第20章安全与用户管理.ppt

Change Group Attributes Group NAME [staff] Group ID [1] # ADMINISTRATIVE group? false + USER list [ipsec,esaadmin + ADMINISTRATOR list [] + Projects [] + Initial Keystore Mode [] + Keystore Encryption Algorithm [] + Keystore Access [] + 修改/删除组 每日消息 文件 /etc/motd 包含显示每次用户登录信息的文本 文件应该只包含在用户看来必要的信息 如果文件$HOME/.hushlogin 在用户的宿主目录中存在, 那么文件/etc/motd 的内容对用户不可见 Security 文件 文件中习惯上包含用户的属性和访问控制信息: /etc/passwd 有效的用户 (而不是密码) /etc/group 有效的组 /etc/security 不能被普通用户访问的目录 /etc/security/passwd 用户密码 /etc/security/user 用户属性、密码、限制 /etc/security/group 组属性 /etc/security/limits 用户限制 /etc/security/environ 用户环境设置 /etc/security/login.cfg 登录设置 /etc/passwd文件 $ cat /etc/passwd root:!:0:0::/:/usr/bin/ksh daemon:!:1:1::/etc: bin:!:2:2::/bin: sys:!:3:3::/usr/sys: adm:!:4:4::/var/adm: uucp:!:5:5::/usr/lib/uucp: guest:!:100:100::/home/guest: john:!:200:0:x7560 5th floor:/home/john:/usr/bin/ksh bill:*:201:1::/home/bill:/usr/bin/ksh /etc/security/passwd 文件 $ cat /etc/security/passwd root: password = 92t.mzJBjlfbY lastupdate = 885485990 flags = john: password = lastupdate = 884801337 flags = ADMCHG,ADMIN,NOCHECK /etc/security/user 文件 $ cat /etc/security/user default: admin = false login = true su = true daemon = true rlogin = true sugroups = ALL admgroups = ttys = ALL auth1 = SYSTEM auth2 = NONE tpath = nosak umask = 022 expires = 0 …… /etc/security/user 文件 default ... SYSTEM = compat logintimes = pwdwarntime = 0 account_locked = false loginretries = 0 histexpire = 0 histsize = 0 minage = 0 maxage = 0 maxexpired = -1 minalpha = 0 minother = 0 minlen = 0 mind