Kuwongolera ogwiritsa ntchito akumagulu ndi magulu - ma netiweki a SME

Chizindikiro chonse cha mndandanda: Ma Network Networks a ma SME: Mau Oyamba

Moni abwenzi ndi abwenzi!

Nkhaniyi ndiyopitilira Kutsimikizika kwa squid + PAM mu CentOS 7- Networks SMB.

Machitidwe opangira UNIX / Linux amapereka malo enieni ogwiritsa ntchito, momwe ogwiritsa ntchito ambiri amatha kugwira ntchito nthawi yomweyo ndikugawana zinthu monga ma processor, ma hard drive, memory, ma polumikizira ma network, zida zolowetsedwa m'dongosolo, ndi zina zambiri.

Pachifukwa ichi, Ma Administrator amakakamizidwa kuti azisamalira mosalekeza ogwiritsa ntchito ndi magulu a dongosololi ndikupanga ndi kukhazikitsa njira yoyendetsera bwino.

Chotsatira tiwona mwachidule mbali zonse za ntchito yofunikayi mu Linux Systems Administration.

Nthawi zina zimakhala bwino kupereka Utility kenako Kufunikira.

Ichi ndi chitsanzo cha dongosololi. Choyamba timasonyeza momwe mungagwiritsire ntchito Proxy service ndi squid ndi ogwiritsa ntchito akumaloko. Tsopano tiyenera kudzifunsa kuti:

• ¿ndingagwiritse ntchito bwanji ma netiweki pa LAN ya UNIX / Linux kuchokera kwa ogwiritsa ntchito kwanuko ndi chitetezo chovomerezeka?.

Zilibe kanthu kuti, kuwonjezera apo, makasitomala a Windows amalumikizidwa ndi netiweki iyi. Chofunikira chokha chomwe ma SME Network amafunikira ndi njira yiti yosavuta komanso yotsika mtengo yochitira izi.

• ¿Mwina makina ovomerezeka pakubadwa kwa ARPANET, Internet ndi maukonde ena Wpano Area Network o Lkuwala Area Network zoyambira zinali kutengera LDAP, Service Directory, kapena mkati Microsoft LSASS, kapena mkati Active Directory, kapena mwa Kerberos?, kungotchulapo zochepa.

Funso labwino lomwe aliyense ayenera kupeza mayankho ake. Ndikukupemphani kuti mufufuze mawu akuti «kutsimikiziridwa»Pa Wikipedia mu Chingerezi, chomwe ndi chokwanira kwambiri komanso chofananira malinga ndi zoyambirira - mchingerezi-.

Malinga ndi Mbiri kale kulankhula mwachidule, choyamba chinali Kutsimikizika y Kuvomerezeka wamba, pambuyo NIS Njira Yazidziwitso Zapaintaneti Yopangidwa ndi Sun Microsystem komanso yotchedwa Masamba a Yellow o ypkenako LDAP Pulogalamu Yowonjezera.

Nanga bwanji «Chitetezo Chovomerezeka»Zimabwera chifukwa nthawi zambiri timada nkhawa ndi chitetezo cha netiweki yathu, pomwe timatha kulowa pa Facebook, Gmail, Yahoo, ndi zina zambiri. Ndipo yang'anani kuchuluka kwa zolemba ndi zolemba zomwe zokhudzana ndi Palibe Chinsinsi pa intaneti zilipo

Dziwani pa CentOS ndi Debian

CentOS / Red Hat ndi Debian ali ndi malingaliro awo momwe angakhazikitsire chitetezo, chomwe sichosiyana kwenikweni. Komabe, tikutsimikizira kuti onse ndi okhazikika, otetezeka komanso odalirika. Mwachitsanzo, mu CentOS nkhani ya SELinux imathandizidwa mwachisawawa. Mu Debian tiyenera kukhazikitsa phukusi selinux-zoyambira, zomwe zikuwonetsa kuti titha kugwiritsanso ntchito SELinux.

Mu CentOS, FreeBSD, ndi machitidwe ena, gulu la -system limapangidwa gudumu kulola kufikira monga muzu okhawo ogwiritsa ntchito makina omwe ali mgululi. Werengani /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.htmlndi /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. Debian sakuphatikiza gulu gudumu.

