Isticmaalaha maxalliga ah iyo maamulka kooxda - shabakadaha SME

Tusmada guud ee taxanaha: Shabakadaha Kombuyuutarka ee loogu talagalay SMEs: Hordhac

Waad salaaman tihiin asxaabta iyo asxaabta!

Maqaalkani waa sii socoshada Xaqiijinta Squid + PAM ee CentOS 7- Shabakadaha SMB.

Nidaamyada hawlgalka ee UNIX / Linux waxay bixiyaan jawi adeegsadeyaal badan oo REAL ah, oo adeegsadayaal badani ay isku mar ka wada shaqeyn karaan isla nidaamka isla markaana ay wadaagi karaan ilaha ay ka midka yihiin processor-rada, darawallada adag, xusuusta, isku xirka shabakadaha, aaladaha la geliyo nidaamka, iyo wixii la mid ah.

Sababtaas awgeed, Maamulayaasha Nidaamka waxaa waajib ku ah inay si joogto ah u maareeyaan adeegsadayaasha iyo kooxaha nidaamka una dejiyaan una hirgeliyaan istiraatiijiyad maamul oo wanaagsan.

Marka xigta waxaan si aad u kooban u arki doonnaa dhinacyada guud ee waxqabadkan muhiimka ah ee Maamulka Nidaamyada Linux.

Mararka qaarkood way fiicantahay in la bixiyo Utility ka dibna loo baahdo.

Tani waa tusaale caadi ah oo amarkaas ah. Marka hore waxaan tusnaa sida loo hirgeliyo adeegga Wakiilka Internetka ee shirkadda 'Squid' iyo isticmaaleyaasha maxalliga ah. Hada waa inaan isweydiino:

  • ¿sideen uga fulin karaa adeegyada shabakada UNIX / Linux LAN isticmaalayaasha maxaliga ah iyo a amniga la aqbali karo?.

Muhiim maaha in, marka lagu daro, macaamiisha Windows waxay ku xiran yihiin shabakaddan. Kaliya waxay ku xiran tahay baahida loo qabo adeegyada ay u baahan tahay Shabakada SME iyo sida ugu fudud uguna jaban ee lagu hirgaliyo.

Su’aal wanaagsan oo ay tahay in qof waliba jawaabahooda raadsado. Waxaan kugu casuumayaa inaad raadiso ereyga «xaqiijin»On Wikipedia ee Ingiriisiga, taas oo ah tan ugu dhammaystiran uguna habboon marka la eego asalka asalka ah-Ingiriisiga-.

Sida ku xusan Taariikhda horeyba qadarin leh, marka hore wuxuu ahaa Xaqiijinta y Oggolaansho degaanka, ka dib NIS Nidaamka Macluumaadka Shabakadda waxaa soo saaray Sun Microsystem sidoo kale waxaa loo yaqaan Yellow Pages o ypka dibna LDAP Nidaamka Nidaamka Habboon ee Habboon.

Ka waran «Amniga La Aqbali Karo»Soosocda maxaa yeelay marar badan waxaan ka walwalsanahay amniga shabakadeena maxalliga ah, inta aan marinno Facebook, Gmail, Yahoo, iwm. Oo eeg tirada badan ee maqaallada iyo dokumenteriyada ku saabsan Qarsoodi kuma laha internetka way jiraan

Ogsoonow CentOS iyo Debian

CentOS / Red Hat iyo Debian waxay leeyihiin falsafad u gaar ah oo ku saabsan sida loo hirgaliyo amniga, taas oo asal ahaan aan ka duwaneyn. Si kastaba ha noqotee, waxaan xaqiijineynaa in labaduba ay yihiin kuwo aad u deggan, amaan ah oo lagu kalsoonaan karo. Tusaale ahaan, CentOS macnaha guud ee SELinux waxaa lagu daaweynayaa si caadi ah. Debian ahaan waa inaan ku rakibnaa xirmada selinux-aasaasiga ah, taas oo muujineysa inaan sidoo kale isticmaali karno SELinux.

Gudaha CentOS, FreeBSD, iyo nidaamyada kale ee hawlgalka, kooxda -system-ka ayaa la abuuray wheel in loo oggolaado marin xidid kaliya dadka isticmaala nidaamka ee kooxdaas ka tirsan. Akhriso /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.htmliyo /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. Debian kuma daro koox wheel.

Faylasha ugu muhiimsan iyo amarrada

Archives

Faylasha ugu muhiimsan ee la xiriira maareynta isticmaaleyaasha maxalliga ah ee nidaamka hawlgalka Linux waa:

CentOS iyo Debian

  • / etc / passwd: macluumaadka koontada isticmaalaha.
  • / iwm / hooska- Macluumaadka amniga koontada isticmaalaha.
  • / iwm / koox: macluumaadka koontada kooxda.
  • / iwm / gshadow- Macluumaadka amniga ee koontooyinka kooxda.
  • / iwm / default / useradd: qiyamka asalka ee sameynta koontada.
  • / iwm / skel /: buugga ku jira faylasha caadiga ah ee lagu dari doono galka HOME ee isticmaalaha cusub.
  • /etc/login.defs- Qalabka qaabeynta amniga sirta ah.

Debian

  • /etc/adduser.conf: qiyamka asalka ee sameynta koontada.

