Umsebenzisi wasekhaya kunye nolawulo lweqela-iinethiwekhi ze-SME

Isalathiso ngokubanzi sothotho: Iinethiwekhi zekhompyuter zee-SMEs: Intshayelelo

Molweni zihlobo nabahlobo!

Eli nqaku kukuqhubekeka kwe- Ukuqinisekiswa kwe-squid + ye-PAM kwi-CentOS 7- iinethiwekhi ze-SMB.

Iinkqubo zokusebenza ze-UNIX / Linux zibonelela ngendawo yokusebenza yabasebenzisi bokwenyani, apho uninzi lwabasebenzisi lunokusebenza ngaxeshanye kwinkqubo enye kwaye babelane ngezixhobo ezinje ngeeprosesa, iihard drive, imemori, unxibelelwano lwenethiwekhi, izixhobo ezifakwe kwinkqubo, njalo njalo.

Ngesi sizathu, abaLawuli beNkqubo banyanzelekile ukuba baqhubeke ngokulawula abasebenzisi kunye namaqela enkqubo kunye nokuyila nokuphumeza isicwangciso esiliqili solawulo.

Emva koko siza kubona ngokufutshane imiba ngokubanzi yalo msebenzi ubalulekileyo kuLawulo lweeNkqubo zeLinux.

Ngamanye amaxesha kungcono ukubonelela ngeeNkonzo kwaye emva koko ufune.

Lo ngumzekelo oqhelekileyo waloo myalelo. Kuqala sibonisa uyenza njani inkonzo yommeli we-Intanethi ngeSquid kunye nabasebenzisi bendawo. Ngoku kufuneka sizibuze:

• ¿Ndingazenza njani iinkonzo zenethiwekhi kwi-UNIX / Linux LAN evela kubasebenzisi bengingqi kunye nefayile ye- ukhuseleko olwamkelekileyo?.

Ayinamsebenzi ukuba abathengi beWindows bakwanxibelelana nale nethiwekhi. Ibaluleke kuphela imfuno yokuba zeziphi iinkonzo ezifunwa yiNethiwekhi ye-SME kwaye yeyiphi indlela elula neyona ingabizi kakhulu yokuphumeza.

• ¿Mhlawumbi indlela yokuqinisekisa ekuzalweni kwe- I-ARPANET, Internet kunye nezinye iinethiwekhi WIDE Aisizathu NEnkqubo o Lyendawo Aisizathu NEnkqubo oonobumba bokuqala bamagama babusekwe kwi I-LDAP, Inkonzo yoLawulo, okanye ngaphakathi IMicrosoft LSASS, okanye ngaphakathi Active Directory, okanye nge IKerberos?, ukukhankanya nje ezimbalwa.

Umbuzo olungileyo wokuba wonke umntu afune iimpendulo zakhe. Ndiyakumema ukuba ukhangele igama elithi «ungqinisiso lwendawo»KwiWikipedia ngesiNgesi, eyeyona igqibelele kwaye ingaguquguquki ngokomxholo wokuqala -isiNgesi-.

NgokweMbali sele ikho kalukhuni, kuqala yaba Uqinisekiso y Ugunyaziso zendawo, emva NIS Inkqubo yeNgcaciso yeNethiwekhi iphuhliswe yi-Sun Microsystem kwaye yaziwa njenge Amakhasi aBomvu o yp, ke ngoku I-LDAP IProsoft Access Protocol.

