Mai amfani da gida da gudanarwa na rukuni - hanyoyin sadarwar SME

Janar jeri na jerin: Hanyoyin sadarwar Kwamfuta don SMEs: Gabatarwa

Barka dai abokai da abokai!

Wannan labarin ci gaba ne na Squid + PAM Authentication a cikin CentOS 7- SMB Networks.

UNIX / Linux tsarukan aiki suna ba da REAL muhalli mai amfani da yawa, wanda yawancin masu amfani zasu iya aiki lokaci guda akan tsari ɗaya kuma raba albarkatu kamar masu sarrafawa, rumbun kwamfutoci, ƙwaƙwalwar ajiya, hanyoyin sadarwa, na'urorin da aka saka a cikin tsarin, da sauransu.

A saboda wannan dalili, Masu Gudanarwar Tsarin aiki sun zama dole su ci gaba da sarrafa masu amfani da ƙungiyoyin tsarin kuma tsara da aiwatar da kyakkyawan tsarin gudanarwa.

Nan gaba zamu ga cikakkun bayanai game da wannan mahimmin aikin a cikin Tsarin Gudanarwar Linux.

Wani lokacin ya fi kyau a ba da Amfani sannan sannan Bukata.

Wannan misali ne na yau da kullun. Da farko za mu nuna yadda ake aiwatar da sabis na Wakilin Intanet tare da Squid da masu amfani na gari. Yanzu dole ne mu tambayi kanmu:

• ¿ta yaya zan iya aiwatar da ayyukan cibiyar sadarwa akan UNIX / Linux LAN daga masu amfani na gari kuma tare da amintaccen tsaro?.

Babu matsala hakan, ƙari, abokan Windows suna haɗi da wannan hanyar sadarwar. Abin sani kawai yana buƙatar buƙatun wane sabis ne Cibiyar Sadarwar SME ke buƙata kuma menene hanya mafi sauƙi da arha don aiwatar da su.

• ¿Wataƙila tsarin tabbatarwa a lokacin haihuwar KYAUTA, Yanar-gizo da sauran hanyoyin sadarwa Wa nan Area Nzanewa o Lamo Area Nzanewa baqaqen ya dogara ne akan LDAP, Sabis na Adireshin, ko a cikin Microsoft LSASS, ko a cikin Active Directory, ko ta Kerberos?, kawai don ambaci kaɗan.

Kyakkyawan tambaya da yakamata kowa ya nemi amsoshinsa. Ina gayyatarku don bincika kalmar «Tantance kalmar sirri»A Wikipedia a Turanci, wanda shine mafi cikakken tsari da daidaito dangane da asalin abun ciki -a Turanci-.

Dangane da Tarihi tuni kamar, na farko shine Gasktawa y Izini gida, bayan NIS Tsarin Bayanan Sadarwa ci gaba ta Sun Microsystem kuma kuma aka sani da yellow Pages o ypsannan LDAP Rukunin Jagoran Bayanan Jagora.

Me game daAmintaccen Tsaro»Yana zuwa saboda sau dayawa muna damuwa da tsaron gidan yanar sadarwar mu, yayin da muke shiga Facebook, Gmail, Yahoo, da sauransu - dan ambaton wasu kadan- kuma mun basu Sirrin mu a ciki. Kuma kalli adadi mai yawa da rubuce rubuce game da Babu Sirri akan Intanet sun wanzu

Lura akan CentOS da Debian

CentOS / Red Hat da Debian suna da nasu falsafar kan yadda za a aiwatar da tsaro, wanda ba shi da bambanci daban-daban. Koyaya, mun tabbatar cewa duka biyun suna da karko, aminci da aminci. Misali, a cikin CentOS an kunna mahallin SELinux ta tsohuwa. A cikin Debian dole ne mu shigar da kunshin selinux-kayan yau da kullun, wanda ke nuna cewa zamu iya amfani da SELinux.

A cikin CentOS, FreeBSD, da sauran tsarin aiki, an kirkiro -system-group dabaran don ba da damar shiga kamar tushen kawai ga masu amfani da tsarin ƙungiyar. Karanta /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.htmlda kuma /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. Debian ba ta haɗa ƙungiya ba dabaran.