Amarada ku saabsan CentOS iyo Debian

[xididka @ Linux_ ~] # xikmad -h # Cusbooneysii furaha sirta ah ee habka dufcadda
Sida loo isticmaalo: chpasswd [xulashooyinka] Fursadaha: -c, - crypt-habka METHOD habka loo yaqaan 'crypt' (midkoodna NONE DES MD5 SHA256 SHA512) Caawinta degdegga ah iyo joojinta -m, --md5 ayaa sirta sirta ku sifeynaya iyadoo la adeegsanayo MD5 algorithm -R, --root tusaha CHROOT_DIR si aad uhesho -s, - -sha-wareega tirada SHA wareegyada algorithm ee SHA algorithms * # Dufcadii- Fuliyaan amarro marka nidaamka load ogolaado. Si kale haddii loo dhigo # marka celceliska culeyska uu ka hooseeyo 0.8 ama qiimaha la cayimay markii la yeerayo # amarka atd. Macluumaad dheeraad ah Dufcaddii nin.

[xididka @ Linux_ ~] # gpasswd -h # Ku dhawaaq maamulayaasha / iwm / koox iyo / iwm / gshadow
Sida loo istcimaalo: gpasswd [xulashooyinka] Xulashada GROUP: -a, --add USER waxay kudareysaa USER GROUP -d, --delete USER waxay ka saareysaa USER GROUP -h, --help waxay muujineysaa fariintan caawinta ah waxayna dhameyneysaa -Q, - - xididka CHROOT_DIR galka si loo jaangooyo loo galo -r, --delete-password ka saar sirta GROUP -R, - xadidaada xadidan ayaa xadidan marin u helida GROUP xubnaheeda -M, --Memers USER, ... ayaa dejisa liiska xubnaha GROUP - A, --maamulayaasha ADMIN, ... waxay dejisaa liiska maamulayaasha GROUP Marka laga reebo xulashooyinka -A iyo -M, xulashooyinka lama isugeyn karo.

[xididka @ Linux_ ~] # koox koox -h    # Abuur koox cusub
Sida loo isticmaalo: groupadd [xulashooyinka] Xulashada GROUP: -f, - xoog jooji haddii kooxdu hore u jirtay, oo kansal -g haddii GID horeba loo isticmaalaa -g, --GID u isticmaal GID koox cusub - h, - Caawinta soo bandhigida farriintan caawinta ah iyo dhammaadka -K, --keyga KEY = VALUE wuxuu dib u qorayaa qiimaha caadiga ah ee "/etc/login.defs" -o, --on-gaar ah wuxuu kuu oggolaanayaa inaad abuurto kooxo leh GIDs (ma ahan mid gaar ah) nuqullada -p, - password PASSWORD waxay adeegsadaan eraygan sirta ah ee kooxda cusub -r, -system waxay sameysaa xisaab xisaabeed -R, - xididka tusaha CHROOT_DIR si aad uhesho

[xididka @ Linux_ ~] # kooxeed -h Tirtir koox jirta
Sida loo isticmaalo: koox-kooxeed [xulashooyinka] Xulashada GROUP: -h, --caawimaad muuji farriintan caawimaadda oo jooji -R, - xididka galka CHROOT_DIR si aad uhesho

[xididka @ Linux_ ~] # koox kooxeed -h # Ku dhawaaq Maamulayaasha kooxda koowaad ee isticmaalaha
Sida loo istcimaalo: koox kooxeedyada [xulashooyinka] [waxqabadka] Fursadaha: -g, --gruub GROUP waxay badashaa magaca kooxda halkii laga isticmaali lahaa kooxda isticmaalaha (kaliya waxaa sameyn kara maamulaha) -R, - Root buuga CHROOT_DIR si loo dhigo ficillada: -a, --add USER wuxuu kudarsadaa USER xubnaha kooxda -d, - tirtir USER wuxuu ka saarayaa USER liiska xubnaha kooxda -h, --caawinta waxay muujineysaa farriintan caawimaad waxayna joojineysaa -p, - nadiifi xubnaha kooxda oo dhan - l, - liiska xubnaha kooxda

[xididka @ Linux_ ~] # koox-kooxeed -h # Wax ka beddel qeexitaanka koox
Sida loo istcimaalo: koox-kooxeed [xulashooyinka] Xulashada GROUP: -g, --gid GID wuxuu u beddelaa aqoonsiga kooxda GID -h, --caawintu waxay muujineysaa farriintan caawimaadda oo dhammaatay -n, - magac cusub-NEW_Group ayaa beddelaya magaca NEW_GROUP - o, -n-gaar ah ayaa u oggolaanaya isticmaalka nuqul GID ah (ma ahan mid gaar ah) -p, - eray sir ah PASSWORD wuxuu baddelayaa erayga sirta ah ee PASSWORD (oo la xareeyay) -R, -

[xididka @ Linux_ ~] # xarig -h # Hubi daacadnimada feyl kooxeed
Sida loo istcimaalo: grpck [xulashooyinka] [koox [gshadow]] Ikhtiyaariyada: -h, --caawimaad muuji farriintan caawimaadda iyo bixitaanka -r, - khaladaad iyo digniino muujiya oo keliya-akhris laakiin ha badalin faylasha -R, - - xididka CHROOT_DIR galka si loo jaangooyo -s, - kala sooc noocyada gelitaanka ee UID

[xididka @ Linux_ ~] # grpconv
# Amarada la xidhiidha: pwconv, pwunconv, grpconv, grpunconv
# Waxaa loo adeegsan jiray in loo beddelo ama laga soo wareejiyo lambarka sirta ah iyo kooxaha
# Afarta amar waxay ku shaqeeyaan faylasha / iwm / passwd, / iwm / koox, / iwm / hooska, 
# iyo / iwm / gshadow. Wixii macluumaad dheeraad ah nin grpconv.