Uthini nge "Ukhuseleko olwamkelekileyo»Iza ngenxa yokuba amaxesha amaninzi sinexhala malunga nokhuseleko lwenethiwekhi yethu, ngelixa singena kuFacebook, uGmail, uYahoo, njlnjl. Ukukhankanya nje ezimbalwa- kwaye sinika Imfihlo yethu kubo. Kwaye jonga inani elikhulu lamanqaku kunye namaxwebhu ngokubhekisele kwi- Akukho bucala kwi-Intanethi zikhona

Qaphela kwiCentOS nakwiDebian

I-CentOS / Red Hat kunye ne-Debian banefilosofi yabo malunga nendlela yokuphumeza ukhuseleko, olungafaniyo ngokusisiseko. Nangona kunjalo, siyangqina ukuba zombini zizinzile, zikhuselekile kwaye zithembekile. Umzekelo, kwi-CentOS umxholo we-SELinux unikwe amandla ngokungagqibekanga. Kwi-Debian kufuneka sifake iphakheji iselinux-iziseko, ebonisa ukuba singasebenzisa iSELinux.

Kwi-CentOS, FreeBSD,, kunye nezinye iinkqubo zokusebenza, inkqubo-yeqela iyenziwa ivili ukuvumela ukufikelela njenge Ingcambu kuphela kubasebenzisi benkqubo abakwelo qela. Funda /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html, kwaye /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. I-Debian ayibandakanyi iqela ivili.

Iifayile eziphambili kunye nemiyalelo

ZoLondolozo

Iifayile eziphambili ezinxulumene nokulawula abasebenzisi bendawo kwinkqubo yokusebenza yeLinux zezi:

CentOS kunye neDebian

• / njl / njlUlwazi lweakhawunti yomsebenzisi.
• / njl / isithunzi-Ulwazi ngokhuseleko lweakhawunti yomsebenzisi.
• / njl / iqelaUlwazi lweakhawunti yeqela.
• / njl / gshadow-Ulwazi ngokhuseleko lweakhawunti yeqela.
• / njl / engagqibekanga / yomsebenzisiamaxabiso asisiseko ekudalweni kweakhawunti.
• / njl / iskel /: ulawulo oluqulathe iifayile ezingagqibekanga eziza kubandakanywa kulawulo lweKhaya lomsebenzisi omtsha.
• /etc/login.defs-I-suite yokhuseleko lwegama eliyimfihlo.

Debian

• /etc/adduser.confamaxabiso asisiseko ekudalweni kweakhawunti.

Imiyalelo kwi-CentOS kunye ne-Debian

[(Imeyile ikhuselwe) ~] # chwshddd -h # Hlaziya iiphasiwedi kwimowudi yebatch
Imowudi yokusetyenziswa: chpasswd [iinketho] Iinketho: -c, -crypt-method INDLELA ye-crypt indlela (enye ye-NONE DES MD5 SHA256 SHA512) -e, -rypted the passwords provided are encrypted -h, -help shows this uncede ukukhawulezisa kunye nokuphelisa -m, -md5 ubhala iphasiwedi ngokucacileyo usebenzisa i-MD5 algorithm -R, --root CHROOT_DIR isikhombisi sokungena kwi -s, -sha-rounds inani le-SHA ejikeleze i-SHA encryption algorithms * # batchYenza imiyalelo xa umthwalo wenkqubo uvumela. Ngamanye amagama # xa umthwalo ophakathi uwa ngaphantsi kwe-0.8 okanye ixabiso elichaziweyo xa ubhengeza # umyalelo we-atd. Iinkcukacha ezithe xaxe ibhetshi yomntu.

[(Imeyile ikhuselwe) ~] # yeyo -h # Xela abalawuli ku / njl / iqela kunye / njl / gshadow
Uyisebenzisa kanjani: gpasswd [iinketho] GROUP iinketho: -a, --add USER yongeza USER kwiGROUP -d, --delete USER isusa USER kwiGROUP -h, --help ibonisa lomyalezo woncedo kwaye iphela -Q, - -root CHROOT_DIR isikhombisi kwi-chroot kwi -r, -susa-iphasiwedi ususe iphasiwedi ye-GROUP -R, -restrict ithintela ukufikelela kwi-GROUP kumalungu ayo -M, -khumbula USER, ... icwangcisa uluhlu lwamalungu GROUP -A, - abaphathi ADMIN, ... icwangcisa uluhlu lwabaphathi beGROUP Ngaphandle kwe--A kunye -M ukhetho, ukhetho alunakudityaniswa.

