Yemunharaunda mushandisi uye boka manejimendi - SME network

fico

21 maminitsi

General index yeakateedzana: Computer Networks yeSMEs: Sumo

Mhoro shamwari neshamwari!

Ichi chinyorwa kuenderera kwe Squid + PAM Kusimbiswa muCentOS 7- SMB Networks.

UNIX / Linux masisitimu anoshanda anopa REAL yakawanda-mushandisi nharaunda, umo vashandisi vazhinji vanogona kushanda panguva imwe chete pane imwecheteyo system uye nekugovana zviwanikwa senge ma processor, madhiraivha akaomarara, ndangariro, network mapindiro, zvishandiso zvakaiswa muchirongwa, zvichingodaro.

Nechikonzero ichi, maSystem Administrator anosungirwa kuramba vachibata vashandisi nemapoka ehurongwa uye kugadzira nekushandisa nzira yakanaka yekutonga.

Tevere isu tichaona zvakapfupisa izvo zvakajairika zviitiko zveichi chiitiko chakakosha muLinux Systems Administration.

Dzimwe nguva zvirinani kupa Utility uyezve Unoda.

Uyu ndiwo muenzaniso chaiwo weiyo odha. Kutanga tinoratidza maitiro ekushandisa yeInternet Proxy sevhisi neSquid uye vashandisi vemuno. Zvino isu tinofanira kuzvibvunza isu:

  • ¿ndingaite sei kuita networking services pane UNIX / Linux LAN kubva kune vashandisi vemuno uye ne kuchengetedzeka kunogamuchirwa?.

Izvo hazvina basa kuti, pamusoro pezvo, Windows vatengi vanobatana kune ino network. Izvo zvinongoda chete kukosha kwekuti ndeapi masevhisi ayo SME Network inoda uye ndeipi iri nyore uye yakachipa nzira yekuzviita.

Mubvunzo wakanaka wekuti munhu wese anofanirwa kutsvaga mhinduro dzake. Ndinokukoka kuti utsvake izwi rokuti «authentication»Pa Wikipedia muChirungu, inova ndiyo yakazara zvakakwana uye inopindirana maererano nezvakanyorwa zvemukati - muChirungu-.

Zvinoenderana neNhoroondo kare nehasha, yekutanga yaive iyo Kusimbiswa y Mvumo nzvimbo, mushure NIS Network Ruzivo Sisitimu yakagadzirwa neSun Microsystem uye inozivikanwa se Yellow Pages o yp, ndokuzo LDAP Protocol Protocol Access Protocol.

Ko "Kuchengeteka Kunogamuchirwa»Inouya nekuti nguva zhinji tinonetsekana nezve kuchengetedzeka kwenzvimbo yedu yemuno, nepo isu tichipinda paFacebook, Gmail, Yahoo, nezvimwe - kutaura vashoma chete- uye tinopa Chakavanzika chedu mavari. Uye tarisa iyo yakawanda nhamba yezvinyorwa uye zvinyorwa izvo zvine chekuita neiyo Hapana Chakavanzika paInternet varipo

Tarira paCentOS uye Debian

CentOS / Red Hat uye Debian vane yavo uzivi maitiro ekushandisa chengetedzo, izvo zvisina kunyatsosiyana. Nekudaro, isu tinosimbisa kuti ese ari maviri akatsiga, akachengeteka uye akavimbika. Semuenzaniso, muCentOS mamiriro eSELinux anogoneswa nekutadza. MuDebian isu tinofanirwa kuisa iyo package selinux-basics, iyo inoratidza kuti isu tinogona zvakare kushandisa SELinux.

MuCentOS, FreeBSD, uye mamwe masisitimu anoshanda, iro -system- boka rakagadzirwa vhiri kubvumira kupinda se mudzi chete kune vashandisi veesisitimu veboka iro. Verenga /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.htmluye /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. Debian haisanganisi boka vhiri.

Main mafaera nemirairo

Archives

Iwo mafaera makuru ane chekuita nekugadzirisa vashandisi vemuno muLinux operating system ndeaya:

CentOS uye Debian

  • / etc / passwd: ruzivo rweakaundi account.
  • / etc / mumvuri- Ruzivo rwekuchengetedza account.
  • / etc / group: ruzivo rwekambani account.
  • / etc / gshadow- Ruzivo rwekuchengetedzeka kumaakaundi eboka.
  • / etc / default / useradd: default kukosha kwekugadzira maakaunzi.
  • / nezvimwe / skel /: dhairekitori iro rine mafaera akasarudzika anozoverengerwa mune HOME dhairekitori remushandisi mutsva.
  • /etc/login.defs- password chengetedzo yekumisikidza suite.