[xididka @ Linux_ ~] # sg -h # Fulinta amar wata aqoonsi kooxeed oo kale ama GID
Sida loo isticmaalo: sg group [[-c] order]

[xididka @ Linux_ ~] # newgrp -h # Beddel GID-ga hadda socda marka la soo galayo
Sida loo isticmaalo: newgrp [-] [group]

[xididka @ Linux_ ~] # cusub -h # Cusboonaysii oo u samee isticmaaleyaal cusub qaab dufcaddeed
Qaabka isticmaalka: newusers [xulashooyinka] Fursadaha: -c, - crypt-habka METHOD habka loo yaqaan 'crypt' (midkoodna NONE DES MD5 SHA256 SHA512) -h, xisaabaadka -R, - xididka galka CHROOT_DIR si aad uhesho -s, - -sha-wareegyada tirada wareegyada SHA ee algorithms encryption SHA *

[xididka @ Linux_ ~] # pwck -h # Hubi daacadnimada feylasha sirta ah
Sida loo istcimaalo: pwck [xulashooyinka] [passwd [hooska]] Xulashooyinka: -h, --caawimaad muuji farriintan caawimaadda iyo bixitaanka -q, - Ciladaha warbixinta xasilloon oo keliya -r, - qaladaad iyo digniino muujiya akhrin-keliya ha u badalin feylasha -R, - xididka galka CHROOT_DIR si aad ugu xirto -s, - kala sooc noocyada soo gelinta ee UID

[xididka @ Linux_ ~] # adeegradd -h # Abuur isticmaale cusub ama cusbooneysii macluumaadka asalka ah ee adeegsadaha cusub
Sida loo istcimaalo: useradd [xulashooyinka] USER useradd -D useradd -D [xulashooyinka] Fursadaha: -b, --base-dir BAS_DIR diiwaanka saldhigga ee cinwaanka guriga ee koontada cusub -c, - comment COMMENT GECOS berrinka koonto cusub -d, -home-dir PERSONAL_DIR diiwaanka guriga koontada cusub -D, -waxbarashaduhu waxay daabacaan ama bedelaan qaabka aasaasiga ah ee loo adeegsado useradd -e, --waxaa laga qabtay EXPIRY_DATE taariikhda uu dhacayo koontada cusub - -f, - Waxqabad la'aan TAHRIIB la'aan lambarka sirta ah ee koontada cusub
koox-kooxeed
  -g, --gid Magaca GROUP ama aqoonsiga kooxda koowaad ee koontada cusub -G, --guruub GROUPS liiska kooxaha dheeriga ah ee koontada cusub -h, --caawimadu waxay muujineysaa farriintan caawinta iyo dhammaadka -k, - skel DIR_SKEL wuxuu adeegsadaa tusahan "qalfoofka" beddelka -K, --keyga KEY = VALUE wuxuu dib u dulmaraya qiimaha asaasiga ah ee "/etc/login.defs" -l, - ma-galo-galiddu kuma darto isticmaalaha keydka laga soo bilaabo lastlog iyo faillog -m, -create-home wuxuu abuuraa galka guriga ee isticmaalaha -M, -no-abuure-guri ma abuuro galka guriga ee isticmaale -N, -no-isticmaale-koox ma abuuro koox magac la mid ah isticmaalaha -o, - aan gaar u ahayn ayaa u oggolaanaysa abuurista isticmaaleyaasha aqoonsiyo nuqul (aan-gaar ahayn) (UIDs) -p, - Password PASSWORD sirta lagu duubay ee koontada cusub -r, -system abuura koontada nidaamka -R, - xididka tusaha CHROOT_DIR si loodajiyo -s, - shell CONSOLE helitaanka konsole ee koontada cusub -u, --Uid aqoonsiga isticmaalaha UID ee koontada cusub -U, --user-group abuurkoox magac la mid ah isticmaalaha -Z, --selinux-isticmaale USER_SE ayaa adeegsada isticmaale cayiman adeegsadaha SELinux

[xididka @ Linux_ ~] # userdel -h # Delete koontada isticmaale iyo faylasha la xiriira
Qaabka isticmaalka: userdel [xulashooyinka] Fursadaha USER: -f, - xoog ku qasbo ficillada qaar oo fashilmi doona haddii kale tusaale ahaan ka saarista isticmaalaha ayaa wali soo gashay ama faylasha, xitaa haddii uusan lahayn isticmaalaha -h, --help waxay muujineysaa farriintan Caawinta oo dhammee -r, - ka saar meesha galka guriga iyo sanduuqa boostada -R, - xididka tusaha CHROOT_DIR si aad uhesho -Z, - -Laaliye-isticmaale ka saar wixii khariidadeyn isticmaale SELinux ah ee isticmaalaha

