Next Previous Contents

7. ±N Shadow Suite ©ñ¶i¨Ó¨Ï¥Î¡C

³o¸`´y­z§A»Ý­nª¾¹D¦³¨Çµ{¦¡¦b¦w¸Ë®É´N¤w¸g¦³ Shadow Suite¡C ¤j³¡¤Àªº¸ê°T¦b¾Þ§@¤â¥U¥i¥H§ä¨ì¡C

7.1 ·s¼W¡B­×§ï©M§R°£¨Ï¥ÎªÌ

Shadow Suite ·s¼W¤U¦C«ü¥O¥Î¨Ó·s¼W¡B­×§ï©M§R°£¨Ï¥ÎªÌ¡C ³o¤]¬O¥i¥H¦w¸Ë adduser µ{¦¡¡C

useradd

useradd ¨Ï¥O¥i¥Î¦b¨t²Î¤¤·s¼W¨Ï¥ÎªÌ¡C §A¤]¥i¥H±Ä¥Î¦¹«ü¥O¨Ó§ïÅܹw³]¦r¦ê¡C

§AÀ³¸Ó°µªº²Ä¤@¥ó¨Æ¬OÀˬd¹w³]­È³]©w©M°w¹ï§Aªº¨t²Î¶i¦æ§ïÅÜ¡G

useradd -D

GROUP=1
HOME=/home
INACTIVE=0
EXPIRE=0
SHELL=
SKEL=/etc/skel

¹w³]­È¤£¥þ¬O§A­nªº¡A©Ò¥H¦pªG§A¶}©l·s¼W¨Ï¥ÎªÌ¡A§A¥²¶·¸Ô¾\¨C­Ó¨Ï¥ÎªÌ¸ê°T¡C ¦Ó¥B¡A§Ú­Ì¥i¯à©MÀ³¸Ó§ïÅܳ]©w­È¡C

¦b§Úªº¨t²Î¤W¡G

¬°¤F³o¨Ç§ïÅÜ¡A§Ú­n¨Ï¥Î¡G
useradd -D -g100 -e60 -f0 -s/bin/bash

²{¦b°õ¦æ useradd -D ±N±o¨ì¡G


GROUP=100
HOME=/home
INACTIVE=0
EXPIRE=60
SHELL=/bin/bash
SKEL=/etc/skel

¾¨ºÞ¨Ì·Ó§A»Ý­n­×§ï¡A¹w³]­È±N¦s¦b /etc/default/useradd.

¥ý¦b§A¥i¥H¨Ï¥Î useradd ¨Ó·s¼W¨t²Î¨Ï¥ÎªÌ¡CÁ|¨Ò»¡©ú¡A·s¼W¤@¨Ï¥ÎªÌ fred ¨Ï¥Î¹w³]­È¤è¦¡¦p¤U¡G

useradd -m -c "Fred Flintstone" fred

³o±N¦b /etc/passwd Àɤ¤ªº¤@¦æ«Ø¥ß¦p¤U¡G

fred:*:505:100:Fred Flintstone:/home/fred:/bin/bash
¥B¦b /etc/shadow Àɤ¤ªº¤@¦æ«Ø¥ß¦p¤U¡F
fred:!:0:0:60:0:0:0:0
fredªº®Ú¥Ø¿ý±N³Q«Ø¥ß¥B /etc/skel ªº¤º®e±N³Q½Æ»s¦]¬°«ü¥O¥y¤¤¦³ -m ³]©w¡C

¦]¬°§Ú­Ì¨Ã¥¼¸Ô­z UID¡A¨t²Î·|ª½±µ´M§ä¤U¤@­Ó¥iÀò±oªº½s¸¹¡C

fredªº±b¸¹³Q«Ø¥ßÅo¡A¦ý¬O fred ¤´µM¤£¯àñ¤Jª½¨ì§Ú­Ì¤£¦AÂê¦í(unlock)³o­Ó±b¸¹¡C ³z¹L§ó§ï±K½X§¹¦¨ unlock ±b¸¹¡A¤èªk¦p¤U¡G

passwd fred

Changing password for fredó
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
New Password: *******
Re-enter new password: *******