Debian

  • /etc/adduser.conf: default kukosha kwekugadzira maakaunzi.

Mirairo paCentOS uye Debian

[midzi @ linuxbox ~] # chwedwd -h # Gadziridza mapassword mune batch modhi
Mashandisiro: chpasswd [sarudzo] Sarudzo: -c, --crypt-nzira METHOD nzira yekunyepedzera (imwe yeZVISINA DES MD5 SHA256 SHA512) -e, -yakanyora mapassword akapihwa akanyorwa -h, --help inoratidza izvi batsira kukurumidza uye kumisa -m, --md5 inonyora pasiwedhi zvakajeka mukushandisa MD5 algorithm -R, --root CHROOT_DIR dhairekitori kudzika mu -s, --sha-kutenderera nhamba yeSHA kutenderera kweSHA kunyorera algorithms * # batch- Ita mirairo kana system mutoro ichibvumira. Mune mamwe mazwi # apo avhareji mutoro unowira pasi pe 0.8 kana kukosha kwakatsanangurwa nekukumbira # iyo atd yekuraira. Mamwe mashoko murume batch.

[midzi @ linuxbox ~] # gpasswd -h # Zivisai Vatungamiriri mu / etc / group uye / etc / gshadow
Mashandisiro aungaita: gpasswd [sarudzo] GROUP Sarudzo: -a, - kuwedzera USER inowedzera USER kuGROUP -d, --delete USER inobvisa USER kubva GROUP -h, --help inoratidza iri rekubatsira meseji uye inoguma -Q, - -root CHROOT_DIR dhairekitori kuita chroot mu -r, --delete-password bvisa password yeGROUP -R, --restrict inotadzisa kupinda kweGROUP kunhengo dzayo -M, --members USER, ... inogadza runyorwa rwe GROUP -A, --administrators ADMIN, ... inoisa runyorwa rwevatariri veGROUP Kunze kwe-- A uye -M sarudzo, sarudzo hadzigoni kusanganiswa.

[midzi @ linuxbox ~] # groupadd -h    # Gadzira boka idzva
Mashandisiro: groupadd [sarudzo] GROUP Sarudzo: -f, --force kumisa kana boka ratovepo, uye kukanzura -g kana GID yatove kushandiswa -g, --gid GID shandisa GID yeboka idzva - h, --help inoratidza iyi yekubatsira meseji uye inopera -K, --key KEY = VALUE inodhira hunhu husipo hwe "/etc/login.defs" -o, --non-unique Inokutendera kuti ugadzire mapoka nemaGID ) zvakapetwa -p, --wordword PASSWORD shandisa iyi yakavharidzirwa password yeiyo nyowani -r, --system gadzira system system -R, --root CHROOT_DIR dhairekitori kupinda mukati

[midzi @ linuxbox ~] # groupdel -h # Bvisa boka riripo
Mashandisiro aungaita: groupdel [sarudzo] GROUP Sarudzo: -h, --help ratidza iyi yekubatsira meseji uye kumisa -R, --root CHROOT_DIR dhairekitori kuti rovera mukati

[midzi @ linuxbox ~] # groupmems -h # Zivisai Vatariri muboka rekutanga revashandisi
Mashandisiro aungaita: groupmems [sarudzo] [chiito] Sarudzo: -g, --group GROUP chinja zita reboka pane boka remushandisi (zvinogona chete kuitwa nemubati) -R, --root CHROOT_DIR dhairekitori kuti ridzike mukati Zviito: -a, - kuwedzera USER anowedzera USER kunhengo dzeboka -d, --delete USER inobvisa USER kubva kunhengo dzeboka runyorwa -h, --help inoratidza iri rekubatsira meseji uye inogumisa -p, - kuchenesa nhengo dzese dzeboka -l, - rondedzero yenhengo dzeboka

[midzi @ linuxbox ~] # bmukova -h # Chinja tsananguro yeboka
Mashandisiro ekushandisa: NEW_GROUP -o, --non-yakasarudzika inobvumidza kushandisa duplicate GID (haina kusarudzika) -p, - password PASSWORD inoshandura password kuita PASSWORD (yakavharidzirwa) -R, --root CHROOT_DIR dhairekitori kupinda mukati

[midzi @ linuxbox ~] # grpck -h # Tarisa kuvimbika kwefaira reboka
Mashandisiro: grpck [sarudzo] [boka [gshadow]] Sarudzo: -h, --help ratidza urwu rubatsiro meseji uye buda -r, - kuverenga-chete kuratidza zvikanganiso uye yambiro asi usashandure mafaira -R, - -root CHROOT_DIR dhairekitori kune chroot mu -s, --sort mhando zvinyorwa neUID

[midzi @ linuxbox ~] # grpconv
# Yakabatanidzwa mirairo: pwconv, inova, grpconv, grpunconv
# Inoshandiswa kushandura kuenda uye kubva pamumvuri mapassword nemapoka
# Mirairo mina inoshanda pamafaera / etc / passwd, / etc / group, / etc / shadow, 
# uye / etc / gshadow. Kuti uwane rumwe ruzivo murume grpconv.