[xididka @ Linux_ ~] # usermodmod -h # Wax ka beddel koontada isticmaalaha
Qaabka isticmaalka: usermod [xulashooyinka] XULASHADA USER: -c, - ka faalo COMMENT qiimaha cusub ee garoonka GECOS -d, -home PERSONAL_DIR galka cusub ee isticmaale -e cusub, --waxaa laga rabaa EXPIRED_DATE ayaa dejineysa taariikhda uu dhacayo koontada ilaa EXPIRED_DATE -f, - aan firfircooneyn ayaa dejisa waqti aan shaqeyn ka dib markii xisaabiyaha uu ku dhaco INACTIVE -g, --gid GROUP waxay ku qasbeysaa isticmaalka GROUP koontada isticmaale cusub -G, -guruub GROUPS liiska kooxaha dheeriga ah -a, ku lifaaq isticmaalaha KOOXAHA dheeriga ah ee lagu xushay xulashada -G iyadoon laga saarin isaga / iyada kooxaha kale -h, -ku caawi muujinta farriintan caawinta iyo joojinta -l, --login MAGACA markale magaca isticmaale -L, --lock wuxuu xiraa koontada isticmaalaha -m, - guurista-guriga u guurista waxyaabaha ku jira galka guriga illaa galka cusub (u isticmaal kaliya ku xirnaanta -d) -o, - gaar-gaar uma ogolaanayo inaad isticmaasho Nuqul (aan gaar ahayn) UIDs -p, - lambarka sirta ah 'PASSWORD' wuxuu adeegsadaa erayga sirta ah ee lagu kaydiyay akoon cusub -R, --root CHR Diiwaanka OOT_DIR ee jadwalka loo galay -s, --shell CONSOLE konsol marin marin cusub oo loogu talagalay koontada isticmaalaha -u, --Uid ciidamada UID isticmaalka UID ee koontada isticmaale cusub -U, - furitaanka furaha koontada isticmaalaha -Z, --selinux-user SEUSER khariidaynta isticmaalaha cusub ee SELinux ee koontada isticmaalaha

Amarada Debian

Debian kala saaraa adeegradd y adduser. Waxay ku talinaysaa in Maamulayaasha Nidaamku ay adeegsadaan adduser.

xididka @ sysadmin: / guriga / xeon # adduser -h # Ku dar isticmaale nidaamka
xididka @ sysadmin: / guriga / xeon # koox -koox -h # Ku dar koox nidaamka
adduser [--HOOLAHA TILMAANTA] [- Shell SHELL] [- -naba-abuurin-guri] [--uid ID] [- IDU-ga hore] [--lastuid ID] [--gecos GECOS] [-magaalada KOOXDA | --gid ID] [--disabled-password] [--disabled-login] USER Kudar isticmaale adduser caadi ah -System [--ho DIRECTORY] [--shell SHELL] [--no-not-create-home] [ --uid ID] [--gecos GECOS] [--group | --KOOXDA kooxda | --gid ID] [--disabled-password] [--disabled-login] USER Kudar isticmaale nidaamka adduser --group [--gid ID] GROUP addgroup [--gid ID] GROUP Add a user group addgroup --system [--gid ID] GROUP Ku dar koox ka mid ah nidaamka adduser USER GROUP Ku dar isticmaale jira xul guud ee jira: --quiet | -q ha ku soo bandhigin macluumaadka nidaamka wax soo saarka caadiga ah - xoog-badname u oggolow magacyada isticmaalaha aan u dhigmin isbeddellada qaabeynta NAME_REGEX --help | -h fariinta isticmaalka - rogida | -v nambarka nooca iyo xuquuqda daabacaadda -conf | -c FILE u isticmaal FILE faylka qaabeynta

xididka @ sysadmin: / guriga / xeon # garsoore -h # Ka saar isticmaale caadi ah nidaamka
xididka @ sysadmin: / guriga / xeon # koox-kooxeed -h # Ka saar koox caadi nidaamka
deluser USER waxay ka saareysaa isticmaale caadi ah nidaamka tusaale: deluser miguel --remove-home waxay ka saareysaa galka guriga isticmaalaha iyo safka boostada -remove-all-files wuxuu ka saarayaa dhamaan feylasha uu leeyahay isticmaaleha. - dib-u-soo-celinta faylasha ka hor intaadan tirtirin - dib ugu noqosho galka diiwaanka ee keydadka Buugga hadda jira waxaa loo isticmaalaa hab ahaan. --system kaliya ayaa lagaa qaadayaa haddii aad tahay isticmaale nidaam. delgroup GROUP deluser --gruub GROUP wuxuu koox ka saaraa nidaamka tusaale ahaan: ardayda ardayda - kooxda - nidaamka kaliya ayaa laga saaraa hadii ay koox ka tahay nidaamka. - keli-haddii-madhan keliya ka saar haddii aysan xubno dheeraad ah lahayn. deluser USER GROUP ayaa ka saareysa isticmaaleha tusaalaha kooxda: deluser miguel ardayda fursadaha guud: - xasilloon | -q ha siinin faafaahinta geedi socodka stdout --help | -h fariinta isticmaalka - rogida | -v nambarka nooca iyo xuquuqda daabacaadda -conf | -c FILE u isticmaal FILE faylka qaabeynta