Babban fayiloli da umarni

Archives

Babban fayilolin da suka danganci sarrafa masu amfani na gida a cikin tsarin aiki na Linux sune:

CentOS da Debian

• / sauransu / passwd: bayanin asusun mai amfani.
• / sauransu / inuwa- Bayanin tsaro na asusun mai amfani.
• / sauransu / rukuni: bayanin asusun kungiyar.
• / sauransu / gshadow- Bayanin tsaro don asusun kungiyar.
• / sauransu / tsoho / useradd: tsoffin dabi'u don ƙirƙirar asusun.
• / sauransu / skel /: kundin adireshi wanda ya ƙunshi fayilolin tsoho waɗanda za a haɗa su a cikin HOME directory na sabon mai amfani.
• /etc/login.defs- Tsarin daidaitaccen tsarin tsaro.

Debian

• /etc/adduser.conf: tsoffin dabi'u don ƙirƙirar asusun.

Umarni akan CentOS da Debian

[tushen @ Linuxbox ~] # sarbaz -h # Sabunta kalmomin shiga a yanayin tsari
Yanayin amfani: chpasswd [Zaɓuɓɓuka] Zaɓuɓɓuka: -c, - crypt-hanya METHOD hanyar crypt (ɗayan BA KASAN DES MD5 SHA256 SHA512) -e, - ɓoyayyun kalmomin da aka bayar suna ɓoye -h, - taimako ya nuna wannan Taimakawa da sauri da kuma kare -m, --md5 ya sanya kalmar sirri a sarari ta amfani da MD5 algorithm -R, --root CHROOT_DIR directory zuwa chroot cikin -s, --sha-zagaye na SHA zagaye na SHA algorithms * # tsari- Kashe umarni lokacin da tsarin tsarin ya bada damar. A wasu kalmomin # lokacin da matsakaicin nauyi ya faɗi ƙasa da 0.8 ko ƙimar da aka ƙayyade ta kiran # umurnin atd. Informationarin bayani mutum tsari.

[tushen @ Linuxbox ~] # syewaz -h # Bayyana masu gudanarwa a cikin / sauransu / rukuni da / sauransu / gshadow
Yadda ake amfani da shi: gpasswd [zaɓuɓɓuka] Zaɓuɓɓukan GROUP: -a, --add USER yana ƙara USER zuwa GROUP -d, - share USER yana cire USER daga GROUP -h, --help yana nuna wannan saƙon taimako kuma ya ƙare -Q, - -root CHROOT_DIR directory to chroot into -r, --delete-password cire kalmar GROUP -R, - takura takunkumi ga GROUP ga mambobinta -M, --member USER, ... saita jerin membobin GROUP -A, --administrators ADMIN, ... ya tsara jerin masu gudanar da GROUP Banda na zabukan-da -M, zabin ba za'a iya hada shi ba.

[tushen @ Linuxbox ~] # rukuni -h    # Createirƙiri sabon rukuni
Yadda ake amfani da shi: groupadd [options] Zaɓuɓɓuka na GROUP: -f, - terminarfafa idan ƙungiya ta kasance, kuma a soke -g idan GID ya riga ya fara aiki -g, --GID ya yi amfani da GID don sabon rukuni - h, -help yana nuna wannan sakon taimakon kuma ya kare -K, --keyKI = KYAUTA ya sake rubuta tsoffin dabi'u na "/etc/login.defs" -o, -nda ba shi da damar kirkirar kungiyoyi tare da GIDs (ba na musamman ba) ) duplicates -p, - kalmar wucewa PASSWORD yayi amfani da wannan kalmar sirri ta ɓoye don sabon rukuni -r, - tsarin ƙirƙirar asusun tsarin -R, --root CHROOT_DIR directory to chroot into

[tushen @ Linuxbox ~] # rukuni -h # Share kungiyar data kasance
Yadda ake amfani da shi: rukunin rukuni [zaɓuɓɓuka] Zaɓuɓɓukan GROUP: -h, - taimaka nuna wannan saƙon taimako kuma a dakatar da -R, --root CHROOT_DIR shugabanci zuwa chroot