[midzi @ linuxbox ~] # sg -h # Ita rairo uine rakasiyana boka ID kana GID
Mashandisiro ekushandisa: sg boka [[-c] odha]

[midzi @ linuxbox ~] # newgrp -h # Chinja iyo yazvino GID panguva yekupinda
Mashandisiro ekushandisa: newgrp [-] [boka]

[midzi @ linuxbox ~] # vatsva -h # Gadziridza uye gadzira vashandisi vatsva mubatch mode
Yekushandisa nzira: newusers [sarudzo] Sarudzo: -c, --crypt-nzira METHOD nzira yekunyepedzera (imwe yeNONE DES MD5 SHA256 SHA512) -h, --help ratidza urwu rubatsiro meseji uye kubuda -r, --system gadzira masisitimu account -R, --root CHROOT_DIR dhairekitori kuti inyowane mu -s, --sha-kutenderera nhamba yeSHA kutenderera kweSHA kunyorera algorithms *

[midzi @ linuxbox ~] # pwck -h # Tarisa kuvimbika kwemafaira ephasiwedi
Mashandisiro aungaita: pwck [sarudzo] [passwd [mumvuri] Sarudzo: -h, --help ratidza iyi yekubatsira meseji uye buda -q, - runyararo rondedzera zvikanganiso chete -r, - kuverenga-chete kuratidza zvikanganiso uye yambiro asi usachinje mafaera -R, --root CHROOT_DIR dhairekitori kuita chroot mu -s, --sort mhando zvinyorwa neUID

[midzi @ linuxbox ~] # mushandisi -h # Gadzira mushandisi mutsva kana kugadzirisa default # ruzivo rwemushandisi mutsva
Mashandisiro aungaita: useradd [sarudzo] USER useradd -D useradd -D [sarudzo] Sarudzo: -b, --base-dir BAS_DIR base dhairekitori reimba dhairekitori repamba -c, --comment COMMENT GECOS munda we account nyowani -d, - imba-dir PERSONAL_DIR dhairekitori repamba reakaundi -D, - zvinokanganisa kudhinda kana kushandura kumisikidza kusarudzika kwe useradd -e, --expiredate EXPIRY_DATE zuva rekupera renhoroondo nyowani -f, - isingashande INACTIVE nguva yekusaita kwepassword yeiyo account nyowani
weboka
  -g, --gid GROUP zita kana mucherechedzo weboka rekutanga reiyo account -G, --groups GROUPS runyorwa rwemapoka ekuwedzera eakaundi nyowani -h, --help inoratidza iri rekubatsira meseji uye rinopera -k, - skel DIR_SKEL inoshandisa iyi imwe "skeleton" dhairekitori -K, --key KEY = VALUE inodhindisa hunhu hwechokwadi hwe "/etc/login.defs" -l, --no-log-init haiwedzere mushandisi kudhatabhesi kubva lastlog uye faillog -m, - imba-inogadzira dhairekitori repamba remushandisi -M, --no-gadzira-imba haina kugadzira dhairekitori repamba remushandisi -N, --no-mushandisi-boka harigadzi boka iro zita rakafanana neremushandisi -o, --non-yakasarudzika inobvumidza kugadzira vashandisi nemavara maviri (asiri-akasarudzika) zvitupa (UIDs) -p, --wordword PASSWORD yakavharidzirwa password yeakaundi nyowani -r, --system inogadzira account ye system -R, --root CHROOT_DIR dhairekitori yekurovera mu -s, --shell CONSOLE yekuwana koni yeakaundi nyowani -u, --uid UID mushandisi chinongedzo cheayo nyowani account -U, --user-boka gadziraboka rine zita rakafanana nemushandisi -Z, --selinux-mushandisi USER_SE inoshandisa mushandisi wakatarwa wemushandisi weSELinux

[midzi @ linuxbox ~] # mushandisi -h # Bvisa account yemushandisi uye mafaera akafanana
Mashandisiro maitiro: userdel [sarudzo] USER Sarudzo: -f, --force kumanikidza zvimwe zviito zvinokundikana neimwe nzira eg kubviswa kwemushandisi kuchiri kupinda mukati kana mafaera, kunyangwe isina muridzi -h, --help inoratidza iyi meseji. Kubatsira uye kupedzisa -r, - bvisa kubvisa dhairekitori repamba uye bhokisi retsamba -R, --root CHROOT_DIR dhairekitori kuita chroot mu -Z, --selinux-mushandisi bvisa chero mepu yemushandisi yeSELinux yemushandisi