Siyaasadaha

Waxaa jira laba nooc oo siyaasado ah oo ay tahay inaan tixgelinno marka la abuurayo koontooyinka isticmaalaha:

  • Xeerarka Xisaabta Isticmaalaha
  • Siyaasadaha gabowga ereyga

Xeerarka Xisaabta Isticmaalaha

Ficil ahaan, qaybaha aasaasiga ah ee aqoonsada koontada isticmaalaha waa:

  • Magaca koontada isticmaalaha - isticmaale login, maahan magaca iyo magaca qoyska.
  • Aqoonsiga isticmaalaha - UID.
  • Kooxda ugu weyn ee ay ka tirsan tahay - G.I.D.
  • Furaha - password.
  • Ogolaanshaha helitaanka - rukhsadaha gelitaanka.

Waxyaabaha ugu muhiimsan ee la tixgelinayo marka la abuurayo koontada isticmaalaha ayaa ah:

  • Waqtiga isticmaalaha uu marin u heli doono nidaamka faylka iyo ilaha.
  • Waqtiga ay tahay inuu adeegsadahu badalo furahiisa - xilliyo - sababo nabadgelyo awgood.
  • Dhererka waqtiga gelitaanka -login- uu ahaan doono mid firfircoon.

Sidoo kale, markaad u xilsaarayso isticmaale kiisa UID y password, waa inaan maanka ku haynaa in:

  • Tirada integer UID waa inay noqotaa mid gaar ah oo aan tabanayn.
  • El password waa inuu ahaadaa mid dherer iyo kakanaansho ku filan leh, sidaa darteed ay adag tahay in la fahmo.

Siyaasadaha gabowga ereyga

On nidaamka Linux ah, ka password ee isticmaale looma qoondeeyo waqtiga dhicitaanka ee ugu dambeeyay. Haddii aan isticmaalno siyaasadaha gabowga ereyga, waan beddeli karnaa habdhaqanka asalka ah iyo markaan abuureyno isticmaaleyaasha, siyaasadaha la qeexay waa la tixgelin doonaa.

Ficil ahaan, waxaa jira laba arrimood oo laga fiirsado marka la dejinayo da'da erayga sirta ah:

  • Amniga
  • Ku habboonaanta isticmaalaha.

Furaha sirta ahi wuu ka ammaan badan yahay muddada uu dhacayo. Khatar yar ayaa ka jirta in loo faafiyo isticmaaleyaasha kale.

Si loo dejiyo siyaasadaha gabowga ereyga, waxaan isticmaali karnaa amarka cayda:

[xididka @ linuxbox ~] # chage
Qaabka isticmaalka: chage [xulashooyinka] USER Fursadaha: -d, - Isniin LAST_DAY ayaa dejisa maalinta ugu dambaysa ee la beddelo erayga sirta ah ee LAST_DAY -E, --waxaa laga reebay CAD_DATE wuxuu dejinayaa taariikhda uu dhacayo CAD_DATE -h, oo dhammaata -I, - aan firfircooneyn ayaa daciifinaya koontada kadib maalmo INACTIVE ah oo ka dhacayo taariikhda uu dhacayo -l, - liistadu waxay muujineysaa macluumaadka koontada da'da -m, --Mindays MINDAYS ayaa dejisa tirada ugu yar maalmaha kahor intaan loo beddelin erayga sirta ah MIN_DAYS -M, --maxdays MAX_DAYS waxay dejisaa tirada ugu badan ee maalmaha kahor intaanad badalin erayga sirta ah MAX_DAYS -R, - xididka tusaha CHROOT_DIR si aad uhesho W, --maalmaha WARNING_DAYS waxay dejisaa maalmaha ogaysiiska dhaca ee DAYS_NOTICE

Maqaalkii hore waxaan abuurnay dhowr isticmaale tusaale ahaan. Haddii aan rabno inaan ogaano qiimaha da'da koontada isticmaalaha login galadriel:

[xididka @ linuxbox ~] # chage --list galadriel
Badalkii ugu dambeeyay ee isbadal: Abriil 21, 2017 Furaha sirta ah wuxuu dhacayaa: Marna lambarka sirta ah ee aan firfircooneyn: waligood Akoonku ma dhacayo: marna Tirada ugu yar ee maalmaha udhaxeeya beddelka ereyga: 0 Tirada ugu badan ee maalmaha udhaxeeya beddelka ereyga: 99999 Tirada maalmaha ogeysiiska kahor intaan passwordku dhicin:

Kuwaasi waxay ahaayeen qiyamkii asalka ahaa ee nidaamku lahaa markii aan abuurnay koontada isticmaalaha annaga oo adeegsanayna utility maamulka garaafka "Isticmaalayaasha iyo kooxaha":

 

Si aad u bedesho astaamaha gabowga ereyga, waxaa lagugula talinayaa inaad wax ka bedesho feylka /etc/login.defs y wax ka beddel qiimaha ugu yar ee qiyamka aan u baahan nahay. Faylkaas waxaan kaliya ku bedeleynaa qiyamka soo socda:

# Kontaroolada gabowga erayga sirta ah: # # PASS_MAX_DAYS Tirada ugu badan ee maalmaha furaha la adeegsan karo. # PASS_MIN_DAYS Tirada ugu yar ee maalmaha loo ogolyahay inta udhaxeysa isbadelka sirta. # PASS_MIN_LEN Dhererka lambarka sirta ah ee ugu yar ee la aqbali karo # PASS_WARN_AGE Tirada maalmaha digniinta ah ee labixiyay kahor intaanu passwordku dhicin. # PASS_MAX_DAYS 99999 #! In kabadan 273 sano! PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7

qiyamka aan ku dooranay iyadoo loo eegayo shuruudaha iyo baahidayada:

PASS_MAX_DAYS 42 # 42 maalmood oo isdaba-joog ah waad isticmaali kartaa password
PASS_MIN_DAYS 0 # lambarka sirta ah waa la beddeli karaa wakhti kasta PASS_MIN_LEN 8 # dhererka furaha ugu yar ee PASS_WARN_AGE 7 # Tirada maalmood ee nidaamku kaaga digayo inaad # beddesho furaha intaanu dhicin.

Waxaan uga tageynaa feylka intiisa kale siduu ahaa waxaana kugula talineynaa inaadan badalin qeybaha kale ilaa aan ka ogaano waxaan sameyneyno.

Qiimayaasha cusub waa la tixgelin doonaa marka aan abuureyno isticmaaleyaal cusub. Haddii aan beddelno erayga sirta ah ee isticmaale hore loo abuuray, qiimaha dhererka ereyga ugu yar ayaa la ixtiraami doonaa. Haddii aan isticmaalno amarka passwd halkii adeegsiga garaafka oo aan qori lahayn in erayga sirta ahi noqon doono «17«, Nidaamku wuxuu u cabanayaa sida aaladda garaafka« Isticmaalayaasha iyo kooxaha »oo wuxuu ku jawaabayaa«Si uun ayaa erayga sirta ahi u akhriyaa magaca isticmaalaha»In kasta oo aakhirka aan aqbalo furahaas daciifka ah.

[xididka @ linuxbox ~] # passwd legolas
Beddelida erayga sirta ah ee adeegsadaha legolas. Furaha Cusub: qaansoley               # waa in ka yar 7 xaraf
PASSWORD KHALAD AH: Furaha sirta ahi waa in ka yar 8 xaraf Ku qor erayga sirta ah ee cusub: 17
Furaha sirta ah isma waafaqsana               # Sax macquul ah?
Lambarka sirta ah: 17
TALO QALAN: Si uun ereyga sirta ah wuxuu u akhriyaa magaca isticmaalaha Dib u qor lambarka sirta ah: 17
passwd: dhammaan astaamaha aqoonsiga ayaa si guul leh loo cusbooneysiiyay.

Waxaan la kulannaa "daciifnimada" shaacinta erey sir ah oo ay ku jiraan login isticmaale Taasi waa dhaqan aan lagu talin. Sida saxda ah waxay noqonaysaa:

[xididka @ linuxbox ~] # passwd legolas
Beddelida erayga sirta ah ee adeegsadaha legolas. Furaha Cusub: Duudduuban 01
Dib u qor lambarka sirta ah: Duudduuban 01
passwd: dhammaan astaamaha aqoonsiga ayaa si guul leh loo cusbooneysiiyay.

In la beddelo qiimaha dhicitaanka ee password de galadriel, waxaan isticmaalnaa amarka jahwareerka, waana inaan bedelnaa oo kaliya qiimaha PASS_MAX_DAYS laga bilaabo 99999 ilaa 42:

[xididka @ linuxbox ~] # chage -M 42 galadriel
[xididka @ linuxbox ~] # chage -l galadriel
Beddelkii ugu dambeeyay ee is-beddelka: Abriil 21, 2017 Furaha sirta ah wuxuu dhacayaa: Jun 02, 2017 Furaha aan firfircooneyn: weligiis Akoonku ma dhacayo: marnaba Tirada ugu yar ee maalmaha u dhexeeya beddelka ereyga: 0 Tirada ugu badan ee maalmaha u dhexeeya beddelka ereyga: 42
Tirada maalmaha ogeysiiska ah kahor intaan lambarka sirta ahi dhicin: 7

Iyo wixii la mid ah, waxaan ku badali karnaa furaha sirta ah ee isticmaaleyaashii horey loo abuuray iyo qiyamkooda dhicitaanka gacanta, adoo adeegsanaya aaladda garaafka «Users and groups», ama isticmaalaya qoraal - script kaas oo otomaatiya qaar ka mid ah shaqada aan is-dhexgalka lahayn.

  • Sidan oo kale, haddii aan u abuurno isticmaaleyaasha maxalliga ah ee nidaamka qaab aan kugula talinaynin dhaqannada ugu caansan ee la xiriira amniga, waan beddeli karnaa habdhaqankaas ka hor intaanan sii wadin hirgelinta adeegyo badan oo ku saleysan PAM..