²{¦b /etc/shadow ÀɱN¥]§t¡G
fred:J0C.WDR1amIt6:9559:0:60:0:0:0:0
¥B fred ±N¥i¥Hñ¤J©M¨Ï¥Î¸Ó¨t²Î¡C useradd ©M¨ä¥Lªþ±a Shadow Suite ¤ñ¸û¦nªº¦a¤è¬O¥i¥H¦Û°Ê§ïÅÜ /etc/passwd ©M /etc/shadow ¡C ©Ò¥H¦pªG§A¥¿¦b·s¼W¤@­Ó¨Ï¥ÎªÌ¡A ¥B¥t¤@­Ó¨Ï¥ÎªÌ¥¿¦b§ó§ï±K½X¡A³o¨â­Ó¾Þ§@³£¥i¥H¥¿½Tªº°õ¦æ¡C

§A¨Ï¥Î´£¨Ñªº«ü¥O¤ñª½±µ¦s¨ú /etc/passwd ©M /etc/shadow ÀÉÁÙ¦n¡C ¦pªG§A¥¿½s¿è /etc/shadow ÀÉ¡A¥B¦³­Ó¨Ï¥ÎªÌ¦b§A½s¿è®É­n§ïÅÜ¥Lªº±K½X¡A µM«á§AÀx¦s½s¿èµ²ªG¡A³o­Ó¨Ï¥ÎªÌªº±K½X±N·|¿ò¥¢±¼¡C

³o¸Ì¬O¨Ï¥Î useradd ©M passwd ·s¼W¨Ï¥ÎªÌªº¤@¨Ç interactive script ¡G


#!/bin/bash
#
# /sbin/newuser - A script to add users to the system using the Shadow
#                 Suite's useradd and passwd commands.
#
# Written my Mike Jackson <mhjack@tscnet.com> as an example for the Linux
# Shadow Password Howto.  Permission to use and modify is expressly granted.
#
# This could be modified to show the defaults and allow modification similar
# to the Slackware Adduser program.  It could also be modified to disallow
# stupid entries.  (i.e. better error checking).
#
##
#  Defaults for the useradd command
##
GROUP=100        # Default Group
HOME=/home       # Home directory location (/home/username)
SKEL=/etc/skel   # Skeleton Directory
INACTIVE=0       # Days after password expires to disable account (0=never)
EXPIRE=60        # Days that a passwords lasts
SHELL=/bin/bash  # Default Shell (full path)
##
#  Defaults for the passwd command
##
PASSMIN=0        # Days between password changes
PASSWARN=14      # Days before password expires that a warning is given
##
#  Ensure that root is running the script.
##
WHOAMI=`/usr/bin/whoami`
if [ $WHOAMI != "root" ]; then
        echo "You must be root to add news users!"
        exit 1
fi
##
#  Ask for username and fullname.
##
echo ""
echo -n "Username: "
read USERNAME
echo -n "Full name: "
read FULLNAME
#
echo "Adding user: $USERNAME."
#
# Note that the "" around $FULLNAME is required because this field is
# almost always going to contain at least on space, and without the "'s
# the useradd command would think that you we moving on to the next
# parameter when it reached the SPACE character.
#
/usr/sbin/useradd -c"$FULLNAME" -d$HOME/$USERNAME -e$EXPIRE \
        -f$INACTIVE -g$GROUP -m -k$SKEL -s$SHELL $USERNAME
##
#  Set password defaults
##
/bin/passwd -n $PASSMIN -w $PASSWARN $USERNAME >/dev/null 2>&1
##
#  Let the passwd command actually ask for password (twice)
##
/bin/passwd $USERNAME
##
#  Show what was done.
##
echo ""
echo "Entry from /etc/passwd:"
echo -n "   "
grep "$USERNAME:" /etc/passwd
echo "Entry from /etc/shadow:"
echo -n "   "
grep "$USERNAME:" /etc/shadow
echo "Summary output of the passwd command:"
echo -n "   "
passwd -S $USERNAME
echo ""

