³o¸`´yz§A»Ýnª¾¹D¦³¨Çµ{¦¡¦b¦w¸Ë®É´N¤w¸g¦³ Shadow Suite¡C ¤j³¡¤Àªº¸ê°T¦b¾Þ§@¤â¥U¥i¥H§ä¨ì¡C
Shadow Suite ·s¼W¤U¦C«ü¥O¥Î¨Ó·s¼W¡B×§ï©M§R°£¨Ï¥ÎªÌ¡C ³o¤]¬O¥i¥H¦w¸Ë
adduser
µ{¦¡¡C
useradd
¨Ï¥O¥i¥Î¦b¨t²Î¤¤·s¼W¨Ï¥ÎªÌ¡C §A¤]¥i¥H±Ä¥Î¦¹«ü¥O¨Ó§ïÅܹw³]¦r¦ê¡C
§AÀ³¸Ó°µªº²Ä¤@¥ó¨Æ¬OÀˬd¹w³]ȳ]©w©M°w¹ï§Aªº¨t²Î¶i¦æ§ïÅÜ¡G
useradd -D
GROUP=1 HOME=/home INACTIVE=0 EXPIRE=0 SHELL= SKEL=/etc/skel
¹w³]Ȥ£¥þ¬O§Anªº¡A©Ò¥H¦pªG§A¶}©l·s¼W¨Ï¥ÎªÌ¡A§A¥²¶·¸Ô¾\¨CӨϥΪ̸ê°T¡C ¦Ó¥B¡A§ÚÌ¥i¯à©MÀ³¸Ó§ïÅܳ]©wÈ¡C
¦b§Úªº¨t²Î¤W¡G
/bin/bash
useradd -D -g100 -e60 -f0 -s/bin/bash
²{¦b°õ¦æ useradd -D
±N±o¨ì¡G
GROUP=100 HOME=/home INACTIVE=0 EXPIRE=60 SHELL=/bin/bash SKEL=/etc/skel
¾¨ºÞ¨Ì·Ó§A»Ýn×§ï¡A¹w³]ȱN¦s¦b /etc/default/useradd
.
¥ý¦b§A¥i¥H¨Ï¥Î useradd
¨Ó·s¼W¨t²Î¨Ï¥ÎªÌ¡CÁ|¨Ò»¡©ú¡A·s¼W¤@¨Ï¥ÎªÌ fred
¨Ï¥Î¹w³]Ȥ覡¦p¤U¡G
useradd -m -c "Fred Flintstone" fred
³o±N¦b /etc/passwd
Àɤ¤ªº¤@¦æ«Ø¥ß¦p¤U¡G
fred:*:505:100:Fred Flintstone:/home/fred:/bin/bash
¥B¦b /etc/shadow
Àɤ¤ªº¤@¦æ«Ø¥ß¦p¤U¡F
fred:!:0:0:60:0:0:0:0
fred
ªº®Ú¥Ø¿ý±N³Q«Ø¥ß¥B /etc/skel
ªº¤º®e±N³Q½Æ»s¦]¬°«ü¥O¥y¤¤¦³
-m
³]©w¡C
¦]¬°§Ų́弸Ôz UID¡A¨t²Î·|ª½±µ´M§ä¤U¤@Ó¥iÀò±oªº½s¸¹¡C
fred
ªº±b¸¹³Q«Ø¥ßÅo¡A¦ý¬O fred
¤´µM¤£¯àñ¤Jª½¨ì§Ṳ́£¦AÂê¦í(unlock)³oÓ±b¸¹¡C
³z¹L§ó§ï±K½X§¹¦¨ unlock ±b¸¹¡A¤èªk¦p¤U¡G
passwd fred
Changing password for fredó Enter the new password (minimum of 5 characters) Please use a combination of upper and lower case letters and numbers. New Password: ******* Re-enter new password: *******
/etc/shadow
ÀɱN¥]§t¡G
fred:J0C.WDR1amIt6:9559:0:60:0:0:0:0
¥B fred
±N¥i¥Hñ¤J©M¨Ï¥Î¸Ó¨t²Î¡C
useradd
©M¨ä¥Lªþ±a Shadow Suite ¤ñ¸û¦nªº¦a¤è¬O¥i¥H¦Û°Ê§ïÅÜ
/etc/passwd
©M /etc/shadow
¡C ©Ò¥H¦pªG§A¥¿¦b·s¼W¤@ӨϥΪ̡A
¥B¥t¤@ӨϥΪ̥¿¦b§ó§ï±K½X¡A³o¨âÓ¾Þ§@³£¥i¥H¥¿½Tªº°õ¦æ¡C
§A¨Ï¥Î´£¨Ñªº«ü¥O¤ñª½±µ¦s¨ú /etc/passwd
©M /etc/shadow
ÀÉÁÙ¦n¡C
¦pªG§A¥¿½s¿è /etc/shadow
ÀÉ¡A¥B¦³Ó¨Ï¥ÎªÌ¦b§A½s¿è®Én§ïÅÜ¥Lªº±K½X¡A
µM«á§AÀx¦s½s¿èµ²ªG¡A³oӨϥΪ̪º±K½X±N·|¿ò¥¢±¼¡C
³o¸Ì¬O¨Ï¥Î useradd
©M passwd
·s¼W¨Ï¥ÎªÌªº¤@¨Ç interactive script ¡G