Haddii aan abuurno isticmaale iyo con login «iyo»Iyo ereyga sirta ahPassword-kaWaxaan heli doonnaa natiijada soo socota:

[xididka @ Linux_ ~] # useradd anduin
[xididka @ Linux_ ~] # passwd anduin
Beddelidda erayga sirta ah ee isticmaalaha iyo Furaha Cusub: Password-ka
PASSWORD KHALAD AH: Furaha sirta ah kama gudbo xaqiijinta qaamuuska - Waxay ku saleysan tahay eray ku jira qaamuuska. Dib u qor lambarka sirta ah: Password-ka
passwd - Dhamaan astaamaha aqoonsiga ayaa si guul leh loo cusbooneysiiyay.

Si kale haddii loo dhigo, nidaamku waa hal-abuur ku filan oo muujinaya daciifnimada ereyga sirta ah.

[xididka @ Linux_ ~] # passwd anduin
Beddelidda erayga sirta ah ee isticmaalaha iyo Furaha Cusub: Duudduuban 02
Dib u qor lambarka sirta ah: Duudduuban 02
passwd - Dhamaan astaamaha aqoonsiga ayaa si guul leh loo cusbooneysiiyay.

Soo Koobid Siyaasadeed

  • Si cad, siyaasada kakanaanta erayga sirta ah, iyo waliba dhererka ugu yar ee 5 xarfood, waxaa awood u siiyay marka loo eego CentOS On Debian, hubinta kakanaanta waxay u shaqeysaa isticmaaleyaasha caadiga ah markay isku dayaan inay beddelaan lambarkooda sirta iyagoo u yeeraya amarka passwd. Loogu talagalay xidid, ma jiraan wax xadidaad ah oo aan xadidnayn.
  • Waa muhiim in la ogaado fursadaha kala duwan ee aan ku sheegi karno faylka /etc/login.defs adoo adeegsanaya amarka nin login.defs.
  • Sidoo kale, hubi waxa ku jira faylasha / iwm / default / useradd, iyo waliba Debian /etc/adduser.conf.

Nidaamka Isticmaalayaasha iyo Kooxaha

In geeddi-socodka lagu rakibayo nidaamka qalliinka, taxane dhan oo adeegsadeyaal ah iyo kooxo ayaa la abuuray taas, hal suugaan ah wuxuu ugu yeeraa Isticmaalayaasha Heerka ah iyo Isticmaalayaasha Nidaamka kale. Waxaan door bidnay inaan ugu yeerno iyaga Nidaamyada Adeegsadayaasha iyo Kooxaha.

Sida caadiga ah, dadka isticmaala nidaamka waxay leeyihiin a UID <1000 iyo koontooyinkaaga waxaa adeegsada codsiyo kala duwan oo ah nidaamka qalliinka. Tusaale ahaan, koontada isticmaalaha «digir»Waxaa adeegsada barnaamijka Squid, halka koontada« lp »loo isticmaalo habka daabacaadda erayga ama tifaftireyaasha qoraalka.

Haddii aan dooneyno inaan liis garaynno adeegsadayaasha iyo kooxahaas, waxaan ku sameyn karnaa innagoo isticmaaleyna amarrada:

[xididka @ linuxbox ~] # bisad / iwm / passwd
[xididka @ linuxbox ~] # bisad / iwm / koox

Laguma talinayo gabi ahaanba in wax laga beddelo dadka isticmaala nidaamka iyo kooxaha. 😉

Muhiimadeeda darteed, waxaan ugu celcelinaa taas CentOS, FreeBSD, iyo nidaamyada kale ee hawlgalka, kooxda -system-ka ayaa la abuuray wheel in loo oggolaado marin xidid kaliya dadka isticmaala nidaamka ee kooxdaas ka tirsan. Akhriso /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.htmliyo /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. Debian kuma daro koox wheel.

Maareynta isticmaaleyaasha iyo koontooyinka kooxda

Habka ugu wanaagsan ee lagu barto sida loo maareeyo isticmaaleyaasha iyo koontooyinka kooxdu waa:

  • Ku celcelinta adeegsiga amarrada kor ku xusan, iyadoo la doorbidayo mashiin farsameed iyo ka hor isticmaalka qalabka garaafyada.
  • La tashiga buugaagta ama bogaga amar kasta ka hor inta aanad ka raadin macluumaad kale oo internetka ah.

Tababar waa sharuuda ugu fiican ee runta.

Resumen

Ilaa hadda, hal maqaal oo loogu talagalay Maareynta Isticmaalayaasha Maxalliga ah iyo Kooxaha kuma filna. Heerka aqoonta ee maamule kastaa helo wuxuu ku xirnaan doonaa danta shakhsiga ah ee barashada iyo qoto-dheerida arrintan iyo mowduucyada kale ee la xiriira. Waxay la mid tahay dhammaan dhinacyada aan ku soo saarnay maqaallada taxanaha ah Shabakadaha SME. Si la mid ah waad ku raaxeysan kartaa noocaan pdf halkan

Gaarsiinta xigta

Waxaan sii wadi doonaa inaanu ku hirgalinno adeegyo leh xaqiijin ka dhan ah isticmaaleyaasha maxalliga ah. Kadib waxaan rakibi doonaa adeeg fariin deg deg ah oo ku saleysan barnaamijka Daawasho.

Goor dhow ayaan idin arki doonaa!