[tushen @ Linuxbox ~] # kungiyoyin rukuni -h # Bayyana Masu Gudanarwa a rukunin farko na mai amfani
Yadda ake amfani da shi: ƙungiya-ƙungiya [zaɓuɓɓuka] [aiki] Zaɓuɓɓuka: -g, --gungun GROUP sun canza sunan rukuni maimakon ƙungiyar masu amfani (mai gudanarwa ne kawai zai iya yi) -R, --root CHROOT_DIR directory to chroot into Ayyuka: -a, --add USER yana ƙara AMFANI ga mambobin rukuni -d, - share USER yana cire USER daga jerin membobin rukunin -h, - taimako yana nuna wannan saƙon taimako kuma ya ƙare -p, - tsarkake dukkan membobin rukuni -l, - jerin sunayen mambobin kungiyar

[tushen @ Linuxbox ~] # rukuni -h # Gyara ma'anar kungiya
Yadda ake amfani da shi: groupmod [Zaɓuɓɓuka] Zaɓuɓɓukan GROUP: -g, --gid GID ya canza mai gano rukunin zuwa GID -h, --help yana nuna wannan saƙon taimako kuma ya ƙare -n, - sabon suna-NEW_Group ya canza suna wata NEW_GROUP -o, - ba mai ba da damar amfani da GID guda biyu (ba na musamman ba) -p, - kalmar wucewa PASSWORD yana canza kalmar shiga zuwa PASSWORD (rufaffen) -R, --root CHROOT_DIR shugabanci zuwa chroot zuwa

[tushen @ Linuxbox ~] # tsakar gida -h # Bincika amincin fayil ɗin rukuni
Yadda ake amfani da shi: grpck [zaɓuɓɓuka] [rukuni [gshadow]] Zaɓuɓɓuka: -h, --taimaka nuna wannan saƙon taimako da fita -r, - kurakuran nuni kawai da kuma faɗakarwa amma ba canza fayiloli -R, - -root CHROOT_DIR shugabanci zuwa chroot cikin -s, - raba jerin shigar ta UID

[tushen @ Linuxbox ~] # sabarini
# Dokokin hadewa: pwconv, damunconv, grpconv, grpunconv
# An yi amfani dashi don sauyawa zuwa da kuma daga inuwar kalmomin shiga da kungiyoyi
# Dokokin guda huɗu suna aiki akan fayiloli / sauransu / passwd, / sauransu / rukuni, / sauransu / inuwa, 
# da / sauransu / gshadow. Don ƙarin bayani mutum grpconv.

[tushen @ Linuxbox ~] # sg -h # Kashe umarni tare da ID na rukuni daban ko GID
Yadda ake amfani da: sg group [[-c] oda]

[tushen @ Linuxbox ~] # sabon -h # Canza GID na yanzu yayin shiga
Yadda ake amfani da shi: newgrp [-] [group]

[tushen @ Linuxbox ~] # sababbin shiga -h # Sabuntawa da kirkirar sabbin masu amfani a yanayin tsari
Yanayin amfani: sabbin shiga [za optionsu] ]uka] ƙirƙirar asusun tsarin -R, --root CHROOT_DIR shugabanci zuwa chroot cikin -s, - -sha-zagaye na SHA zagaye don SHA algorithms *

[tushen @ Linuxbox ~] # pwck -h # Binciki amincin fayilolin kalmar sirri
Yadda ake amfani da shi: pwck [zaɓuɓɓuka] [passwd [inuwa]] Zaɓuɓɓuka: -h, --taimaka nuna wannan saƙon taimako da fita -q, - Kuskuren rahoton rahoton kawai -r, - kurakuran nuni kawai amma kar a canza fayiloli -R, --root CHROOT_DIR shugabanci zuwa chroot cikin -s, - raba irin shigarwar da UID yayi

