i a s cc tp tin cu hnh ca Unix.
[oracle@appserv oracle]$ more /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: ... tuanna:x:501:501:Tuanna:/home/tuanna:/bin/bash
Mi user c lu trong mt dng gm 7 ct. Ct 1 : tn ngi s dng Ct 2 : m lin quan n passwd cho Unix chun v x i vi Linux. Linux lu m ny trong mt tp tin khc /etc/shadow m ch c root mi c quyn c. Ct 3:4 : user ID:group ID Ct 5: Tn y ca ngi s dng. Mt s phn mm ph password s dng d liu ca ct ny th on password. Ct 6: th mc c nhn Ct 7: chng trnh s chy u tin sau khi login (thng l shell) cho user
Tp tin m u bi superuser root. Ch l tt c nhng user c user ID = 0 u l root!!! Tip theo l cc user h thng. y l cc user khng c tht v khng th login vo h thng. Cui cng l cc user bnh thng.
Tp tin /etc/shadow
Unix truyn thng lu cc thng tin lin quan ti mt khu ng nhp (login) trong /etc/passwd. Tuy nhhin, do y l tp tin phi c c bi tt c mi ngi do mt s yu cu cho hot ng bnh thng ca h thng (nh chuyn User ID thnh tn khi hin th trong lnh ls chng hn) v nhn chung cc user t mt khu "yu", do hu ht cc Unix phin bn mi u lu mt khu trong mt tp tin khc /etc/shadow v ch co root c quyn c tp tin ny. Ch : Theo cch xy dng m ha mt khu, ch c 2 cch ph mt khu l vt cn (brute force) v on. Phng php vt cn, theo tnh ton cht ch, l khng th thc hin ni v i hi thi gian tnh ton qu ln, cn on th ch tm ra nhng mt khu ngn, hoc "yu", v d nh nhng t tm thy trong t in nh god, darling ...
-G group : nhm m ngi dng thuc vo -p passwd: password ca ngi dng, password ny phi c m ho trc -s shell: shell mc nh ca user -u uid : user identification login : tn username. V d: [root@appserv oracle]# /usr/sbin/adduser foo [root@appserv oracle]# passwd foo Changing password for user foo New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully [root@appserv oracle]# Sau khi bn to xong user bi dng u tin ca v d trn, user foo vn cha kt ni c v thiu password. Bn phi khi to password cho foo bi lnh passwd foo nh thy trn. V vn an ninh ca my Unix ny v ko theo s an ton ca ton h thng mng ca bn, rt quan trng chn ng password. Mt password gi l ng nu : C di ti thiu 8 k t. Phi hp gia ch thng, ch hoa, s v cc k t c bit Khng lin quan n tn tui, ngy sinh ca bn v ngi thn Khng c trong t in Trong v d trn, bn khi to ngi dng v khng quan tm g n nhm (group) ca ngi dng. Rt tin li nu bn tp hp nhiu ngi dng vo chung mt nhm c cng mt chc nng v cng chia s nhau d liu. Khi bn to ngi s dng nh trn, Linux s to cho mi ngi mt nhm. c tp tin /etc/passwd ta thy [root@appserv oracle]# more /etc/passwd|grep foo
foo:x:1012:1013::/home/foo:/bin/bash [root@appserv oracle]# foo l user s 1012 v thuc nhm 1013. Xem tp tin /etc/group ta thy [root@appserv oracle]# more /etc/group root:x:0:root . users:x:100: foo:x:1013: v ta c th kt np foo vo nhm users bng cch thay s 1013 bng 100, l group ID ca users.
Lnh userdel
Lnh userdel dng xa mt user. Bn cng c th xa mt user bng cch xa i dng d liu tng ng trong tp tin /etc/passwd. Qu trnh xo bng tay : 1. Xo im nhp tng ng vi ngi dng trong /etc/passwd v trong /etc/group. 2. Xo cc file mail v mail alias ca ngi dng 3. Xo mi cron v at 4. Xo th mc c nhn ca user