[(Imeyile ikhuselwe) ~] # iqela -h    # Yenza iqela elitsha
Usebenzisa kanjani: groupadd [iinketho] GROUP ongakhetha kuyo: -f, --force terminate if group already already, and cancel -g if GID is already use -g, -gid GID use GID for new group - h, - uncedo lubonisa lo myalezo woncedo kunye nokuphela -K, --key KEY = IXABISO libhala ngaphezulu kwamaxabiso asisiseko e "/etc/login.defs" -o, -non-unique ikuvumela ukuba wenze amaqela ane-GIDs (hayi eyahlukileyo) Iphindiwe -p, -igama eliphambili IPASSWORD sebenzisa le-password ebhaliweyo kwiqela elitsha -r, -isistim yenza iakhawunti yenkqubo -R, --root CHROOT_DIR isikhombisi ukungena kuyo

[(Imeyile ikhuselwe) ~] # iqela -h # Cima iqela esele likho
Uyisebenzisa kanjani: iqeladel [ukhetho] IQELA ukukhetha: -h, -help bonisa lo myalezo woncedo kunye nokuphelisa -R, --root CHROOT_DIR isikhombisi sokungena

[(Imeyile ikhuselwe) ~] # nwabisa -h # Xela abalawuli kwiqela eliphambili lomsebenzisi
Uyisebenzisa kanjani: iqela lendibanisela [ukhetho] [isenzo] Khetha: -g, -Iqela GROUP tshintsha igama leqela endaweni yeqela lomsebenzisi (linokwenziwa kuphela ngumlawuli) -R, --root CHROOT_DIR isikhombisi sokungena Iintshukumo: -a, --dibanisa USER wongeza USER kumalungu eqela -d, -susa u-USER ususa u-USER kuluhlu lwamalungu eqela -h, -help bonisa lo myalezo woncedo kunye neziphelo -p, - coca onke amalungu eqela -l, - uluhlu lwamalungu eqela

[(Imeyile ikhuselwe) ~] # imvucrub -h # Guqula inkcazo yeqela
Uyisebenzisa kanjani: iqela leqela [ukhetho] IQELA ukhetho: -g, -gid i-GID itshintsha isazisi seqela kwi-GID -h, -help ibonisa lo myalezo woncedo kunye neziphelo -n, -igama elitsha NEW_Group etshintsha igama i-NEW_GROUP -o, -non-unique ivumela ukusebenzisa ikopi ye-GID (ayifumanekanga) -p, -PasswordORD itshintsha iphasiwedi ibe yi-PASSWORD (encrypted) -R, --root CHROOT_DIR directory to chroot into

[(Imeyile ikhuselwe) ~] # Yiya -h # Jonga ukuthembeka kwefayile yeqela
Uyisebenzisa kanjani: grpck [iinketho] [iqela [gshadow]] Khetha: -h, -help bonisa lo myalezo woncedo kwaye uphume -r, -funda-kuphela iziphene zokubonisa kunye nezilumkiso kodwa ungatshintshi iifayile -R, - -root CHROOT_DIR isikhombisi kwi-chroot kwi -s, -sort sort entries by UID

[(Imeyile ikhuselwe) ~] # grpconv
# Imiyalelo edibeneyo: pwconv, ipwcon, grpconv, grpunconv
# Isetyenziselwa ukuguqula isuke kwi-passwords yamaqela kunye namaqela
# Imiyalelo emine isebenza kwiifayile / njl / ukudlula, / njl / iqela, / njl / isithunzi, 
# kunye / njl / gshadow. Ngolwazi oluthe kratya indoda grpconv.