[tushen @ Linuxbox ~] # sardawan -h # Createirƙiri sabon mai amfani ko sabunta tsoffin bayanan # sabon mai amfani
Yadda ake amfani da shi: useradd [zaɓuɓɓuka] USER useradd -D useradd -D [zaɓuɓɓuka] Zaɓuɓɓuka: -b, --base-dir BAS_DIR directory directory na kundin adireshin gida na sabon asusu -c, --comment COMMENT GECOS filin na sabon asusu -d, -home-dir PERSONAL_DIR sabon kundin adireshi na gida -D, --daidaitattu suna bugawa ko canza saitin tsoho na useradd -e, --haka wuce EXPIRY_DATE sabon ranar karewa da asusu -f, - mara aiki INACTIVE lokacin rashin aiki na kalmar sirri na sabon asusu
rukuni
  -g, --gid sunan GROUP ko mai gano rukunin farko na sabon asusu -G, --gungiyoyin GROUPS jerin karin kungiyoyin sabon asusu -h, - taimako ya nuna wannan sakon taimakon kuma ya kare -k, - skel DIR_SKEL yayi amfani da wannan madadin "kwarangwal" directory -K, --keyKI = KYAUTA = VALUE ya sake rubuta tsoffin dabi'u na "/etc/login.defs" -l, - babu-log-init bai kara mai amfani da bayanan ba daga lastlog da faillog -m, -re-gida yana kirkirar adireshin gida na mai amfani -M, - babu-kirkirar-gida baya kirkirar kundin adireshi na mai amfani -N, - babu-mai amfani-rukuni baya kirkirar rukuni da suna iri ɗaya kamar mai amfani -o, - ba shi da banbanci don ba da damar ƙirƙirar masu amfani tare da maɓallan (UIDs) -p, - kalmar wucewa ta PASSWORD kalmar sirri ta sabon asusu -r, - tsarin yana ƙirƙirar asusun system -R, --root CHROOT_DIR directory to chroot into -s, --shell CONSOLE access console na sabon asusu -u, --uid UID mai gano mai amfani da sabon asusu -U, -user-group ƙirƙirirukuni mai suna iri ɗaya da mai amfani -Z, --selinux-mai amfani USER_SE yana amfani da takamaiman mai amfani don mai amfani na SELinux

[tushen @ Linuxbox ~] # Mai amfani -h # Share asusun mai amfani da fayiloli masu dangantaka
Yanayin amfani: mai amfani [zaɓuɓɓuka] Zaɓuɓɓukan mai AMFANI: -f, - tilasta wasu ayyukan da zasu kasa in ba haka ba misali cire mai amfani har yanzu ya shiga ko fayiloli, koda kuwa ba mallakar mai amfani ba -h, --help yana nuna wannan saƙon Taimako da gama -r, - cire cire adireshin gida da akwatin gidan waya -R, --root CHROOT_DIR shugabanci zuwa chroot cikin -Z, - mai amfani-Linux cire duk wani taswirar mai amfani na SELinux ga mai amfani

[tushen @ Linuxbox ~] # manzamana -h # Gyara asusun mai amfani
Yadda ake amfani da shi: usermod [zaɓuɓɓuka] Zaɓuɓɓukan AMFANI: -c, - comment COMMENT sabon ƙimar filin GECOS -d, --home PERSONAL_DIR sabon kundin adireshin gida na sabon mai amfani -e, --expiredate EXPIR_DATE ya sanya ranar karewar asusu zuwa EXPIRED_DATE -f, - ba shi da amfani INACTIVE yana sanya lokacin aiki bayan asusu ya kare zuwa INACTIVE -g, --Ginin GROUP ya yi amfani da GROUP don sabon asusun mai amfani -G, -gwambobin rukunin GROUPS na groupsarin ƙungiyoyi -a, --kaɗa mai amfani ga GRarin GROUPS da aka ambata ta zaɓin -G ba tare da cire shi daga wasu rukunin ba -h, - taimaka nuna wannan saƙon taimako kuma a daina -l, --login suna sake suna don mai amfani -L, - kulle makullan asusun mai amfani -m, - -kaura-gida matsar da abinda ke ciki na kundin adireshin gida zuwa sabon kundin adireshi (amfani kawai a tare da -d) -o, -na ba da izinin amfani Kwafin (ba na musamman ba) UIDs -p, - kalmar wucewa PASSWORD yayi amfani da kalmar sirri da aka rufa don sabon asusu -R, --root CHR OOT_DIR directory zuwa chroot into -s, --shell CONSOLE sabon na'ura mai ba da damar shiga don asusun mai amfani -u, --Uid ya tilasta amfani da UID na UID don sabon asusun mai amfani -U, - buɗe buɗa asusun mai amfani -Z, --selinux-mai amfani SEUSER sabon taswirar mai amfani na SELinux don asusun mai amfani