#!/bin/bash # # /sbin/newuser - A script to add users to the system using the Shadow # Suite's useradd and passwd commands. # # Written my Mike Jackson <mhjack@tscnet.com> as an example for the Linux # Shadow Password Howto. Permission to use and modify is expressly granted. # # This could be modified to show the defaults and allow modification similar # to the Slackware Adduser program. It could also be modified to disallow # stupid entries. (i.e. better error checking). # ## # Defaults for the useradd command ## GROUP=100 # Default Group HOME=/home # Home directory location (/home/username) SKEL=/etc/skel # Skeleton Directory INACTIVE=0 # Days after password expires to disable account (0=never) EXPIRE=60 # Days that a passwords lasts SHELL=/bin/bash # Default Shell (full path) ## # Defaults for the passwd command ## PASSMIN=0 # Days between password changes PASSWARN=14 # Days before password expires that a warning is given ## # Ensure that root is running the script. ## WHOAMI=`/usr/bin/whoami` if [ $WHOAMI != "root" ]; then echo "You must be root to add news users!" exit 1 fi ## # Ask for username and fullname. ## echo "" echo -n "Username: " read USERNAME echo -n "Full name: " read FULLNAME # echo "Adding user: $USERNAME." # # Note that the "" around $FULLNAME is required because this field is # almost always going to contain at least on space, and without the "'s # the useradd command would think that you we moving on to the next # parameter when it reached the SPACE character. # /usr/sbin/useradd -c"$FULLNAME" -d$HOME/$USERNAME -e$EXPIRE \ -f$INACTIVE -g$GROUP -m -k$SKEL -s$SHELL $USERNAME ## # Set password defaults ## /bin/passwd -n $PASSMIN -w $PASSWARN $USERNAME >/dev/null 2>&1 ## # Let the passwd command actually ask for password (twice) ## /bin/passwd $USERNAME ## # Show what was done. ## echo "" echo "Entry from /etc/passwd:" echo -n " " grep "$USERNAME:" /etc/passwd echo "Entry from /etc/shadow:" echo -n " " grep "$USERNAME:" /etc/shadow echo "Summary output of the passwd command:" echo -n " " passwd -S $USERNAME echo ""
·s¼W¨Ï¥ÎªÌ¬O¥Î script ¤ñª½±µ½s¿è /etc/passwd
/ /etc/shadow
ÀɩΨϥÎ
¹³ Slackware ªº adduser
µ{¦¡ÁÙn¦n¡C
»Ýn§ó¦h useradd
¸ê°T½Ð°Ñ·Ó½u¤W¾Þ§@¤â¥U¡C
usermod
µ{¦¡¬O¥Î¦b×§ï¨Ï¥ÎªÌ¸ê°T¡C
¥¦ªº°Ñ¼Æ¨Ï¥Î©M useradd
µ{¦¡Ãþ¦ü¡C
¦pªG§An§ó·s fred
ªº shell¡A§An§@¤U¦C¨BÆJ¡G
usermod -s /bin/tcsh fred
²{¦b fred
ªº /etc/passwd
ÀɱNÅܦ¨¡G
fred:*:505:100:Fred Flintstone:/home/fred:/bin/tcsh