[(Imeyile ikhuselwe) ~] # sg -h # Yenza umthetho nge-ID yeqela eyahlukileyo okanye i-GID
Indlela yokusebenzisa: Iqela le-sg [[-c] i-odolo]

[(Imeyile ikhuselwe) ~] # entsha -h # Guqula i-GID yangoku ngexesha lokungena
Indlela yokusebenzisa: i-newgrp [-] [iqela]

[(Imeyile ikhuselwe) ~] # izinto ezintsha -h # Hlaziya kwaye wenze abasebenzisi abatsha kwimowudi yebatch
Imowudi yokusetyenziswa: izinto ezintsha [iinketho] Iinketho: -c, -crypt-method INDLELA indlela yokubhala (enye ye-NONE DES MD5 SHA256 SHA512) -h, -help bonisa lomyalezo woncedo kwaye uphume -r, -system Yenza iiakhawunti zenkqubo -R, -root CHROOT_DIR isikhombisi sokungena kwi -s, -sha-rounds inani le-SHA imijikelezo ye-SHA encryption algorithms *

[(Imeyile ikhuselwe) ~] # pwk -h # Jonga ukuthembeka kweefayile zegama eligqithisiweyo
Usebenzisa njani: kodwa ungatshintshi iifayile -R, --root CHROOT_DIR isikhombisi kwi-chroot kwi -s, -sort sort entries by UID

[(Imeyile ikhuselwe) ~] # yomsebenzisi -h # Yenza umsebenzisi omtsha okanye uhlaziye okungagqibekanga # ulwazi lomsebenzisi omtsha
Uyisebenzisa kanjani: useradd [iinketho] USER useradd -D useradd -D [iinketho] Iinketho: -b, --base-dir BAS_DIR isiseko solawulo kulawulo lwasekhaya lweakhawunti entsha -c, --comment INGXELO GECOS intsimi ye iakhawunti entsha -d, -ikhaya-dir PERSONAL_DIR lawulo lwasekhaya lwe-akhawunti -D, -ukungagqibeki ukushicilela okanye ukutshintsha ukuseta okungagqibekanga komsebenzisi -d, -phelelwa lixesha EXPIRY_DATE umhla wokuphelelwa kweakhawunti -f, - Engasebenziyo INACTIVE ixesha lokungasebenzi kwepaswedi yeakhawunti entsha
iqela
  -g, -gid GROUP igama okanye isazisi seqela eliphambili le-akhawunti entsha -G, - uluhlu lwamaqela eqela lamaqela ongezelelweyo eakhawunti entsha -h, --help ibonisa lo myalezo woncedo kwaye uyaphela -k, - skel DIR_SKEL isebenzisa olu tshintsho "skeleton" lawulo -K, --key KEY = VALUE ibhala ngaphezulu kwamaxabiso asisiseko e "/etc/login.defs" -l, -no-log-init ayongezi umsebenzisi kwindawo yogcino lwedatha Ukusuka kwilog yokugqibela kunye nokungaphumeleli -m, -ukwakha ikhaya kwenza umkhombandlela wasekhaya womsebenzisi -M, -ukwenzi-ikhaya akwenzi umkhombandlela wasekhaya womsebenzisi -N, -ngekho-umsebenzisi-iqela alenzi qela Igama elifanayo nomsebenzisi -o, -non-unique ivumela ukudala abasebenzisi abaneempazamo (ezingafaniyo) zokuchonga (ii-UIDs) -p, -gama eligqithisiweyo le-PASSWORD iphasiwedi ebhaliweyo ye-akhawunti entsha -r, -isistim yenza iakhawunti Inkqubo -R, --root CHROOT_DIR isikhombisi sokungena kwi -s, -shell CONSOLE ukufikelela kwikhonsoli yeakhawunti entsha -u, -uid Isazisi somsebenzisi se-UID seakhawunti entsha -U, -iqela lomsebenzisiiqela elinegama elifanayo nelomsebenzisi -Z, -selinux-umsebenzisi USER_SE isebenzisa umsebenzisi ochaziweyo kumsebenzisi we-SELinux