Umarni a cikin Debian

Debian ya bambanta tsakanin sardawan y adduser. Ya bada shawarar cewa Masu Gudanar da Tsarin amfani adduser.

tushen @ sysadmin: / gida / xeon # adduser -h # Addara mai amfani a cikin tsarin
tushen @ sysadmin: / gida / xeon # Ƙungiya -h # Addara ƙungiya zuwa tsarin
adduser [--home DIRECTORY] [- Shell SHELL] [--no-create-home] [--uid ID] [--firstuid ID] [--lastuid ID] [--gecos GECOS] [--wasanni GROUP | --gid ID] [--disabled-password] [--disabled-login] USER ERara adduser mai amfani na al'ada - tsarin [--home DIRECTORY] [--shell SHELL] [--no-create-home] [ --uid ID] [--gecos GECOS] [--gungun | - rukunin Rukuni | --gid ID] [--disabled-password] [--disabled-login] USER Addara adduser mai amfani na tsarin --group [--gid ID] GROUP addgroup [--gid ID] GROUP Addara rukunin mai amfani addgroup --system [--gid ID] GROUP Add a system group adduser GROUP USER Addara mai amfani mai amfani zuwa babban zaɓuɓɓukan rukunin da ke akwai: --quiet | -q kar a nuna bayanan aikin akan daidaitaccen fitarwa - karfi-badname ya ba da damar sunayen mai amfani wanda bai dace da canjin sanyi ba __HAMMAR_Hausa | -h sakon amfani - juyawa | -v sigar lamba da haƙƙin mallaka --conf | -c FILE yayi amfani da FILE azaman fayil ɗin daidaitawa

tushen @ sysadmin: / gida / xeon # deluser -h # Cire mai amfani na al'ada daga tsarin
tushen @ sysadmin: / gida / xeon # rukuni -h # Cire rukuni na al'ada daga tsarin
deluser USER ya cire mai amfani na yau da kullun daga tsarin misali: deluser miguel --remove-gida yana cire kundin adireshin gidan mai amfani da layin wasiku. -remove-all-files yana cire duk fayiloli mallakar mai amfani. --backup yana ajiye fayiloli kafin sharewa. - sake dawowa-zuwa Littafin jagora don ajiyar waje Ana amfani da kundin adireshi na yanzu ta tsohuwa. --system kawai zai cire idan kun kasance mai amfani da tsarin. delgroup GROUP deluser --group GROUP ya cire rukuni daga tsarin tsari: ɗalibai - ƙungiyar ɗalibai - tsarin cire kawai idan ƙungiya ce daga tsarin. - kawai-idan-fanko cire kawai idan basu da sauran mambobi. deluser USER GROUP ya cire mai amfani daga misalin rukuni: ɗaliban ɗaliban ɗamarar miguel zaɓuɓɓuka na gaba ɗaya: --wuya | -q kar a ba da bayanan aiwatarwa kan stdout --help | -h sakon amfani - juyawa | -v sigar lamba da haƙƙin mallaka --conf | -c FILE yayi amfani da FILE azaman fayil ɗin daidaitawa

Manufofin

Akwai manufofi iri biyu waɗanda dole ne muyi la'akari dasu yayin ƙirƙirar asusun masu amfani:

• Dokokin Asusun Mai amfani
• Manufofin tsufa kalmar sirri

Dokokin Asusun Mai amfani

A aikace, mahimman abubuwan da ke gano asusun mai amfani sune:

• Sunan asusun mai amfani - mai amfani SHIGA, ba sunaye da sunaye ba.
• Id mai amfani - UID.
• Babban rukuni wanda yake nasa - GIDON.
• Kalmar wucewa - password.
• Izinin shiga izinin izini.

Babban abubuwan da za'ayi la'akari dasu yayin ƙirƙirar asusun mai amfani sune:

• Tsawon lokacin da mai amfani zai sami dama ga tsarin fayil da albarkatu.
• Yawan lokacin da dole ne mai amfani ya canza kalmar sirri - lokaci-lokaci - saboda dalilai na tsaro.
• Yawan lokacin da login -login- zai ci gaba da aiki.