Mafayilo akulu ndi malamulo

Zosungidwa zakale

Mafayilo akuluakulu okhudzana ndi kuwongolera ogwiritsa ntchito mdera la Linux ndi awa:

CentOS ndi Debian

• / etc / passwd: zambiri zaakaunti ya wogwiritsa ntchito.
• / etc / mthunzi- Zambiri zachitetezo cha akaunti.
• / etc / gulu: zambiri zamaakaunti.
• / etc / gshadow- Zidziwitso zachitetezo pamaakaunti a gulu.
• / etc / default / useradd: mfundo zosasinthika pakupanga akaunti.
• / etc / skel /: chikwatu chomwe chili ndi mafayilo osasintha omwe aphatikizidwa m'ndandanda wa HOME wa wogwiritsa ntchito watsopano.
• /etc/login.defs- Chotsatira chachitetezo chachinsinsi.

Debian

• /etc/adduser.conf: mfundo zosasinthika pakupanga akaunti.

Malamulo pa CentOS ndi Debian

[miz @ linuxbox ~] # kufalitsa -h # Sinthani mapasiwedi mu batch mode
Njira yogwiritsira ntchito: chpasswd [zosankha] Zosankha: -c, -crypt-njira METHOD njira ya crypt (imodzi mwa NONE DES MD5 SHA256 SHA512) -e, -yosunga mawu achinsinsi omwe aperekedwa amalembedwa -h, --help ikuwonetsa thandizo ili mwamsanga ndi kutha -m, --md5 imasunga mawu achinsinsi momveka bwino pogwiritsa ntchito MD5 algorithm -R, --root CHROOT_DIR chikwatu chroot mu -s, --sha-rounds nambala ya SHA yozungulira ma SHA encryption algorithms * # batch- Chitani malamulo pomwe dongosolo limalola. Mwa kuyankhula kwina # pamene katundu wambiri amagwera pansi pa 0.8 kapena mtengo womwe watchulidwa mukamapanga # the atd command. Zambiri batch yamunthu.

[miz @ linuxbox ~] # magwire -h # Lengezani Oyang'anira mu / etc / group ndi / etc / gshadow
Momwe mungagwiritsire ntchito: gpasswd [zosankha] GROUP Zosankha: -a, -dd USER akuwonjezera USER ku GROUP -d, -delete USER amachotsa USER ku GROUP -h, --help akuwonetsa uthenga wothandizirawu ndikutha -Q, - - muzu CHROOT_DIR chikwatu chroot mu -r, -delete-password chotsani achinsinsi a GROUP -R, --restrict amaletsa mwayi wopeza GROUP kwa mamembala ake -M, --members USER, ... akhazikitsa mndandanda wa mamembala a GROUP - A, --Administrators ADMIN, ... akhazikitsa mndandanda wa oyang'anira GROUP Kupatula pa -A ndi -M zosankha, zosankhazo sizingaphatikizidwe.

[miz @ linuxbox ~] # gulu -h    # Pangani gulu latsopano
Momwe mungagwiritsire ntchito: groupadd [zosankha] GROUP Zosankha: -f, --force terminate ngati gulu lilipo kale, ndikuletsa -g ngati GID ikugwiritsidwa kale ntchito -g, --gid GID gwiritsani GID pagulu latsopano - h, - kuthandizira kuwonetsa uthengawu ndikumaliza -K, --key KEY = VALUE imalembetsa zofunikira za "/etc/login.defs" -o, --non-unique zimakupatsani mwayi wopanga magulu ndi ma GID (osati osiyana) zobwereza -p, - mawu achinsinsi PASSWORD gwiritsani ntchito mawu achinsinsi awa pagulu latsopanoli -r, - dongosolo limapanga akaunti -R, --root CHROOT_DIR chikwatu cholowera

[miz @ linuxbox ~] # gulu -h # Chotsani gulu lomwe lilipo
Momwe mungagwiritsire ntchito: groupdel [zosankha] GROUP Zosankha: -h, --help onetsani uthenga wothandizirowu ndikutsirizitsa -R, --root CHROOT_DIR chikwatu choti musunthike

[miz @ linuxbox ~] # gulu -h # Lengezani Oyang'anira pagulu loyambirira la wogwiritsa ntchito
Momwe mungagwiritsire ntchito: groupmems [zosankha] [zochita] Zosankha: -g, -group GROUP amasintha dzina la gululo m'malo mwa gulu la wogwiritsa ntchito (zitha kuchitidwa ndi woyang'anira) -R, --root CHROOT_DIR chikwatu kuti chroot into Actions: -a, --add USER akuwonjezera USER kwa mamembala am'magulu -d, --chotsani USER amachotsa USER pagulu la mamembala -h, --help akuwonetsa uthengawu ndikumaliza -p, - yeretsani mamembala onse - l, - mndandanda wa mamembala am'magulu