·s¼W¨Ï¥ÎªÌ¬O¥Î script ¤ñª½±µ½s¿è /etc/passwd / /etc/shadow ÀɩΨϥΠ¹³ Slackware ªº adduser µ{¦¡ÁÙ­n¦n¡C

»Ý­n§ó¦h useradd ¸ê°T½Ð°Ñ·Ó½u¤W¾Þ§@¤â¥U¡C

usermod

usermod µ{¦¡¬O¥Î¦b­×§ï¨Ï¥ÎªÌ¸ê°T¡C ¥¦ªº°Ñ¼Æ¨Ï¥Î©M useradd µ{¦¡Ãþ¦ü¡C

¦pªG§A­n§ó·s fred ªº shell¡A§A­n§@¤U¦C¨BÆJ¡G

usermod -s /bin/tcsh fred

²{¦b fred ªº /etc/passwd ÀɱNÅܦ¨¡G

fred:*:505:100:Fred Flintstone:/home/fred:/bin/tcsh
¦pªG­n¨Ï fred ªº±b¸¹¨ì´Á¤é¬° 09/15/97¡G
usermod -e 09/15/97 fred
²{¦b fred ¦b /etc/shadow ªºÄæ¦ìÅܦ¨¡G
fred:J0C.WDR1amIt6:9559:0:60:0:0:10119:0

»Ý­n§ó¦h usermod ¸ê°T½Ð°Ñ·Ó½u¤W¾Þ§@¤â¥U¡C

userdel

userdel ¥Î¦b§R°£¨Ï¥ÎªÌ¡A¨Ï¥Î¤èªk¬°¡G

userdel -r username
-r °Ñ¼Æ¥i¥H±N¸Ó¨Ï¥ÎªÌ®Ú¥Ø¿ý¥þ³¡²¾°£¡C¦ì¦b´Á«Ý¥Ø¿ýªºÀɮ׫h»Ý¤â°Ê²¾°£¡C

¦pªG§A¥u¬O­n²³æªºÂê¦í±b¸¹¦Ó¨S¦³­n§R°£¥¦¡A«ØÄ³§A¨Ï¥Î passwd «ü¥O¡C

7.2 passwd «ü¥O©M passwd ¦Ñ¤Æ

passwd «ü¥O«Ü©úÅã¨Ï¥Î¦b§ïÅܱK½X¡A°£¦¹¤§¥~¡A ¥i¥Ñ root ¨Ï¥Î¦b¡G

Á|¨Ò»¡©ú¡A¦pªG­nÂꦺ fred ±b¸¹¡G

passwd -S fred
fred P 03/04/96 0 60 0 0
³oªí¥Ü fred ªº±K½X¬O¦³®Äªº¡A¥¦¦b 03/04/96 ³Q­×§ï¥B¥ô¦ó®É¶¡³£¥i³Q­×§ï ¡A fred ±N¤£·|¦¬¨ìĵ§i¥B±b¸¹±N¤£·|¦]±K½X¨ì´Á¦ÓÃö³¬¡C

³oªí¥Ü¦pªG fred ¦b±K½X¨ì´Á«áñ¤J¡A¥¦±N³Q­n¨D¥Î¤@­Ó·s±K½Xñ¤J¡C

¦pªG§Ú­Ì¨M©w­nĵ§i fred ¦b±K½X¹L´Á«e 14 ¤Ñ¡A¥BÅý¥¦ªº±b¸¹¦b¨ì´Á«á14¤Ñĵ§i¡A §Ú­Ì»Ý­n§@¤U¦C¨BÆJ¡G

passwd -w14 -i14 fred
²{¦b fred §ïÅܬ°¡G
fred P 03/04/96 0 60 14 14
»Ý­n§ó¦h passwd ¸ê°T½Ð°Ñ·Ó½u¤W¾Þ§@¤â¥U¡C