[(Imeyile ikhuselwe) ~] # yomsebenzisi -h # Cima iakhawunti yomsebenzisi kunye neefayile ezinxulumene nazo
Imo yokusebenzisa: i-userdel [iinketho] UKUSETYENZISWA KOKUSETYENZISWA: -f, -forforce ezinye izinto ezinokuthi zisilele ngenye indlela umz.ukususwa komsebenzisi okungena okanye iifayile, nokuba ayingomsebenzisi -h, -help ibonisa lo myalezo Uncedo kunye nokugqiba -r, -ukususa isikhombisi sasekhaya kunye nebhokisi yeposi -R, --root CHROOT_DIR isikhombisi kwi-chroot kwi -Z, -selinux-umsebenzisi ususe nayiphi na imephu yomsebenzisi ye-SELinux

[(Imeyile ikhuselwe) ~] # iisermod -h # Guqula iakhawunti yomsebenzisi
Uyisebenzisa kanjani: usermod [iinketho] USER iinketho: -c, -comment COMMENT ixabiso elitsha kumhlaba we-GECOS -d, -home PERSONAL_DIR ulawulo lwasekhaya lomsebenzisi omtsha -e, -expiredate EXPIR_DATE iseta umhla wokuphelelwa iakhawunti ukuya ku-EXPIRED_DATE -f, -Ingasebenzi i-INACTIVE iseta ixesha elingenzi nto emva kokuba i-akhawunti iphelelwe lixesha ku-INACTIVE -g, -gid GROUP inyanzelisa ukusetyenziswa kweGROUP kwiakhawunti yomsebenzisi entsha -G, - uluhlu lwamaqela GROUPS amaqela ongezelelweyo -a, - faka isicelo kumsebenzisi ongezelelweyo GROUPS okhankanywe yi -G ukhetho ngaphandle kokumsusa kwamanye amaqela -h, -help bonisa lo myalezo woncedo kwaye uphelise -l, -ngena NAME kwakhona igama lomsebenzisi -L, -lokutshixa iakhawunti yomsebenzisi -m, -ukuhambisa-umxholo wasekhaya kulawulo lwasekhaya kulawulo olutsha (sebenzisa kuphela ngokudibeneyo ne -d) -o, -non-unique Ivumela ukusetyenziswa Ukuphindaphinda (okungafaniyo) i-UIDs -p, -Password igama eligqithisiweyo eligqithisiweyo usebenzisa i-akhawunti ebhaliweyo ye-akhawunti entsha -R, --root CHR Ulawulo lwe-OOT_DIR ukuya kwi -s, -shell CONSOLE ikhonsoli entsha yokufikelela kwiakhawunti yomsebenzisi -u, -uid UID unyanzelisa ukusetyenziswa kwe-UID kwiakhawunti yomsebenzisi entsha -U, -ukuvula iakhawunti yomsebenzisi -Z, -selinux-user SEUSER imephu entsha yomsebenzisi we-SELinux yeakhawunti yomsebenzisi

Imiyalelo kwiDebian

I-Debian yahlula phakathi yomsebenzisi y adduser. Icebisa ukuba abaLawuli beNkqubo basebenzise adduser.