Bugu da ƙari, yayin sanya mai amfani nasa UID y password, dole ne muyi la'akari da cewa:

• Inteimar lamba UID dole ne ya zama na musamman ne ba mara kyau ba.
• El password dole ne ya kasance yana da isasshen tsayi da sarkakiya, don haka yana da wahalar ganewa.

Manufofin tsufa

A kan tsarin Linux, da password na mai amfani ba'a sanya lokacin ƙarewar tsoho ba. Idan muka yi amfani da manufofin tsufa na kalmar sirri, za mu iya canza halin ɗabi'a kuma lokacin ƙirƙirar masu amfani, za a yi la'akari da manufofin da aka ayyana.

A aikace, akwai dalilai biyu da za a yi la’akari da su yayin saita shekarun kalmar sirri:

• Tsaro
• Saukaka mai amfani.

Kalmar sirri ta fi aminci ga mafi ƙarancin lokacin ƙarewar sa. Akwai ƙananan haɗarin yin hakan zuwa wasu masu amfani.

Don kafa manufofin tsufa kalmar sirri, zamu iya amfani da umarnin chaji:

[tushen @ linuxbox ~] # chage
Yanayin amfani: chage [zaɓuɓɓuka] AMFANIN Zaɓuɓɓuka: -d, --last LAST_DAY ya saita ranar canjin kalmar wucewa ta ƙarshe zuwa LAST_DAY -E, wannan sakon taimakon kuma ya kare -I, - BATSA rashin aiki sai ta katse asusun bayan kwana INACTIVE daga ranar karewa -l, - jerin suna nuna shekarun bayanan asusun -m, --wasu-MATA MINDAYS ke sanya lamba mafi karancin kwanaki kafin canza kalmar shiga zuwa MIN_DAYS -M, -maxdays MAX_DAYS tana saita matsakaicin adadin kwanaki kafin canza kalmar shiga zuwa MAX_DAYS -R, --root CHROOT_DIR shugabanci zuwa chroot zuwa -W, --nance gargadin WARNING_DAYS ke saita kwanakin sanarwar karewa zuwa DAYS_NOTICE

A cikin labarin da ya gabata mun ƙirƙiri masu amfani da yawa azaman misali. Idan muna son sanin ƙimar shekarun asusun mai amfani da SHIGA galadriel:

[tushen @ linuxbox ~] # chage - jerin galadriel
Canjin kalmar wucewa ta ƙarshe: Apr 21, 2017 Kalmar wucewa ta ƙare: ba kalmar wucewa mai aiki ba: ba Asusun ya ƙare: ba Minaramin adadin kwanaki tsakanin canjin kalmar shiga: 0 Adadin kwanakin da suka wuce tsakanin canjin kalmar shiga: 99999 Yawan kwanakin sanarwa kafin kalmar wucewa ta kare: 7

Waɗannan su ne tsoffin ƙimomin da tsarin ke da su lokacin da muka ƙirƙiri asusun mai amfani ta amfani da mai amfani a cikin tsarin gudanarwa "Masu amfani da ƙungiyoyi":

Don canza tsoffin tsoffin lambobin sirri, ana ba da shawarar gyara fayil ɗin /etc/login.defs y gyara mafi karancin kimar da muke bukata. A cikin wannan fayil ɗin za mu canza ƙimar masu zuwa ne kawai:

# Ikon sarrafa kalmomin tsufa: # # PASS_MAX_DAYS Ana iya amfani da mafi yawan kwanaki na kalmar sirri. # PASS_MIN_DAYS Mafi qarancin adadin ranakun da aka yarda tsakanin canje-canje kalmomin shiga. # PASS_MIN_LEN Mafi karancin tsayin kalmar shiga. # PASS_WARN_AGE Adadin kwanakin da aka bayar kafin kalmar wucewa ta kare. # PASS_MAX_DAYS 99999 #! Fiye da shekaru 273! PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7

ga ƙimomin da muka zaɓa gwargwadon ƙa'idodinmu da buƙatunmu:

PASS_MAX_DAYS 42 # 42 ci gaba kwanaki zaka iya amfani da password
PASS_MIN_DAYS 0 # za a iya canza kalmar sirri a kowane lokaci PASS_MIN_LEN 8 # mafi karancin tsawon kalmar wucewa PASS_WARN_AGE 7 # Yawan kwanakin da tsarin ke yi maka gargadi kan # canza kalmar wucewa kafin ta kare.