[midzi @ linuxbox ~] # mushandisi mod -h # Chinja account yemushandisi
Mashandisiro aungaita: usermod [sarudzo] USER Sarudzo: -c, -comment KOMITI kukosha kutsva kweiyo GECOS munda -d, - imba PERSONAL_DIR nyowani dhairekitori remusha remushandisi mutsva -e, --expiredate EXPIR_DATE inogadza zuva rekupera kweiyo account kuna EXPIRED_DATE -f, - isingashande INACTIVE inoisa nguva isina basa mushure mekunge account yapera kuINACTIVE -g, --gid GROUP inomanikidza kushandisa GROUP yeakaundi mushandisi account -G, --groups GROUPS runyorwa rwe makwikwi ekuwedzera -a, -append shandisa mushandisi kune anowedzera GROUPS ataurwa ne -G sarudzo usingamubvise kubva kune mamwe mapoka -h, --help ratidza iyi yekubatsira meseji uye gumisa -l, -login NAME zvakare zita remushandisi -L, - kukiya kukiya mushandisi account -m, --move-kumba kufambisa zvemukati dhairekitori repamba kudhairekitori nyowani (shandisa chete pamwe chete ne -d) -o, --non-yakasarudzika inobvumidza kushandisa Dzokorora (kwete yakasarudzika) UIDs -p, - password PASSWORD shandisa yakavharidzirwa password yeakaundi nyowani -R, --root CHR OOT_DIR dhairekitori kudzika mu -s, --shell CONSOLE nyowani yekuwana koni yeakaundi account -u, --uid UID inomanikidza kushandisa UID kune nyowani mushandisi account -U, --unlock inovhura account yemushandisi -Z, --selinux-mushandisi SEUSER mutsva weSELinux mepu yeakaundi account

Mirairo muDebian

Debian anosiyanisa pakati mushandisi y adduser. Inokurudzira kuti maSystem Administrators anoshandisa adduser.

midzi @ sysadmin: / imba / xeon # adduser -h # Wedzera mushandisi kuhurongwa
midzi @ sysadmin: / imba / xeon # addgroup -h # Wedzera boka kune system
adduser [- imba DIRECTORY] [--shell SHELL] [--no-gadzira-imba] [--uid ID] [--firstuid ID] [--lastuid ID] [--gecos GECOS] [--ingroup BOKA | --gid ID] [--disabled-password] [--disabled-login] USER Wedzera zvakajairika mushandisi adduser --system [- imba DIRECTORY] [--shell SHELL] [--no-gadzira-imba] [ --uid ID] [--gecos GECOS] [- boka | -Boka GROUP | --gid ID] [--disabled-password] [--disabled-login] USER Wedzera mushandisi kubva kune system adduser --group [--gid ID] GROUP addgroup [--gid ID] GROUP Wedzera boka revashandisi rinowedzera --system [--gid ID] GROUP Wedzera boka kubva ku system adduser USER GROUP Wedzera mushandisi aripo kuboka riripo sarudzo dzaungagona: --quiet | -q usaratidze ruzivo rwekuita pane zvakajairwa kuburitsa --force-badname bvumidza mazita evashandisi asingaenderane nesarudzo yekushanduka NAME_REGEX --help | -h Meseji yekushandisa --version | -v vhezheni nhamba uye copyright --conf | -c FILE shandisa FILE seyakagadziriswa faira

midzi @ sysadmin: / imba / xeon # deluser -h # Bvisa mushandisi akajairwa kubva kuhurongwa
midzi @ sysadmin: / imba / xeon # weboka -h # Bvisa boka rakajairika kubva muchirongwa
mutengesi USER anobvisa mushandisi wenguva dzose kubva pamuenzaniso wehurongwa: --remove-ese-mafaera anobvisa mafaera ese ari mushandisi. -Backup inotsigira mafaera usati wabvisa. --backup-to dhairekitori rekuenda rezvinyorwa. Dhairekitori razvino rinoshandiswa nekutadza. -system bvisa chete kana iwe uri mushandisi musisitimu. delgroup GROUP deluser --group GROUP inobvisa boka kubva kune system muenzaniso: deluser --group vadzidzi --system inobvisa chete kana iri boka kubva kuhurongwa. - chete-kana-isina chinhu bvisa chete kana vasina dzimwe nhengo. mutengesi USER GROUP inobvisa mushandisi kubva kuboka muenzaniso: deluser miguel vadzidzi general sarudzo: --quiet | -q usape ruzivo rwekuita pane stdout --help | -h Meseji yekushandisa --version | -v vhezheni nhamba uye copyright --conf | -c FILE shandisa FILE seyakagadziriswa faira