[miz @ linuxbox ~] # gulu -h # Sinthani tanthauzo la gulu
Momwe mungagwiritsire ntchito: groupmod [zosankha] GROUP Zosankha: -g, -gid GID imasinthira chizindikiritso cha gulu kukhala GID -h, --help ikuwonetsa uthenga wothandizirayi ndikutha -n, - dzina latsopano NEW_Group limasintha dzina NEW_GROUP - o, --non-unique amalola kugwiritsa ntchito chibwereza GID (osati chapadera) -p, - mawu achinsinsi PASSWORD amasintha mawu achinsinsi kukhala PASSWORD (encrypted) -R, --root CHROOT_DIR chikwatu cholowera

[miz @ linuxbox ~] # kugwedeza -h # Fufuzani kukhulupirika kwa fayilo yamagulu
Momwe mungagwiritsire ntchito: grpck [zosankha] [gulu [gshadow]] Zosankha: -h, --help onetsani uthengawu ndikutuluka -r, - zowonetsa zowerengera zolakwika ndi machenjezo koma osasintha mafayilo -R, - - muzu CHROOT_DIR chikwatu chroot mu -s, -sort zotengera za UID

[miz @ linuxbox ~] # alireza
# Malamulo ogwirizana: pwconv, pwunconv, grpconv, grpunconv
# Anagwiritsa ntchito kutembenukira kupita ndi kuchokera kuzithunzi zamithunzi ndi magulu
# Malamulo anayiwo amagwiritsidwa ntchito pamafayilo / etc / passwd, / etc / gulu, / etc / shadow, 
# ndi / etc / gshadow. Kuti mumve zambiri munthu grpconv.

[miz @ linuxbox ~] # sg -h # Pangani lamulo ndi ID yosiyana kapena GID
Momwe mungagwiritsire ntchito: gulu la sg [[-c] dongosolo]

[miz @ linuxbox ~] # chatsopano -h # Sinthani GID yapano pakulowa
Momwe mungagwiritsire ntchito: newgrp [-] [gulu]

[miz @ linuxbox ~] # atsopano -h # Sinthani ndikupanga ogwiritsa ntchito atsopano mu batch mode
Njira yogwiritsira ntchito: zatsopano [zosankha] Zosankha: -c, -crypt-method NJIRA ya crypt njira (imodzi mwa NONE DES MD5 SHA256 SHA512) -h, --help onetsani uthengawu ndikutuluka -r, -system create system maakaunti -R, -root CHROOT_DIR chikwatu chroot mu -s, --sha-rounds kuchuluka kwa SHA kuzungulira kwa ma SHA encryption algorithms *

[miz @ linuxbox ~] # pwck -h # Onetsetsani kukhulupirika kwa mafayilo achinsinsi
Momwe mungagwiritsire ntchito: pwck [zosankha] [passwd [mthunzi] Zosankha: -h, --help onetsani uthenga wothandizawu ndikutuluka -q, - lipoti lamtendere zolakwika zokha -r, - zowonetsa zowerengera zokha ndi machenjezo koma osasintha mafayilo -R, --root CHROOT_DIR chikwatu kuti chroot mu -s, --sort mtundu wazolemba za UID