7.3 login.defs ÀÉ

/etc/login ÀɬO¹ï login µ{¦¡ªº configuration file ¥B ¹ï Shadow Suite¡C

/etc/login ¥]§t±q¹w³]­È±K½X§ïÅܪºÅX°Ê³]©w¡C

/etc/login.defs ÀɬO¤@­Ó«Ü¦nªº¤å¥óÀÉ¡AµM¦Ó¤´¦³¨Ç¨Æ±¡­nª`·N¡G

¸ò¥h¤W­z§A¥i¥Hµo²{³o¬O¤@­Ó­«­nÀÉ¡A¥B§AÀ³¸Ó½T»{¥Ø«e³]©w¤Î§A±N¹ï§A¨t²Îªº³]©w¤º®e¡C

7.4 ¸s²Õ±K½X

/etc/groups ÀÉ¥]¬A¤¹³\¬O¥ÎªÌ¦s¨ú¸s²Õ¤§±K½X¡C ¦pªG§A©w¸q SHADOWGRP ¦b /usr/src/shadow-YYMMDD/config.h ÀɱN¶}±Ò¸Ó¥\¯à¡C

¦pªG§A©w¸q¸Ó±`¼Æ¥B½sĶ¥¦¡A§A»Ý«Ø¥ß¤@­Ó /etc/gshadow ÀɨӫO¦s¸s²Õ±K½X ©M¸s²ÕºÞ²zªÌ¸ê°T¡C

·í§A«Ø¥ß /etc/shadow¡C§A¨Ï¥Î¤@­Ó©I¥sµ{¦¡¥s°µ pwconv¡A ¸Óµ{¦¡¤£·|«Ø¥ß /etc/gshadow ÀÉ¡A¦ý¬O³o¨SÃö«Y¡A¥u­n§A¦Û¦æ«Ø¥ß§Y¥i¡C

¬°¤F«Ø¥ß°_©l /etc/gshadow ÀÉ­n°õ¦æ¤U¦C¨BÆJ¡G

touch /etc/gshadow
chown root.root /etc/gshadow
chmod 700 /etc/gshadow

¨C¦¸§A«Ø¥ß¤@­Ó·s¸s²Õ¡A¥¦­Ì·|³Q¥[¨ì /etc/group ©M /etc/gshadow ÀÉ¡C ¦pªG§A³z¹L·s¼W©Î²¾°£¨Ï¥ÎªÌ¨Ó­×§ï¸s²Õ©Î§ïÅܸs²Õ±K½X¡A/etc/gshadow Àɳ£±N³Q§ïÅÜ¡C

groups, groupadd, groupmod, ©M groupdel µ{¦¡¬O¥Î¨Ó¨ÑÀ³ Shadow Suite ³¡¤À¥i¥HÅܧó¸s²Õ¡C

/etc/group Àɮ榡¦p¤U¡G

groupname:!:GID:member,member,...
¨ä¤¤¡G
groupname

The name of the group

!

The field that normally holds the password, but that is now relocated to the /etc/gshadow file.

GID

The numerical group ID number

member

List of group members

/etc/gshadow Àɮ榡¦p¤U¡G

groupname:password:admin,admin,...:member,member,...
¨ä¤¤¡G
groupname

The name of the group

password

The encoded group password.

admin

List of group administrators

member

List of group members

gpasswd «ü¥O¬O¥Î¦b·s¼W©Î²¾°£ºÞ²zªÌ©M¸s²Õ¦¨­û¡C root ©Î¨ä¥L¦b ¸s²ÕºÞ²zªÌ¤H­û¥i·s¼W©Î²¾°£¸s²Õ¦¨­û¡C

¸s²Õ±K½X¥i¥H³z¹L passwd «ü¥O§ïÅÜ¡A»Ý³z¹L root ©Î¦b¸Ó¸s²ÕºÞ²zªÌ¦³Åv­­ªº±b¸¹¤è¥i­×§ï¡C

Despite the fact that there is not currently a manual page for gpasswd, typing gpasswd without any parameters gives a listing of options. It's fairly easy to grasp how it all works once you understand the file formats and the concepts.