¦pªGn¨Ï fred
ªº±b¸¹¨ì´Á¤é¬° 09/15/97¡G
usermod -e 09/15/97 fred
²{¦b fred
¦b /etc/shadow
ªºÄæ¦ìÅܦ¨¡G
fred:J0C.WDR1amIt6:9559:0:60:0:0:10119:0
»Ýn§ó¦h usermod
¸ê°T½Ð°Ñ·Ó½u¤W¾Þ§@¤â¥U¡C
userdel
¥Î¦b§R°£¨Ï¥ÎªÌ¡A¨Ï¥Î¤èªk¬°¡G
userdel -r username
-r
°Ñ¼Æ¥i¥H±N¸Ó¨Ï¥ÎªÌ®Ú¥Ø¿ý¥þ³¡²¾°£¡C¦ì¦b´Á«Ý¥Ø¿ýªºÀɮ׫h»Ý¤â°Ê²¾°£¡C
¦pªG§A¥u¬On²³æªºÂê¦í±b¸¹¦Ó¨S¦³n§R°£¥¦¡A«ØÄ³§A¨Ï¥Î passwd
«ü¥O¡C
passwd
«ü¥O«Ü©úÅã¨Ï¥Î¦b§ïÅܱK½X¡A°£¦¹¤§¥~¡A
¥i¥Ñ root ¨Ï¥Î¦b¡G
-l
and -u
)-x
)-n
)-w
)-i
)-S
)Á|¨Ò»¡©ú¡A¦pªGnÂꦺ fred
±b¸¹¡G
passwd -S fred
fred P 03/04/96 0 60 0 0
³oªí¥Ü fred
ªº±K½X¬O¦³®Äªº¡A¥¦¦b 03/04/96 ³Q×§ï¥B¥ô¦ó®É¶¡³£¥i³Q×§ï
¡A fred ±N¤£·|¦¬¨ìĵ§i¥B±b¸¹±N¤£·|¦]±K½X¨ì´Á¦ÓÃö³¬¡C
³oªí¥Ü¦pªG fred
¦b±K½X¨ì´Á«áñ¤J¡A¥¦±N³Qn¨D¥Î¤@Ó·s±K½Xñ¤J¡C
¦pªG§Ų́M©wnĵ§i fred
¦b±K½X¹L´Á«e 14 ¤Ñ¡A¥BÅý¥¦ªº±b¸¹¦b¨ì´Á«á14¤Ñĵ§i¡A
§ÚÌ»Ýn§@¤U¦C¨BÆJ¡G
passwd -w14 -i14 fred
²{¦b fred
§ïÅܬ°¡G
fred P 03/04/96 0 60 14 14
»Ýn§ó¦h passwd
¸ê°T½Ð°Ñ·Ó½u¤W¾Þ§@¤â¥U¡C
/etc/login
ÀɬO¹ï login
µ{¦¡ªº configuration file ¥B ¹ï
Shadow Suite¡C
/etc/login
¥]§t±q¹w³]ȱK½X§ïÅܪºÅX°Ê³]©w¡C
/etc/login.defs
ÀɬO¤@ӫܦnªº¤å¥óÀÉ¡AµM¦Ó¤´¦³¨Ç¨Æ±¡nª`·N¡G
¸ò¥h¤Wz§A¥i¥Hµo²{³o¬O¤@Ó«nÀÉ¡A¥B§AÀ³¸Ó½T»{¥Ø«e³]©w¤Î§A±N¹ï§A¨t²Îªº³]©w¤º®e¡C
/etc/groups
ÀÉ¥]¬A¤¹³\¬O¥ÎªÌ¦s¨ú¸s²Õ¤§±K½X¡C ¦pªG§A©w¸q
SHADOWGRP
¦b /usr/src/shadow-YYMMDD/config.h
ÀɱN¶}±Ò¸Ó¥\¯à¡C
¦pªG§A©w¸q¸Ó±`¼Æ¥B½sĶ¥¦¡A§A»Ý«Ø¥ß¤@Ó /etc/gshadow
ÀɨӫO¦s¸s²Õ±K½X
©M¸s²ÕºÞ²zªÌ¸ê°T¡C
·í§A«Ø¥ß /etc/shadow
¡C§A¨Ï¥Î¤@Ó©I¥sµ{¦¡¥s°µ pwconv
¡A
¸Óµ{¦¡¤£·|«Ø¥ß /etc/gshadow
ÀÉ¡A¦ý¬O³o¨SÃö«Y¡A¥un§A¦Û¦æ«Ø¥ß§Y¥i¡C
¬°¤F«Ø¥ß°_©l /etc/gshadow
ÀÉn°õ¦æ¤U¦C¨BÆJ¡G
touch /etc/gshadow
chown root.root /etc/gshadow
chmod 700 /etc/gshadow
¨C¦¸§A«Ø¥ß¤@Ó·s¸s²Õ¡A¥¦Ì·|³Q¥[¨ì /etc/group
©M /etc/gshadow
ÀÉ¡C
¦pªG§A³z¹L·s¼W©Î²¾°£¨Ï¥ÎªÌ¨Ó×§ï¸s²Õ©Î§ïÅܸs²Õ±K½X¡A/etc/gshadow
Àɳ£±N³Q§ïÅÜ¡C
groups
, groupadd
, groupmod
, ©M
groupdel
µ{¦¡¬O¥Î¨Ó¨ÑÀ³ Shadow Suite ³¡¤À¥i¥HÅܧó¸s²Õ¡C
/etc/group
Àɮ榡¦p¤U¡G
groupname:!:GID:member,member,...
¨ä¤¤¡G
groupname
The name of the group
!
The field that normally holds the password, but that
is now relocated to the /etc/gshadow
file.
GID
The numerical group ID number
member
List of group members
/etc/gshadow
Àɮ榡¦p¤U¡G
groupname:password:admin,admin,...:member,member,...