[miz @ linuxbox ~] # chita -h # Pangani wosuta watsopano kapena sinthani zambiri # zosintha za wosuta watsopano
Momwe mungagwiritsire ntchito: useradd [zosankha] USER useradd -D useradd -D [zosankha] Zosankha: -b, --base-dir BAS_DIR chikwatu chazomwe chimayang'anira nyumba yakanema yatsopano -c, --comment COMMENT GECOS gawo la akaunti yatsopano -d, --home-dir PERSONAL_DIR chikwatu chakunyumba chatsopano -D, - zosintha zimasindikiza kapena kusintha zosintha za useradd -e, - zotha ntchito EXPIRY_DATE tsiku lotha kugwiritsa ntchito akaunti yatsopano -f, - osagwira ntchito INACTIVE nthawi yosagwira achinsinsi a akaunti yatsopano
gulu
  -g, -gid GROUP dzina kapena chizindikiritso cha gulu loyambirira la akaunti yatsopano -G, -magulu GROUPS mndandanda wamagulu owonjezera a akaunti yatsopano -h, --help akuwonetsa uthenga wothandizirawu ndikutha -k, - skel DIR_SKEL imagwiritsa ntchito chikwatu cha "mafupa" ena -K, --key KEY = VALUE imalembetsa zofunikira za "/etc/login.defs" -l, --no-log-init sikuwonjezera wogwiritsa ntchito nkhokwezo kuchokera ku lastlog ndi faillog -m, --create-home imapanga chikwatu chogwiritsa ntchito -M, --no-create-home sichipanga chikwatu cha ogwiritsa -N, --no-user-group sichimapanga gulu lomwe lili ndi dzina lofanana ndi wosuta -o, --non-kipekee limalola opanga kugwiritsa ntchito zofananira (zosadziwika) ma ID (UIDs) -p, - mawu achinsinsi a PASSWORD achinsinsi a akaunti yatsopano -r, - dongosolo limapanga akaunti ya makina -R, --root CHROOT_DIR chikwatu chroot mu -s, --shell CONSOLE mwayi wopeza akaunti yatsopano -u, --uid wogwiritsa ntchito UID wa akaunti yatsopano -U, --user-group panganigulu lomwe lili ndi dzina lofanana ndi wosuta -Z, --selinux-userUSER_SE imagwiritsa ntchito wogwiritsa ntchito SELinux

[miz @ linuxbox ~] # magwiritsidwe -h # Chotsani akaunti ya wogwiritsa ntchito ndi mafayilo ofanana nawo
Njira yogwiritsira ntchito: userdel [zosankha] Zosankha za USER: -f, --force mphamvu zina zomwe zingalephereke mwachitsanzo kuchotsedwa kwa wogwiritsa ntchito amene adalowetsamo kapena mafayilo, ngakhale atakhala kuti alibe -h, --help akuwonetsa uthengawu Thandizo ndi kumaliza -r, - chotsani chikwatu chakunyumba ndi bokosi la makalata -R, --root CHROOT_DIR chikwatu chroot mu -Z, --selinux-wosuta chotsani mapu aliwonse ogwiritsa ntchito a SELinux

[miz @ linuxbox ~] # usermod -h # Sinthani akaunti yanu
Momwe mungagwiritsire ntchito: usermod [zosankha] Zosankha za USER: -c, --comment COMMENT mtengo watsopano wa gawo la GECOS -d, --home PERSONAL_DIR chikwatu chazatsopano cha watsopano -e, - Expiredate EXPIRED_DATE akhazikitsa tsiku lotha ntchito la akauntiyi mpaka EXPIRED_DATE -f, --inactive INACTIVE imakhazikitsa nthawi yopanda ntchito akaunti ikatha ku INACTIVE -g, --gid GROUP imagwiritsa ntchito GROUP pa akaunti yatsopano ya -G, - --Groups GROUPS mndandanda wamagulu owonjezera -a, - onjezerani wogwiritsa ntchito GROUPS zowonjezera zomwe zatchulidwa ndi -G posankha popanda kumuchotsa m'magulu ena -h, --help onetsani uthenga wothandizirowu ndikutha -l, - lembani dzina la NAME la wosuta -L, - logwirana ndi akaunti ya wogwiritsa -m, --move-home zosunthira zolemba zam'nyumba kupita ku chikwatu chatsopano (gwiritsani ntchito molumikizana ndi -d) -o, --non-kipekee zimalola kugwiritsa ntchito Zobwereza za UID (osati zapadera) -p, - -Password PASSWORD imagwiritsa ntchito mawu achinsinsi osungira akaunti yatsopano -R, -root CHR Chikwatu cha OOT_DIR chroot into -s, --shell CONSOLE chofikira chatsopano cha akaunti ya ogwiritsa -u, --uid UID amakakamiza kugwiritsa ntchito UID pa akaunti yatsopano ya ogwiritsa -U, - kutsegula kutsegula akaunti ya wogwiritsa -Z, --selinux-user SEUSER mapu atsopano ogwiritsa ntchito a SELinux aakaunti ya wogwiritsa ntchito

Malamulo mu Debian

Debian amasiyanitsa pakati chita y adduser. Tikukulimbikitsani kuti Oyang'anira Dongosolo agwiritse ntchito adduser.