Mun bar sauran fayil ɗin kamar yadda yake kuma muna ba da shawarar kada a canza wasu sigogi har sai mun san abin da muke yi sosai.

Sabbin dabi'u za'a yi la'akari dasu lokacin da muka kirkiri sabbin masu amfani. Idan muka canza kalmar sirri na mai amfani da aka riga aka ƙirƙira, za a girmama darajar ƙaramar kalmar wucewa. Idan mukayi amfani da umarnin passwd maimakon amfani mai zane kuma mun rubuta cewa kalmar sirri zata kasance «Tsakar Gida 17«, Tsarin yana gunaguni kamar kayan aikin hoto« Masu amfani da ƙungiyoyi »kuma yana ba da amsar cewa«Ko ta yaya kalmar sirri ta karanta sunan mai amfani»Duk da cewa a karshen na yarda da wannan kalmar sirri mara karfi.

[tushen @ linuxbox ~] # passwd legolas
Canza kalmar sirri na mai amfani legolas. Sabuwar Kalmar wucewa: mai tsaron gida               # kasa da haruffa 7
KYAUTA MAGANAR: Kalmar wucewa kasa da haruffa 8 Sake rubuta sabuwar kalmar sirri: Tsakar Gida 17
Kalmomin shiga basu daidaita ba.               # Daidaici daidai?
Sabuwar kalmar sirri: Tsakar Gida 17
KYAUTA MAGANAR: Ko ta yaya kalmar sirri ta karanta sunan mai amfani Sake rubuta sabuwar kalmar sirri: Tsakar Gida 17
passwd: duk alamun tabbatarwa sun sabunta cikin nasara.

Muna jawo “rauni” na bayyana kalmar sirri wanda ya haɗa da SHIGA mai amfani Wannan aikin ba shi da kyau. Hanyar daidai zata kasance:

[tushen @ linuxbox ~] # passwd legolas
Canza kalmar sirri na mai amfani legolas. Sabuwar Kalmar wucewa: Tsamiya01
Sake rubuta sabuwar kalmar sirri: Tsamiya01
passwd: duk alamun tabbatarwa sun sabunta cikin nasara.

Don canza ƙimar ƙarewar password de galadriel, muna amfani da umarnin chage, kuma dole ne kawai mu canza ƙimar WATA RASU_MAX_DAYS daga 99999 zuwa 42:

[tushen @ linuxbox ~] # chage -M 42 galadriel
[tushen @ linuxbox ~] # chage -l galadriel
Canjin kalmar wucewa ta ƙarshe: Apr 21, 2017 Kalmar wucewa ta ƙare: Jun 02, 2017 Kalmar wucewa mara aiki: ba Asusun ƙare ba: ba Minarancin kwanaki tsakanin musayar kalmar sirri: 0 Adadin kwanakin da suka wuce tsakanin canjin kalmar sirri: 42
Adadin kwanakin sanarwa kafin kalmar wucewa ta kare: 7

Sabili da haka, zamu iya canza kalmomin shiga na masu amfani waɗanda aka riga aka ƙirƙira da ƙimar ƙarewar su da hannu, ta amfani da kayan aikin zane-zane «Masu amfani da ƙungiyoyi», ko amfani da rubutun - script wannan yana sarrafa wasu daga cikin ayyukan da ba ma'amala ba.

• Ta wannan hanyar, idan muka ƙirƙiri masu amfani da tsarin a cikin hanyar da ba a ba da shawarar ta hanyar abubuwan da suka fi dacewa game da tsaro, za mu iya canza wannan ɗabi'ar kafin ci gaba da aiwatar da ƙarin sabis-sabis na PAM..

Idan muka kirkiro mai amfani kuma con SHIGA «kuma»Da kalmar wucewa«Yarjejeniyar»Zamu sami sakamako mai zuwa:

[tushen @ linuxbox ~] # useradd anduin
[tushen @ Linuxbox ~] # passwd anduin
Canza kalmar wucewa ta mai amfani anduin. Sabuwar Kalmar wucewa: Yarjejeniyar
KYAUTA MAGANAR: Kalmar wucewa ba ta wuce tabbacin ƙamus - Ya dogara da kalma a cikin ƙamus. Sake rubuta sabuwar kalmar sirri: Yarjejeniyar
passwd - Duk alamun tabbatarwa an sabunta su cikin nasara.