(Imeyile ikhuselwe): / ekhaya / xeon # adduser -h # Yongeza umsebenzisi kwinkqubo
(Imeyile ikhuselwe): / ekhaya / xeon # iqela elongezelelweyo -h # Yongeza iqela kwinkqubo
i-adduser [-iKhaya UMLAWULI] [-shell SHELL] [- akukho-ukudala-ikhaya] [-i-ID ye-ID] [-i-ID yokuqala ye-ID] [-I-ID yokugqibela] [--gecos GECOS] [-iqela IQELA | ID -gid ID] [-i-password ekhubazekileyo] [-disabled-login] USER Yongeza umsebenzisi oqhelekileyo adduser -system [--iKhaya UMLAWULI] [--shell SHELL] [--no-create-home] [ -Iid ID] [--gecos GECOS] [-iqela | -Iqela leQELA | -I-ID yesazisi] [-i-password ekhubazekileyo] [-khubazisiwe-ungene] USER Yongeza umsebenzisi wenkqubo adduser -group [-gid ID] GROUP addgroup [-gid ID] GROUP Yongeza iqela lomsebenzisi elongezayo --system [--gid ID] IQELA Yongeza inkqubo yeqela lomsebenzisi IQELA ELISETYENZISWA Yongeza umsebenzisi okhoyo kwiqela elikhona ngoku: -q musa ukubonisa ulwazi lwenkqubo kwimveliso esemgangathweni --force-badname vumela amagama abasebenzisi angahambelaniyo nokucwangciswa okungafaniyo NAME_REGEX --help | -h umyalezo wokusebenzisa -version | Inombolo yenguqulo -v kunye nelungelo lokushicilela-conf | -c FILE Sebenzisa iFILE njengefayile yoqwalaselo

(Imeyile ikhuselwe): / ekhaya / xeon # ugqwetha -h # Susa umsebenzisi oqhelekileyo kwinkqubo
(Imeyile ikhuselwe): / ekhaya / xeon # iqela -h # Susa iqela eliqhelekileyo kwinkqubo
Umlahlekisi USER ususa umsebenzisi oqhelekileyo kumzekelo wenkqubo: I-deluser miguel -isusa-ikhaya isusa isikhombisi sasekhaya somsebenzisi kunye nomgca weposi. -ukususa-zonke iifayile kususa zonke iifayile ezizezomsebenzisi. -Ukugcina iifayile ngaphambi kokucima. -ukugcina-ukuya ulawulo lwendawo oluza kugcina kuyo. Ulawulo lwangoku lusetyenziswa ngokungagqibekanga. Inkqubo -susa kuphela ukuba ungumsebenzisi wenkqubo. I-delgroup GROUP i-deluser -group GROUP isusa iqela kwinkqubo yomzekelo: i-deluser -group students -system isusa kuphela ukuba liqela elivela kwinkqubo. -kukuba-ukuba-akukho nto kususwe kuphela ukuba abanamalungu angaphezulu. I-deluser USER GROUP isusa umsebenzisi kumzekelo weqela: i-deluser miguel yabafundi ukhetho ngokubanzi: -quiet | -q Musa ukunika ulwazi lwenkqubo kwi-stdout -help | -h umyalezo wokusebenzisa -version | Inombolo yenguqulo -v kunye nelungelo lokushicilela-conf | -c FILE Sebenzisa iFILE njengefayile yoqwalaselo

Imigaqo-nkqubo

Zimbini iintlobo zemigaqo-nkqubo ekufuneka sizithathele ingqalelo xa sisenza iiakhawunti zomsebenzisi:

• Imigaqo-nkqubo yeAkhawunti yoMsebenzisi
• Imigaqo-nkqubo yokuguga

Imigaqo-nkqubo yeAkhawunti yoMsebenzisi

Ukuziqhelanisa, izinto ezisisiseko ezichonga iakhawunti yomsebenzisi zezi:

• Igama leakhawunti yomsebenzisi-umsebenzisi NGEMA, hayi igama neefani.
• Isazisi somsebenzisi - UID.
• Elona qela liphambili apho - IGid.
• Inombolo yokuvula - inombolo yokuvula.
• Iimvume zokufikelela - iimvume zokufikelela.

Izinto eziphambili ekufuneka ziqwalaselwe xa kusenziwa iakhawunti yomsebenzisi zezi:

• Ubude bexesha umsebenzisi aya kuba nalo ukufikelela kwinkqubo yefayile kunye nezixhobo.
• Ubungakanani bexesha apho umsebenzisi kufuneka atshintshe ipassword yakhe-ngamaxesha athile-ngenxa yezizathu zokhuseleko.
• Ubude bexesha apho ukungena ngemvume- kuya kuhlala kusebenza.