mizu @ sysadmin: / nyumba / xeon # adduser -h # Onjezani wogwiritsa ntchito pulogalamuyi
mizu @ sysadmin: / nyumba / xeon # owonjezera -h # Onjezani gulu m'dongosolo
adduser [--home DIRECTORY] [--shell SHELL] [- osapanga nyumba] [--uid ID] [--firstuid ID] [--lastuid ID] [--gecos GECOS] [- gulu GULU | --gid ID] [- password-password] [--disabled-login] USER Onjezani adduser wamba --system [--home DIRECTORY] [--shell SHELL] [- osapanga-home] [ --id ID] [--gecos GECOS] [- gulu | --GULU LOGULU | --gid ID] [- password yosavomerezeka] [--disabled-login] USER Onjezani wosuta kuchokera pagulu la adduser --group [--gid ID] GROUP addgroup [--gid ID] GROUP Onjezani gulu la ogwiritsa gulu lowonjezera --system [--gid ID] GROUP Onjezani gulu la ogwiritsa ntchito gulu GROUP USER Onjezerani wogwiritsa ntchito pagulu lomwe mulipo: --quiet | -q musawonetse zambiri pazomwe mungatulutse --force-badname zimalola maina osuta omwe sakugwirizana ndi kusinthika kwa NAME_REGEX --help | -h uthenga wogwiritsa ntchito --version | -v nambala yolemba ndi kukopera --conf | -c FILE gwiritsani ntchito FILE ngati fayilo yosinthira

mizu @ sysadmin: / nyumba / xeon # wonama -h # Chotsani wosuta wabwinobwino m'dongosolo
mizu @ sysadmin: / nyumba / xeon # gulu -h # Chotsani gulu labwinobwino m'dongosolo
Wonyengerera USER amachotsa wogwiritsa ntchito pamachitidwe: deluser miguel --remove-home amachotsa chikwatu cha wosuta ndi mzere wa makalata. - kuchotsa mafayilo onse amachotsa mafayilo onse omwe wogwiritsa ntchito amagwiritsa ntchito. -Backup amathandizira mafayilo asanachotse. --kusungira-to kalozera kopita zosunga zobwezeretsera. Zolemba zamakono zikugwiritsidwa ntchito mwachinsinsi. -System imachotsa kokha ngati mukugwiritsa ntchito makina. delgroup GROUP deluser --group GROUP amachotsa gulu pamachitidwe: deluser --group students --system imachotsa ngati ili gulu m'dongosolo. -Kokha ngati mulibe kanthu kongochotsani ngati kulibe mamembala ena. Wonyengerera USER GROUP amachotsa wogwiritsa ntchito pagulu: deluser miguel ophunzira zosankha zonse: --quiet | -q musapereke zambiri pa stdout --help | -h uthenga wogwiritsa ntchito --version | -v nambala yolemba ndi kukopera --conf | -c FILE gwiritsani ntchito FILE ngati fayilo yosinthira

Ndondomeko

Pali mitundu iwiri ya malingaliro omwe tiyenera kuganizira popanga maakaunti a ogwiritsa ntchito:

• Ndondomeko Zogwiritsa Ntchito
• Ndondomeko zakukalamba

Ndondomeko Zogwiritsa Ntchito

Mwakuchita, zinthu zofunika kwambiri zomwe zimazindikiritsa akaunti ndi:

• Dzina la akaunti yaogwiritsa - wosuta LOWANI MUAKAUNTI, osati dzina ndi mayina awo.
• Dzina Lolowera - UID.
• Gulu lalikulu lomwe lili - GID.
• Chinsinsi - achinsinsi.
• Chilolezo chofikira - zilolezo zopezeka.

Zomwe muyenera kuziganizira mukamapanga akaunti ya ogwiritsa ntchito ndi izi:

• Nthawi yomwe wogwiritsa ntchitoyo amatha kugwiritsa ntchito mafayilo azinthu.
• Nthawi yomwe wogwiritsa ntchitoyo amasintha achinsinsi - nthawi ndi nthawi - pazifukwa zachitetezo.
• Kutalika kwa nthawi yomwe malowedwe -odula- azigwirabe ntchito.