Policies

Pane mhando mbiri dzemitemo yatinofanirwa kufunga nezvayo patinogadzira maakaunzi emushandisi

  • Maitiro Eakaundi Yevashandisi
  • Password kukwegura mitemo

Maitiro Eakaundi Yevashandisi

Mukuita, izvo zvakakosha zvinhu zvinoratidza account yemushandisi ndezvi:

  • Mushandisi account zita - mushandisi LOGIN, kwete zita nemazita.
  • Mushandisi id - UID.
  • Boka rakakosha kwariri - Gidhariti.
  • Pasiwedhi - pasiwedhi.
  • Mvumo yekuwana - mvumo yekuwana.

Izvo zvinhu zvakakosha zvekutarisa kana uchigadzira account yemushandisi ndezvi:

  • Iyo yakareba yenguva iyo mushandisi ichave nekwaniso kune iyo faira system uye zviwanikwa.
  • Iyo nguva yenguva iyo mushandisi yaanofanirwa kushandura yavo password - nguva nenguva - nekuda kwekuchengetedza zvikonzero.
  • Iyo nguva yenguva iyo iyo login -login- inoramba ichishanda.

Uyezve, pakugovera mushandisi yake UID y pasiwedhi, tinofanira kufunga kuti:

  • Kukosha kwehuwandu UID inofanira kunge yakasarudzika uye kwete yakaipa.
  • El pasiwedhi inofanirwa kuve yehurefu hwakaringana uye kuomarara, zvekuti zvinonetsa kududzira.

Password kukwegura mitemo

Pane Linux system, iyo pasiwedhi yemushandisi haina kupihwa default nguva yekupera. Kana isu tikashandisa password kukwegura marongero, isu tinokwanisa kushandura iyo default maitiro uye kana tichigadzira vashandisi, marondedzero akatsanangurwa anozotarisirwa

Mukuita, pane zvinhu zviviri zvekutarisa kana uchiisa zera repassword:

  • Kuchengeteka.
  • Mushandisi ari nyore.

Pasiwedhi yakachengeteka zvakanyanya kupfupisa kupera kwayo. Iko kune njodzi shoma yekuve kuburitswa kune vamwe vashandisi.

Kuisa password yekukwegura marongero, tinogona kushandisa rairo chage:

[mudzi @ linuxbox ~] # chage
Mashandisiro maitiro: chage [sarudzo] USER Sarudzo: -d, - zuva rekupedzisira LAST_DAY inogadza zuva rekupedzisira password kushandurwa kuita LAST_DAY -E, --expiredate CAD_DATE inoisa zuva rekupera kuCAD_DATE -h, --help kuratidza iyi yekubatsira meseji uye inopera -I, - isingashande INACTIVE inoremadza account mushure memazuva INACTIVE kubva parinopera zuva -l, --list inoratidza zera reakaundi -m, --mindays MINDAYS inoseta iyo nhamba mashoma mazuva usati wachinja password kuita MIN_DAYS -M, --maxdays MAX_DAYS inogadza huwandu hwemazuva asati achinja password kuita MAX_DAYS -R, --root CHROOT_DIR dhairekitori kuita chroot mu -W, --warndays WARNING_DAYS inogadza mazuva ekupera kwechiziviso kuna DAYS_NOTICE

Muchinyorwa chakapfuura takagadzira vashandisi vakati wandei semuenzaniso. Kana isu tichida kuziva zera kukosha kweakaundi mushandisi ne LOGIN galadriel:

[midzi @ linuxbox ~] # chage --list galadriel
Yekupedzisira password yekuchinja: Kubvumbi 21, 2017 Pasiwedhi inopera: haichamboshandisi password: haina Akaiti inopera: haambofi Minimum nhamba yemazuva pakati pekushandurwa kwepassword: 0 Kunonyanyisa huwandu hwemazuva pakati pekushandurwa kwepassword: 99999 Nhamba yemazuva ekuzivisa pamberi password inopera: 7

Idzi ndidzo dzaive tsika dzakasarudzika dzaive nehurongwa patakagadzira account yemushandisi tichishandisa graphical management utility "Vashandisi nemapoka":

Kuti uchinje pasiwedhi kukwegura zvisizvo, zvinokurudzirwa kugadzirisa iyo faira /etc/login.defs y gadzirisa hushoma huwandu hwemitengo yatinoda. Mune iyo faira isu tinongo shandura anotevera hunhu:

# Pasiwedhi kuchembera kudzora: # # PASS_MAX_DAYS Yakakwira huwandu hwemazuva password inogona kushandiswa. # PASS_MIN_DAYS Hushoma huwandu hwemazuva anotenderwa pakati pekushandurwa kwepassword. # PASS_MIN_LEN Minimum yepasi inogamuchirwa pasiwedhi. # PASS_WARN_AGE Nhamba yemazuva nyevero yakapihwa password isati yapera. # PASS_MAX_DAYS 99999 #! Anopfuura makore mazana matatu nemakumi matatu nematatu! PASS_MIN_DAYS 273 PASS_MIN_LEN 0 PASS_WARN_AGE 5

yehunhu hwatakasarudza zvinoenderana nezvatinoda nezvatinoda:

PASS_MAX_DAYS 42 # 42 mazuva anoenderera iwe unogona kushandisa iyo pasiwedhi
PASS_MIN_DAYS 0 # password inogona kuchinjwa chero nguva PASS_MIN_LEN 8 # mashoma password kureba PASS_WARN_AGE 7 # Nhamba yemazuva iyo system inokuyambira kuti # chinja password isati yapera.

Isu tinosiya iyo yakasara yefaira sezvairi uye tinokurudzira kusachinja mamwe ma parameter kudzamara taziva zvakanaka zvatiri kuita.

Maitiro matsva anozotarisirwa kana isu tatanga vashandisi vatsva. Kana isu tikachinja password yemushandisi akatogadzirwa, kukosha kweiyo yepasi pasiwedhi kureba kunozoremekedzwa. Kana tikashandisa rairo passwd pachinzvimbo chekushandisa graphical uye isu tinonyora kuti password ichave «Legolas17«, Iyo sisitimu inonyunyuta senge graphic chishandiso« Vashandisi nemapoka »uye inopindura kuti«Neimwe nzira password inoverenga iro zita rekushandisa»Kunyangwe pakupedzisira ndinogamuchira iro simba risina simba.

[midzi @ linuxbox ~] # passwd legolas
Kuchinja password yemushandisi welegolas. Nyowani Nyowani: muchengeti               # iri pasi pevanhu vanomwe
PASSWORD INCORRECT: Pasiwedhi iri pasi pemavara gumi nemasere Nyorazve pasiwedhi nyowani: Legolas17
Passwords haaenderane.               # Zvinonzwisisika handiti?
Nyowani nyowani: Legolas17
SHOKO RINOKOSHA: Neimwe nzira password inoverenga zita remushandisi Nyorazve iyo nyowani nyowani: Legolas17
passwd: matokisheni ese echokwadi akavandudzwa zvinobudirira.

Isu tinowana "kushaya simba" kwekuzivisa password iyo inosanganisira iyo LOGIN mushandisi. Iyi ndiyo tsika isingakurudzirwe. Nzira chaiyo ingave:

[midzi @ linuxbox ~] # passwd legolas
Kuchinja password yemushandisi welegolas. Nyowani Nyowani: highmountains01
Nyorazve pasiwedhi nyowani: highmountains01
passwd: matokisheni ese echokwadi akavandudzwa zvinobudirira.

Kuchinja kupera kwemaitiro eiyo pasiwedhi de galadriel, isu tinoshandisa chage kuraira, uye isu tinongofanirwa kushandura kukosha kwe PASS_MAX_DAYS kubva 99999 kusvika 42:

[midzi @ linuxbox ~] # chage -M 42 galadriel
[midzi @ linuxbox ~] # chage -l galadriel
Yekupedzisira password shanduko: Kubvumbi 21, 2017 Pasiwedhi inopera: Jun 02, 2017 Isingashandisi password: haisati Akaunti inopera: haambofi Minimum nhamba yemazuva pakati pekushandurwa kwepassword: 0 Kunonyanyisa huwandu hwemazuva pakati pekushandurwa kwepassword: 42
Huwandu hwemazuva ekucherechedza pasati password yapera: 7

Uye zvichingodaro, tinogona kushandura mapassword evashandisi vatogadzira uye nemagariro ekupera nemaoko, tichishandisa graphical chishandiso «Vashandisi nemapoka», kana kushandisa script - chinyorwa iyo inoshandisa mamwe emabasa asiri ekudyidzana.

  • Nenzira iyi, kana tikasika vashandisi vemuno sisitimu nenzira isingakurudzirwe nemaitiro akajairika maererano nekuchengetedza, tinogona kuchinja hunhu tisati taenderera mberi nekushandisa mamwe mabasa ePAM-based..