¨ä¤¤¡G
groupname
The name of the group
password
The encoded group password.
admin
List of group administrators
member
List of group members
gpasswd
«ü¥O¬O¥Î¦b·s¼W©Î²¾°£ºÞ²zªÌ©M¸s²Õ¦¨û¡C root
©Î¨ä¥L¦b
¸s²ÕºÞ²zªÌ¤Hû¥i·s¼W©Î²¾°£¸s²Õ¦¨û¡C
¸s²Õ±K½X¥i¥H³z¹L passwd
«ü¥O§ïÅÜ¡A»Ý³z¹L
root ©Î¦b¸Ó¸s²ÕºÞ²zªÌ¦³Åvªº±b¸¹¤è¥i×§ï¡C
Despite the fact that there is not currently a manual page for
gpasswd
, typing gpasswd
without any parameters gives a
listing of options. It's fairly easy to grasp how it all works once you
understand the file formats and the concepts.
pwck
µ{¦¡´£¨Ñ¦b /etc/passwd
©M /etc/shadow
Àɪº¤@P©ÊÀˬd¡C
¥¦±NÀˬd¨CӨϥΪ̦WºÙ¥B¨Ì·Ó¤U¦C¨BÆJ½T»{¡G
¥¦¤]·|ĵ§i¨S¦³±K½Xªº±b¸¹¡C
¦b¦w¸Ë Shadow Suite «á°õ¦æ pwck
¬O¤@ӫܦnªºÂI¤l¡C
¥¦¤]¥i¥H¨C¶g©Î¨C¤ë¶g´Á©Êªº°õ¦æ¡C ¦pªG§A¨Ï¥Î -r
°Ñ¼Æ¡A§A¥i¥H¥Î cron
¨Ó°õ¦æ¥B¦¬¨ì¹q¤l¶l¥ó³ø§i
grpck
Àˬd /etc/group
©M /etc/gshadow
Àɤ@P©Êªºµ{¦¡¡C
¥¦§@¤U¦CÀˬd¡G
¥¦¤]¦³ -r
°Ñ¼Æ¦Û°Ê²£¥Í³øªí¡C
Dial-up ±K½X¬O¥t¤@Ó¹ï¨t²Î¨¾¿mªº¿ï¶µ¦C¡A¸Ó¨t²Î¤¹³\¼·±µ¦s¨ú¡C
¦pªG§A¦³¤@Ó¨t²Î¤¹³\³\¦h¤H°Ï°ìºô¸ô³sµ²¡A¦ý¬O§A·Q¨î¼·±µªºÅv¡A¨º§A»Ý¨Ï¥Î dial-up
±K½X¡C ¬°¤Fn¶}±Ò dial-up ±K½X¡A§A¥²¶·½s¿è /etc/login.defs
ÀÉ¥B½T©w±N
DIALUPS_CHECK_ENAB
³]©w¬° yes
.
¦³¨âÓÀÉ®×¥]¬A dial-up ¸ê°T¡A /etc/dialups
¥]¬A ttys
(one per line, with the leading "/dev/" removed)¡C
¦pªG tty ¦³³Q¦C¥X¡A dial-up ªí¥Ü¤w¸g³QÀˬd¡C
²Ä¤GÓÀɬO /etc/d_passwd
¡C ³oÓÀÉ¥]¬A shell ¥þ³¡¦Xªk¸ô®|¦WºÙ¡C
¦pªG¥HӨϥΪÌñ¤J¤@±ø¦C¦b /etc/dialups
ªº½u(line)¡A¥B¥Lªº shell ³Q¦C¦b
/etc/d_passwd
ÀÉ¡A¥L±N³Q¤¹³\¦s¨ú³z¹L´£¨Ñ¥¿½Tªº±K½X¡C
¥t¤@ӨϥΠdial-up ±K½Xªº¥Øªº¬O³]©w«ü¤¹³\¬Y¨Ç§Î¦¡³sµ²ªº½u(¥i¯à¬OPPP ©Î UUCP ³sµ²)¡C ¦pªG¤@ӨϥΪ̸յ۱o¨ì¥t¤@ºØ§Î¦¡³sµ² (i.e. a list of shells)¡A¥L¥²¶·ª¾¹D¨Ï¥Î³o±ø½uªº±K½X¡C
¦b§A¥i¥H¦b¥¼¨Ó¨Ï¥Î dial-up «e¡A§A±K»Ý«Ø¥ß¤@¨ÇÀɮסC
dpasswd
«ü¥O´£¨Ñ¹ï¦b /etc/d_passwd
Àɪº shells «ü¬£±K½X¡C
¥i¥H¬Ý¾Þ§@¤â¥Uªº¨ì§ó¦h¸ê°T¡C