Komanso, posankha wogwiritsa ntchito his UID y achinsinsi, tiyenera kukumbukira kuti:

• Mtengo wokwanira UID iyenera kukhala yapadera osati yoyipa.
• El achinsinsi iyenera kukhala yayitali mokwanira komanso zovuta, kotero kuti ndizovuta kumvetsetsa.

Ndondomeko zakukalamba

Pa dongosolo la Linux, fayilo ya achinsinsi wogwiritsa ntchito samapatsidwa nthawi yotsiriza. Ngati tigwiritsa ntchito ndondomeko zakukalamba, titha kusintha machitidwe osasintha ndipo popanga ogwiritsa ntchito, malamulowo adzaganiziridwa.

Pochita izi, pali zinthu ziwiri zofunika kuziganizira mukamakhazikitsa zaka zachinsinsi:

• Chitetezo
• Wosuta mayiko.

Mawu achinsinsi amakhala otetezeka kwambiri ngati amafupikitsa nthawi yake. Palibe chiopsezo chocheperako kwa ogwiritsa ntchito ena.

Kuti tikhazikitse mawu achinsinsi okalamba, titha kugwiritsa ntchito lamuloli kusintha:

[root @ linuxbox ~] # chage
Njira yogwiritsira ntchito: chage [zosankha] Zosankha za USER: -d, --lastday LAST_DAY imakhazikitsa tsiku losintha mawu achinsinsi kukhala LAST_DAY -E, - kutha ntchito CAD_DATE ikukhazikitsa tsiku lotha ntchito mpaka CAD_DATE -h, --help akuwonetsa uthenga wothandizira uwu ndikutha -I, --inactive INACTIVE imaletsa akauntiyi patadutsa masiku INACTIVE kuyambira tsiku lomaliza -l, - mndandanda umawonetsa zaka zazakaunti -m, --mindays MINDAYS imakhazikitsa masiku osachepera asanasinthe achinsinsi kukhala MIN_DAYS -M, -maxdays MAX_DAYS akhazikitsa masiku ochulukirapo asanasinthe mawu achinsinsi kukhala MAX_DAYS -R, --root CHROOT_DIR chikwatu kuti chroot mu -W, --warndays WARNING_DAYS akhazikitsa masiku otha ntchito ku DAYS_NOTICE

M'nkhani yapitayi tidapanga ogwiritsa ntchito angapo monga chitsanzo. Ngati tikufuna kudziwa zaka zakubadwa za akaunti ya wogwiritsa ntchito LOWANI MUAKAUNTI alireza:

[root @ linuxbox ~] # chage - mndandanda galadriel
Kusintha kwachinsinsi komaliza: Apr 21, 2017 Mawu achinsinsi atha ntchito: achinsinsi osagwiranso ntchito: Akaunti yonse imatha: osachepera Masiku osachepera pakati pakusintha kwa mawu achinsinsi: 0 Kuchuluka kwa masiku pakati pakusintha kwa mawu achinsinsi: 99999 Chiwerengero cha masiku azindikire mawu achinsinsi asanathe: 7

Izi ndizomwe zinali zosasinthika zomwe makina anali nazo pomwe tidapanga akaunti yaogwiritsa ntchito mawonekedwe owongolera "Ogwiritsa ntchito ndi magulu":

 

Kuti musinthe zolakwika zakukalamba, ndikulimbikitsidwa kuti musinthe fayilo /etc/login.defs y sintha kuchuluka kwa mfundo zomwe timafunikira. Fayiloyi tizingosintha izi:

# Kuwongolera kukalamba mwachinsinsi: # # PASS_MAX_DAYS Kuchuluka kwa masiku achinsinsi angagwiritsidwe ntchito. # PASS_MIN_DAYS Masiku ochepa amaloledwa pakati pakusintha kwachinsinsi. # PASS_MIN_LEN Ochepera achinsinsi obvomerezeka. # PASS_WARN_AGE Chiwerengero cha masiku ochenjeza omwe achinsinsi asanafike. # PASS_MAX_DAYS 99999 #! Zaka zoposa 273! PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7

pazikhalidwe zomwe tidasankha malinga ndi zomwe tikufuna:

PASS_MAX_DAYS 42 # 42 masiku osalekeza mutha kugwiritsa ntchito achinsinsi
PASS_MIN_DAYS 0 # mawu achinsinsi atha kusinthidwa nthawi iliyonse PASS_MIN_LEN 8 # kutalika kwachinsinsi PASS_WARN_AGE 7 # Nambala ya masiku omwe makina amakuchenjezani # muyenera kusintha chinsinsi chisanathe.