Kana isu tikasika mushandisi anduin game LOGIN «anduin»Uye pasiwedhi«ThePassword»Tichawana zvinotevera mhedzisiro:

[midzi @ linuxbox ~] # useradd anduin
[midzi @ linuxbox ~] # passwd anduin
Kuchinja password yemushandisi anduin. Nyowani Nyowani: ThePassword
PASI PASI PASI RAKASIMBIKA: Pasiwedhi haipfuure kududzirwa kweduramazwi - Yakavakirwa pazwi muduramazwi. Nyorazve pasiwedhi nyowani: ThePassword
passwd - Mateki ese echokwadi akavandudzwa zvinobudirira.

Mune mamwe mazwi, iyo system inogadzira zvakakwana kuratidza kushaya simba kwepassword.

[midzi @ linuxbox ~] # passwd anduin
Kuchinja password yemushandisi anduin. Nyowani Nyowani: highmountains02
Nyorazve pasiwedhi nyowani: highmountains02
passwd - Mateki ese echokwadi akavandudzwa zvinobudirira.

Pfupiso Yemutemo

  • Zviripachena kuti password yakaoma kunzwisisa mutemo, pamwe nehurefu hushoma hwemavara mashanu, inogoneswa nekutadza muCentOS. PaDebian, iyo yakaoma cheki inoshanda kune vakajairika vashandisi kana ivo vachiedza kushandura password yavo nekupinza iwo murairo passwd. Zvemushandisi mudzi, hapana zvimiro zvekutadza.
  • Izvo zvakakosha kuti tizive sarudzo dzakasiyana dzatinogona kuzivisa mufaira /etc/login.defs uchishandisa rairo man login.defs.
  • Zvakare, tarisa zvirimo mumafaira / etc / default / useradd, uye zvakare muDebian /etc/adduser.conf.

Vashandisi veSystem uye Mapoka

Mukuita kwekuisa iyo inoshanda sisitimu, inoteedzana yevashandisi uye mapoka akagadzirwa ayo, rimwe bhuku rinodaidza Vashandisi Vemhando uye imwe Vashandisi veSystem. Tinosarudza kuvadaidza kuti Vashandisi veSystem uye Mapoka.

Semutemo, vashandisi vehurongwa vane UID <1000 uye maakaunzi ako anoshandiswa nemaapplication akasiyana eiyo sisitimu inoshanda. Semuenzaniso, account yemushandisi «Squid»Inoshandiswa nechirongwa cheSquid, nepo« lp »account ichishandiswa kudhinda kubva kuIzwi kana mameseji edhita.

Kana isu tichida kunyora avo vashandisi uye mapoka, tinogona kuzviita tichishandisa mirairo:

[midzi @ linuxbox ~] # kati / nezvimwe / passwd
[midzi @ linuxbox ~] # katsi / nezvimwe / boka

Izvo hazvikurudzirwe zvachose kugadzirisa vashandisi uye mapoka eiyo system. 😉

Nekuda kwekukosha kwayo, tinodzokorora izvo muCentOS, FreeBSD, uye mamwe masisitimu anoshanda, iro -system- boka rakagadzirwa vhiri kubvumira kupinda se mudzi chete kune vashandisi veesisitimu veboka iro. Verenga /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.htmluye /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. Debian haisanganisi boka vhiri.

Kugadzirisa maakaunzi evashandisi uye eboka

Nzira yakanakisa yekudzidza maitiro ekushandisa maakaundi evashandisi uye eboka ndeaya:

  • Kudzidzira kushandiswa kwemirairo yakanyorwa pamusoro, kunyanya mumushini chaiwo uye kare yekushandisa zvishandiso zvemifananidzo.
  • Kuongorora zvinyorwa kana mapeji emurume yemirairo yega yega usati watsvaga chero rumwe ruzivo paInternet.

Kudzidzira ndiyo nzira yakanaka kwazvo yezvokwadi.

Resumen

Kusvika parizvino, chinyorwa chimwe chete chakatsaurirwa kune Mushandisi Wemuno uye Boka Management hachina kukwana. Iyo degree yeruzivo iyo iyo yega Administrator inowana inoenderana nechero rako kufarira kudzidza nekudzika pamusoro peizvi nemimwe misoro inoenderana. Izvo zvakafanana nezvose zvinhu izvo zvatakagadzira munhevedzano yezvinyorwa SME Networks. Nenzira imwecheteyo iwe unogona kunakidzwa neshanduro iyi mu pdf pano

Kunotevera kuendesa

Tichaenderera mberi nekuita masevhisi nekusimbiswa kunopesana nevashandisi vemuno. Tichazobva tangoisa ipapo ipapo mameseji sevhisi zvichienderana nechirongwa Prosody.

Ndokuwona manje manje!