7.5 Àˬdµ{¦¡¤@­P©Ê

pwck

pwck µ{¦¡´£¨Ñ¦b /etc/passwd ©M /etc/shadow Àɪº¤@­P©ÊÀˬd¡C ¥¦±NÀˬd¨C­Ó¨Ï¥ÎªÌ¦WºÙ¥B¨Ì·Ó¤U¦C¨BÆJ½T»{¡G

¥¦¤]·|ĵ§i¨S¦³±K½Xªº±b¸¹¡C

¦b¦w¸Ë Shadow Suite «á°õ¦æ pwck ¬O¤@­Ó«Ü¦nªºÂI¤l¡C ¥¦¤]¥i¥H¨C¶g©Î¨C¤ë¶g´Á©Êªº°õ¦æ¡C ¦pªG§A¨Ï¥Î -r °Ñ¼Æ¡A§A¥i¥H¥Î cron ¨Ó°õ¦æ¥B¦¬¨ì¹q¤l¶l¥ó³ø§i

grpck

grpck Àˬd /etc/group ©M /etc/gshadow Àɤ@­P©Êªºµ{¦¡¡C ¥¦§@¤U¦CÀˬd¡G

¥¦¤]¦³ -r °Ñ¼Æ¦Û°Ê²£¥Í³øªí¡C

7.6 Dial-up ±K½X

Dial-up ±K½X¬O¥t¤@­Ó¹ï¨t²Î¨¾¿mªº¿ï¶µ¦C¡A¸Ó¨t²Î¤¹³\¼·±µ¦s¨ú¡C ¦pªG§A¦³¤@­Ó¨t²Î¤¹³\³\¦h¤H°Ï°ìºô¸ô³sµ²¡A¦ý¬O§A·Q­­¨î¼·±µªºÅv­­¡A¨º§A»Ý¨Ï¥Î dial-up ±K½X¡C ¬°¤F­n¶}±Ò dial-up ±K½X¡A§A¥²¶·½s¿è /etc/login.defs ÀÉ¥B½T©w±N DIALUPS_CHECK_ENAB ³]©w¬° yes.

¦³¨â­ÓÀÉ®×¥]¬A dial-up ¸ê°T¡A /etc/dialups ¥]¬A ttys (one per line, with the leading "/dev/" removed)¡C ¦pªG tty ¦³³Q¦C¥X¡A dial-up ªí¥Ü¤w¸g³QÀˬd¡C

²Ä¤G­ÓÀɬO /etc/d_passwd ¡C ³o­ÓÀÉ¥]¬A shell ¥þ³¡¦Xªk¸ô®|¦WºÙ¡C

¦pªG¥H­Ó¨Ï¥ÎªÌñ¤J¤@±ø¦C¦b /etc/dialups ªº½u(line)¡A¥B¥Lªº shell ³Q¦C¦b /etc/d_passwd ÀÉ¡A¥L±N³Q¤¹³\¦s¨ú³z¹L´£¨Ñ¥¿½Tªº±K½X¡C

¥t¤@­Ó¨Ï¥Î dial-up ±K½Xªº¥Øªº¬O³]©w«ü¤¹³\¬Y¨Ç§Î¦¡³sµ²ªº½u(¥i¯à¬OPPP ©Î UUCP ³sµ²)¡C ¦pªG¤@­Ó¨Ï¥ÎªÌ¸ÕµÛ±o¨ì¥t¤@ºØ§Î¦¡³sµ² (i.e. a list of shells)¡A¥L¥²¶·ª¾¹D¨Ï¥Î³o±ø½uªº±K½X¡C

¦b§A¥i¥H¦b¥¼¨Ó¨Ï¥Î dial-up «e¡A§A±K»Ý«Ø¥ß¤@¨ÇÀɮסC

dpasswd «ü¥O´£¨Ñ¹ï¦b /etc/d_passwd Àɪº shells «ü¬£±K½X¡C ¥i¥H¬Ý¾Þ§@¤â¥Uªº¨ì§ó¦h¸ê°T¡C


Next Previous Contents