Timasiya fayilo yonse momwe idaliri ndipo tikupangira kuti tisasinthe magawo ena mpaka titadziwa zomwe tikuchita.

Makhalidwe atsopanowa adzaganiziridwa tikamapanga ogwiritsa ntchito atsopano. Ngati tisintha mawu achinsinsi a wogwiritsa ntchito kale, kufunikira kwa kutalika kwachinsinsi kudzalemekezedwa. Ngati tigwiritsa ntchito lamulo passwd m'malo mwazithunzi ndipo timalemba kuti mawu achinsinsi adzakhala «mbalambanda17«, Dongosolo limadandaula ngati chida chowonetsera« Ogwiritsa ntchito ndi magulu »ndipo imayankha kuti«Mwanjira inayake mawu achinsinsi amawerenga dzina lanu»Ngakhale pamapeto pake ndimalandira mawu achinsinsi ofooka aja.

[root @ linuxbox ~] # passwd legolas
Kusintha mawu achinsinsi a wosuta a legolas. Mawu Achinsinsi Atsopano: woponya mivi               # ndi ochepera zilembo 7
PASSWIRI YOSAKHALITSA CHINSINSI mbalambanda17
Mawu achinsinsi sakugwirizana.               # Zomveka eti?
Mawu achinsinsi: mbalambanda17
PASSWIRI YOSAKHALITSIDWA: Mwanjira inayake, mawu achinsinsi amawerengetsa dzina la ogwiritsa ntchito Lembaninso mawu achinsinsi: mbalambanda17
passwd: ma tokeni onse ovomerezeka adasinthidwa bwino.

Timalowa "kufooka" polengeza mawu achinsinsi omwe akuphatikizira LOWANI MUAKAUNTI wosuta. Izi sizomwe zimalimbikitsa. Njira yolondola ingakhale:

[root @ linuxbox ~] # passwd legolas
Kusintha mawu achinsinsi a wosuta a legolas. Mawu Achinsinsi Atsopano: Makhalidwe a 01
Bwerezaninso mawu achinsinsi: Makhalidwe a 01
passwd: ma tokeni onse ovomerezeka adasinthidwa bwino.

Kusintha kutsirizika kwamtengo wa achinsinsi de alireza, timagwiritsa ntchito chage command, ndipo tiyenera kusintha kokha mtengo wa PASS_MAX_DAYS kuchokera 99999 mpaka 42:

[root @ linuxbox ~] # chage -M 42 galadriel
[root @ linuxbox ~] # chage -l galadriel
Kusintha kwachinsinsi komaliza: Apr 21, 2017 Chinsinsi chitha: Jun 02, 2017 Chinsinsi chosagwira: akaunti sichitha: osachepera Masiku osachepera pakati pakusintha kwachinsinsi: 0 Kuchuluka kwa masiku pakati pakusintha kwachinsinsi: 42
Chiwerengero cha masiku azindikire mawu achinsinsi asanathe: 7

Ndi zina zotero, titha kusintha mapasiwedi a ogwiritsa ntchito omwe adapangidwa kale ndi malingaliro awo atha ntchito pamanja, pogwiritsa ntchito chida chojambulira «Ogwiritsa ntchito ndi magulu», kapena kugwiritsa ntchito script - script yomwe imapanga zina mwazosagwira ntchito.

• Mwanjira imeneyi, ngati tingapange ogwiritsa ntchito makinawa m'njira yosavomerezeka ndi zomwe zimachitika pokhudzana ndi chitetezo, titha kusintha khalidweli tisanapitilize kukhazikitsa ntchito zambiri za PAM..

Tikapanga wosuta ndi inu con LOWANI MUAKAUNTI «ndi inu»Ndi chinsinsi«Mawu achinsinsi»Tidzapeza zotsatirazi:

[muzu @ linuxbox ~] # useradd anduin
[root @ linuxbox ~] # passwd anduin
Kusintha mawu achinsinsi a wosuta andin. Mawu Achinsinsi Atsopano: Mawu achinsinsi
PASSWIRI YOSAKHALITSIDWA: Chinsinsi sichidutsa kutsimikizira kwa dikishonare - Zachokera pamawu mudikishonale. Bwerezaninso mawu achinsinsi: Mawu achinsinsi
passwd - Ma tokeni onse ovomerezeka adasinthidwa bwino.