Nuxurka maqaalka wuxuu u hogaansamayaa mabaadi'deena anshaxa tifaftirka. Si aad u soo sheegto khalad guji Halkan.

4 faallooyin, ka tag taada

Ka tag faalladaada

cinwaanka email aan la daabacin doonaa.

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.

  1.   HO2GI dijo

    Waad salaaman tahay, maqaal aad u wanaagsan, waxaan ku weydiinayaa meesha aan ka shaqeeyo, madbacadaha wax badan ayaa lala wadaagaa, dhibaatadu waxay ku jirtaa koobabka, mararka qaar wey laalaataa oo ma daabacan karaan maadaama aan fasax u siin karo inay dib u bilaabaan (maxaa yeelay inta badan waxaan shaqeynaa meelaha kale) adigoon siinin asalka sirta tan iyo sida kaliya ee aan kuhelay ay tahay inaan badalo si isticmaale qaas ah uu dib ugu bilaabo.
    Laga soo bilaabo mar hore aad ayaad u mahadsan tahay.

    1.    federico dijo

      Salaan HO2GI!. Tusaale ahaan, aan dhahno isticmaalaha Legolas waxaad dooneysaa inaad siiso ogolaansho inaad kaliya dib u bilowdo adeegga CUPS, adoo adeegsanaya dabcan amarka sudo, taas oo ay tahay in la rakibo:
      [xididka @ linuxbox ~] # visudo

      Cmnd tilmaanta magac

      Cmnd_Alias ​​RESTARTCUPS = /etc/init.d/cups dib u bilaabi

      Faahfaahinta mudnaanta isticmaalaha

      xididka DHAMMAAN = (DHAMMAAN: DHAMMAAN) DHAMMAAN
      legolas DHAMMAAN = DIIWAANGELINTA

      Keydso isbeddelada lagu sameeyay feylka sudoers. Soo gal sidii isticmaale Legolas:

      legolas @ linuxbox: ~ $ sudo /etc/init.d/squid reload
      [sudo] ereyga sirta ah ee legolas:
      Waan ka xumahay, isticmaale legolas looma oggola inuu fuliyo '/etc/init.d/postfix reload' as root on linuxbox.fromlinux.fan.
      legolas @ linuxbox: ~ $ sudo /etc/init.d/cups dib u bilaw
      [sudo] ereyga sirta ah ee legolas:
      [ok] Dib u bilaabida Nidaamka Daabacaadda Guud ee Unix: cupd.

      Ii cafi haddii jawaabta ay ku kala duwan tahay CentOS, maxaa yeelay waxaa igu hagayey wixii aan ku sameeyay Debian Wheezy. ;-). Meesha aan hada joogo, ma haysto wax CentOS ah oo gacanta ku jira.

      Dhinaca kale, haddii aad rabto inaad ku darto Adeegsadeyaal kale oo Nidaamyo ah sida Maamulayaasha CUPS oo buuxa -waxay si khaldan u khaldami karaan - waxaad ka dhigeysaa xubno ka tirsan kooxda lpadmin, kaas oo la abuuray markii aad rakibayso CUPS.

      https://www.cups.org/doc/man-lpadmin.html
      http://www.computerhope.com/unix/ulpadmin.htm

      1.    HO2GI dijo

        Waad mahadsan tihiin kun Fico waan isku dayi doonaa hada.

  2.   federico dijo

    HO2GI, gudaha CentOS / Red -Hat waxay ahaan laheyd:

    [xididka @ linuxbox ~] # visudo

    adeegyada

    Cmnd_Alias ​​RESTARTTCUPS = / usr / bin / systemctl koobabka dib loo bilaabo, / usr / bin / koobabka status systeml

    U oggolow xididka inuu ku amro wax amarro ah meel kasta

    xididka DHAMMAAN = (ALL) DHAMMAAN
    legolas ALL = DIIWAANGELINTA

    Keydso isbeddelada

    [xididka @ Linux_ ~] # bixitaan

    buzz @ sysadmin: ~ $ ssh legolas @ linuxbox
    sirta legolas @ linuxbox's:

    [legolas @ linuxbox ~] $ sudo systemctl dib u bilaw koobabka

    Waxaan ku kalsoonahay inaad ka heshay casharkii caadiga ahaa Nidaamka deegaanka
    Maamulaha. Badanaa waxay ku soo degtaa saddexdan shay:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

    [sudo] ereyga sirta ah ee legolas:
    [legolas @ linuxbox ~] $ sudo koobabka xaaladda systemctl
    Koob. Adeeg - Adeegga Daabacaadda CUPS
    Xamuus: xamuul (/usr/lib/systemd/system/cups.service; karti u leh; iibiyaha horena waa loo oggol yahay)
    Firfircoon: firfircoon (socda) illaa Mar 2017-04-25 22:23:10 EDT; 6s kahor
    Main PID: 1594 (cupd)
    Kooxda CGroup: /system.slice/cups.service
    └─1594 / usr / sbin / cupd -f

    [legolas @ linuxbox ~] $ sudo systemctl dib u bilaw squid.service
    Waan ka xumahay, isticmaale legolas looma ogola inuu fuliyo '/ bin / systemctl dib u bilaw squid.service' as root on LinuxS.
    [legolas @ linuxbox ~] $ bixitaan