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   HO2GI akadaro
    inoita 7 makore

    Mhoroi, chinyorwa chikuru, ndinokuvhunza kwandinoshandira, maprinta akagovaniswa zvakanyanya, dambudziko riri mumikombe, dzimwe nguva rinoturika uye havagone kudhinda sezvo ndichigona kuvapa mvumo yekuitangazve (nekuti nguva zhinji tiri kushanda mune dzimwe nzvimbo) pasina kupa password mudzi nekuti nzira chete yandakawana ndeyekushandura kuti mushandisi chaiye atangezve.
    Kubva ndatotenda zvikuru kwazvo.

    Pindura HO2GI
    1.    federico akadaro
      inoita 7 makore

      Kwazisai HO2GI!. Semuenzaniso, ngatitii mushandisi Legolas iwe unoda kuipa mvumo yekungotangazve iyo CUPS sevhisi, uchishandisa zvedi iwo wekuraira sudo, iyo inofanirwa kuiswa:
      [midzi @ linuxbox ~] # visudo

      Cmnd alias kududzirwa

      Cmnd_Alias ​​RESTARTCUPS = /etc/init.d/cups inotangazve

      Tsanangudzo yemushandisi

      mudzi ZVESE = (ZVESE: ZVESE) ZVESE
      legolas ZVESE = RESTARTCUPS

      Sevha shanduko dzakaitwa kune iyo faira majuzi. Pinda semushandisi Legolas:

      legolas @ linuxbox: ~ $ sudo /etc/init.d/squid reload
      [sudo] pasiwedhi ye legolas:
      Tine urombo, mushandisi legolas haabvumidzwe kuita '/etc/init.d/postfix reload' semudzi palinuxbox.desdelinux.fan.
      legolas @ linuxbox: ~ $ sudo /etc/init.d/cups kutangazve
      [sudo] pasiwedhi ye legolas:
      [ok] Kutangazve Yakajairika Unix Kudhinda Sisitimu: cupsd.

      Ndiregerere kana kukurumidza kwakasiyana paCentOS, nekuti ini ndaitungamirirwa nezvandakangoita paDebian Wheezy. ;-). Kwandiri ini izvozvi, ini handina chero CentOS paruoko.

      Kune rimwe divi, kana iwe uchida kuwedzera vamwe Vashandisi veSystem sevakazara maCUPS ma Administrator - vanogona kuimisa zvisiri izvo - unovaita nhengo dzeboka lpadmin, iyo inogadzirwa kana iwe ukaisa CUPS.

      https://www.cups.org/doc/man-lpadmin.html
      http://www.computerhope.com/unix/ulpadmin.htm

      Pindura kuna federico
      1.    HO2GI akadaro
        inoita 7 makore

        Mukuru ndinotenda chiuru cheFico ndichaedza izvozvi.

        Pindura HO2GI
  2.   federico akadaro
    inoita 7 makore

    HO2GI, muCentOS / Tsvuku -Hat ingave iri:

    [midzi @ linuxbox ~] # visudo

    Services

    Cmnd_Alias ​​RESTARTCUPS = / usr / bin / systemctl restart makapu, / usr / bin / systemctl mamiriro emikombe

    Rega midzi kumhanya chero mirairo chero kupi

    mudzi ZVESE = (ZVESE) ZVESE
    legolas ZVESE = RESTARTCUPS

    Sevha shanduko

    [root @ linuxbox ~] # kubuda

    buzz @ sysadmin: ~ $ ssh legolas @ linuxbox
    legolas @ linuxbox password:

    [legolas @ linuxbox ~] $ sudo systemctl yekutangazve makapu

    Tinovimba kuti wagamuchira hurukuro yakajairika kubva kuSystem yemuno
    Administrator. Kazhinji inowira kuzvinhu zvitatu izvi:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

    [sudo] pasiwedhi ye legolas:
    [legolas @ linuxbox ~] $ Sudo systemctl mamiriro emikombe
    ● cups.service - CUPS Kudhinda Service
    Yakatakurwa: yakatakura (/usr/lib/systemd/system/cups.service; inogoneswa; mutengesi preset: inogoneswa)
    Inoshanda: inoshanda (ichimhanya) kubvira Mar 2017-04-25 22: 23: 10 EDT; 6s apfuura
    Yakakura PID: 1594 (cupsd)
    CGroup: /system.slice/cups.service
    -1594 / usr / sbin / cupsd -f

    [legolas @ linuxbox ~] $ sudo systemctl yekutanga squid.service
    Ndine urombo, mushandisi legolas haatenderwe kuuraya '/ bin / systemctl restart squid.service' semudzi pane linuxbox.
    [legolas @ linuxbox ~] $ kubuda

    Pindura kuna federico