Mwanjira ina, dongosololi limapanga mokwanira kuti lisonyeze zofooka zachinsinsi.

[root @ linuxbox ~] # passwd anduin
Kusintha mawu achinsinsi a wosuta andin. Mawu Achinsinsi Atsopano: Makhalidwe a 02
Bwerezaninso mawu achinsinsi: Makhalidwe a 02
passwd - Ma tokeni onse ovomerezeka adasinthidwa bwino.

Chidule cha Ndondomeko

• Mwachiwonekere, ndondomeko yovuta ya mawu achinsinsi, komanso kutalika kwakanthawi kwa zilembo 5, imathandizidwa mwachisawawa mu CentOS. Pa Debian, cheke chovutacho chimagwira ntchito kwa ogwiritsa ntchito wamba akamayesa kusintha mawu achinsinsi potumiza lamulolo passwd. Kwa wosuta muzu, palibe zoperewera zosasintha.
• Ndikofunikira kudziwa njira zosiyanasiyana zomwe titha kulengeza mu fayilo /etc/login.defs pogwiritsa ntchito lamulolo man login.defs.
• Komanso, onani zomwe zili mumafayilo / etc / default / useradd, komanso ku Debian /etc/adduser.conf.

Ogwiritsa Ntchito Magulu ndi Magulu

Pakukhazikitsa makina opangira, ogwiritsa ntchito onse ndi magulu amapangidwa omwe, buku limodzi limawatcha Ogwiritsa Ntchito Omwe ndi Omwe Amagwiritsa Ntchito System. Timakonda kuwatcha Ogwiritsa Ntchito ndi Magulu.

Monga lamulo, ogwiritsa ntchito makina ali ndi UID <1000 ndipo maakaunti anu amagwiritsidwa ntchito mosiyanasiyana pamakina ogwiritsira ntchito. Mwachitsanzo, akaunti yaogwiritsa «sikwidi»Amagwiritsidwa ntchito ndi pulogalamu ya squid, pomwe akaunti ya« lp »imagwiritsidwa ntchito posindikiza kuchokera kwa owerenga mawu kapena mawu.

Ngati tikufuna kulembetsa ogwiritsa ntchito ndi magulu, titha kuchita izi pogwiritsa ntchito malamulo:

[root @ linuxbox ~] # mphaka / etc / passwd
[root @ linuxbox ~] # mphaka / etc / group

Sitikulimbikitsidwa konse kuti musinthe ogwiritsa ntchito ndi magulu a dongosololi. 😉

Chifukwa chakufunika kwake, timabwereza kuti ku CentOS, FreeBSD, ndi machitidwe ena, gulu la -system limapangidwa gudumu kulola kufikira monga muzu okhawo ogwiritsa ntchito makina omwe ali mgululi. Werengani /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.htmlndi /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. Debian sakuphatikiza gulu gudumu.

Kusamalira akaunti za ogwiritsa ntchito komanso zamagulu

Njira yabwino yophunzirira momwe mungagwiritsire ntchito maakaunti ogwiritsa ntchito ndi magulu ndi:

• Kuyeseza kugwiritsa ntchito malamulo omwe atchulidwa pamwambapa, makamaka pamakina enieni komanso kale zogwiritsa ntchito zida zojambula.
• Kufufuza pamabuku kapena masamba a munthu ya lamulo lililonse musanafufuze zina zilizonse pa intaneti.

Khalani ndi muyezo wabwino kwambiri wa chowonadi.

Chidule

Pakadali pano, nkhani imodzi yoperekedwa kwa Kusamalira Ogwiritsa Ntchito Kumagulu ndi Magulu sikokwanira. Kukula kwa chidziwitso chomwe Woyang'anira aliyense amapeza kumadalira chidwi chomwe munthu angakhale nacho pophunzira ndikuzama za izi ndi mitu ina yofananira nayo. Zili chimodzimodzi ndi zinthu zonse zomwe tapanga munkhani zotsatizanazi Ma Network a SME. Momwemonso mutha kusangalala ndi mtunduwu pdf Pano

Kutumiza kotsatira

Tipitiliza kukhazikitsa ntchito zotsimikizira ogwiritsa ntchito akumaloko. Tikatero tidzakhazikitsa ntchito yotumizirana mameseji potengera pulogalamuyo Kutulutsa.

Tiwonana posachedwa!