A takaice dai, tsarin kere-kere ne don nuna kasawar kalmar sirri.

[tushen @ Linuxbox ~] # passwd anduin
Canza kalmar wucewa ta mai amfani anduin. Sabuwar Kalmar wucewa: Tsamiya02
Sake rubuta sabuwar kalmar sirri: Tsamiya02
passwd - Duk alamun tabbatarwa an sabunta su cikin nasara.

Takaita Manufofin

• Ya bayyana sarai cewa tsarin rikitarwa na kalmar sirri, gami da mafi karancin tsawon haruffa 5, ana kunna shi ta tsoho a cikin CentOS. A kan Debian, binciken rikitarwa yana aiki ne ga masu amfani na yau da kullun lokacin da suke ƙoƙarin canza kalmar sirri ta kiran kiran umarni passwd. Ga mai amfani tushen, babu iyakancewar iyaka.
• Yana da mahimmanci a san zaɓuɓɓuka daban-daban waɗanda za mu iya bayyana a cikin fayil ɗin /etc/login.defs ta amfani da umarnin mutum shiga.defs.
• Hakanan, bincika abubuwan cikin fayilolin / sauransu / tsoho / useradd, kuma a cikin Debian /etc/adduser.conf.

Masu amfani da tsarin da Kungiyoyi

A yayin shigar da tsarin aiki, ana kirkirar dukkan jerin masu amfani da kungiyoyi wanda, adabi daya ya kira Masu Amfani da wani kuma Masu Amfani da System. Mun fi so mu kira su Masu Amfani da Kungiyoyi.

A matsayinka na mai mulki, masu amfani da tsarin suna da UID <1000 kuma ana amfani da asusunku ta aikace-aikace daban-daban na tsarin aiki. Misali, asusun mai amfani «squid»Shirin Squid ne ke amfani dashi, yayin da ake amfani da asusun« lp »don aikin bugawa daga kalmomi ko editocin rubutu.

Idan muna son jera waɗancan masu amfani da rukunin, za mu iya yin hakan ta amfani da umarnin:

[tushen @ Linuxbox ~] # cat / sauransu / passwd
[tushen @ linuxbox ~] # cat / sauransu / rukuni

Ba a ba da shawarar komai ba don sauya masu amfani da rukunin tsarin. 😉

Saboda mahimmancin sa, muna maimaita hakan a cikin CentOS, FreeBSD, da sauran tsarin aiki, an kirkiro -system-group dabaran don ba da damar shiga kamar tushen kawai ga masu amfani da tsarin ƙungiyar. Karanta /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.htmlda kuma /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. Debian ba ta haɗa ƙungiya ba dabaran.

Gudanar da asusun mai amfani da asusun rukuni

Hanya mafi kyau don koyon yadda ake sarrafa mai amfani da asusun rukuni shine:

• Ana aiwatar da amfani da umarnin da aka lissafa a sama, zai fi dacewa a cikin na'ura mai kama da ita kuma kafin don amfani da kayan aikin zane.
• Duba littattafan ko shafukan mutane kowane umarni kafin neman duk wani bayani akan Intanet.

Yin aiki shine mafi kyawun ma'aunin gaskiya.

Tsaya

Ya zuwa yanzu, kasida ɗaya tak da aka keɓe don Mai amfani da Gida da Gudanar da Rukuni bai isa ba. Matsayin ilimin da kowane mai gudanarwa zai samu zai dogara ne da sha'awar mutum na koyo da zurfafawa game da wannan da sauran batutuwa masu alaƙa. Daidai ne da duk fannonin da muka haɓaka a cikin jerin labaran Sadarwar SME. Hakanan zaku iya jin daɗin wannan sigar a cikin pdf nan

Isarwa na gaba

Zamu ci gaba da aiwatar da ayyuka tare da tantancewa akan masu amfani da gida. Sannan zamu girka sabis na aika saƙon kai tsaye dangane da shirin Wadatarwa.

Sai anjima!