Ngaphaya koko, xa unika umsebenzisi eyakhe UID y inombolo yokuvula, kufuneka sithathele ingqalelo ukuba:

• Ixabiso elipheleleyo UID mayibe yodwa kwaye ingabi negative.
• El inombolo yokuvula kufuneka ibe nobude obaneleyo kunye nobunzima, ukuze kube nzima ukuyicacisa.

Imigaqo-nkqubo yokuguga

Kwinkqubo yeLinux, i inombolo yokuvula yomsebenzisi ayabelwe ixesha lokuphelelwa lixesha. Ukuba sisebenzisa imigaqo-nkqubo yokuguga, sinokutshintsha isimilo esingagqibekanga kwaye xa sisenza abasebenzisi, imigaqo-nkqubo echaziweyo iya kuthathelwa ingqalelo.

Ukuziqhelanisa, zimbini izinto ekufuneka ziqwalaselwe xa useta ubudala begama eligqithisiweyo:

• Ukhuseleko
• Uncedo lomsebenzisi.

Iphasiwedi ikhuseleke ngakumbi xa lifutshane nokuphelelwa lixesha. Kukho umngcipheko omncinci wokuvuza kwabanye abasebenzisi.

Ukuseka imigaqo-nkqubo yokuguga, sinokusebenzisa lo myalelo Chage:

[(Imeyile ikhuselwe) ~] # chage
Imo yokusetyenziswa: chage [iinketho] USER iinketho: -d, -lastday LAST_DAY iseta usuku lokugqibela lokutshintsha kwephasiwedi ibe LAST_DAY -E, -phelelwe lixesha CAD_DATE iseta umhla wokuphelelwa kwi-CAD_DATE -h, -help shows lo myalezo woncedo kunye nokuphela -I, -ingasebenzi i-INACTIVE ikhubaza iakhawunti emva kweentsuku ezi-INACTIVE ukusuka kumhla wokuphelelwa -l, -uhlu lubonisa ulwazi lobudala be-akhawunti -m, -mindays MINDAYS iseta inani ubuncinci beentsuku ngaphambi kokutshintsha iphasiwedi ibe yi-MIN_DAYS -M, -maxdays MAX_DAYS iseta elona nani liphezulu leentsuku ngaphambi kokutshintsha iphasiwedi ibe ngu-MAX_DAYS -R, --root CHROOT_DIR isikhombisi ungene ku -W, iintsuku zokuphelelwa yisikhathi ukuya kwi- DAYS_NOTICE

Kwinqaku elidlulileyo senze abasebenzisi abaliqela njengomzekelo. Ukuba sifuna ukwazi amaxabiso obudala beakhawunti yomsebenzisi nge NGEMA igaladriel:

[(Imeyile ikhuselwe) ~] # chage-uluhlu lwegaladriel
Utshintsho lokugqibela lwegama eligqithisiweyo: Epreli 21, 2017 Iphasiwedi iphelelwa: ayikaze isebenze iphasiwedi: soze iAkhawunti iphelelwe: ayikhe ibe liNani leentsuku phakathi kokutshintsha kwephasiwedi: 0 Elona nani liphezulu leentsuku phakathi kokutshintsha kwephasiwedi: 99999 Inani leentsuku zesaziso ngaphambili iphelelwa lixesha: 7

La ngamaxabiso asisiseko ebenayo inkqubo xa sasenza iakhawunti yomsebenzisi sisebenzisa isixhobo solawulo somzobo "Abasebenzisi namaqela":

Ukutshintsha amaxabiso asisiseko okwedatha, kuyacetyiswa ukuba uhlele ifayile /etc/login.defs y guqula ubuncinci bexabiso esilifunayo. Kule fayile siya kutshintsha kuphela la maxabiso alandelayo:

# Iphasiwedi yokulawula ukuguga: # # PASS_MAX_DAYS Elona nani liphezulu leentsuku ezinokusetyenziswa iphasiwedi. # PASS_MIN_DAYS Ubuncinane beentsuku ezivunyelweyo phakathi kotshintsho lwegama eligqithisiweyo. # PASS_MIN_LEN Ubuncinane begama lokugqitha elamkelekileyo. # PASS_WARN_AGE Inani leentsuku zesilumkiso esinikwe ngaphambi kokuba ipaswedi iphelelwe. # PASS_MAX_DAYS 99999 #! Ngaphezulu kweminyaka engama-273! PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7

yexabiso esikhethe ngokweendlela zethu kunye neemfuno:

I-PASS_MAX_DAYS 42 # 42 iintsuku eziqhubekayo onokuzisebenzisa inombolo yokuvula
PASS_MIN_DAYS 0 # igama eligqithisiweyo linokutshintshwa nangaliphi na ixesha PASS_MIN_LEN 8 # ubuncinci begama eligqithisiweyo PASS_WARN_AGE 7 # Inani leentsuku isixokelelwano silumkisa wena # kufuneka utshintshe ipassword phambi kokuba iphelelwe.

Sishiya yonke ifayile njengoko yayinjalo kwaye sicebisa ukuba singatshintshi ezinye iiparameter de siyazi kakuhle into esiyenzayo.

Amaxabiso amatsha aya kuthathelwa ingqalelo xa sisenza abasebenzisi abatsha. Ukuba sitshintsha iphasiwedi yomsebenzisi osele edaliwe, ixabiso lobuncinci begama eligqithisiweyo liya kuhlonitshwa. Ukuba sisebenzisa lo myalelo passwd endaweni yesixhobo esibonisa imizobo kwaye sibhala ukuba igama eligqithisiweyo liya kuba «iigolola17«, Inkqubo ikhalaza njengesixhobo segraphic« Abasebenzisi kunye namaqela »kwaye iyaphendula ukuba«Ngandlela-thile iphasiwedi ifunda igama lomsebenzisi»Nangona ekugqibeleni ndiyayamkela loo password ibuthathaka.

[(Imeyile ikhuselwe) ~] # i-passwd legolas
Ukutshintsha iphasiwedi yomsebenzisi we-legolas. Iphasiwedi entsha: unozinti               # ingaphantsi koonobumba abasi-7
Iphasiwedi engachanekanga: Iphasiwedi ingaphantsi koonobumba abasi-8 Phinda uphinde ubambe iphasiwedi entsha: iigolola17
Amagama agqithisiweyo awahambelani.               # Ngaba kunjalo?
Iphasiwedi entsha: iigolola17
IPHEPHA ELINGALunganga: Ngandlela thile, igama eligqithisiweyo lifunda igama lomsebenzisi Phinda uchwetheze iphasiwedi entsha: iigolola17
passwd: zonke iithokheni zokungqinisisa zihlaziyiwe ngempumelelo.

Sifumana "ubuthathaka" bokubhengeza igama lokugqithisa elibandakanya NGEMA umsebenzisi. Yindlela engacetyiswayo leyo. Indlela echanekileyo iya kuba:

[(Imeyile ikhuselwe) ~] # i-passwd legolas
Ukutshintsha iphasiwedi yomsebenzisi we-legolas. Iphasiwedi entsha: Iindlela ze-Altos01
Phinda uchwetheze iphasiwedi entsha: Iindlela ze-Altos01
passwd: zonke iithokheni zokungqinisisa zihlaziyiwe ngempumelelo.

Ukutshintsha amaxabiso okuphelelwa li inombolo yokuvula de igaladriel, Sisebenzisa umyalelo we-chage, kwaye kufuneka sitshintshe kuphela ixabiso le- PASS_MAX_DAYS ukusuka kwi-99999 ukuya kwi-42:

[(Imeyile ikhuselwe) ~] # chage -M 42 galadriel
[(Imeyile ikhuselwe) ~] # chage -l galadriel
Utshintsho lokugqibela lwegama eligqithisiweyo: Epreli 21, 2017 Iphasiwedi iphelelwa: Juni 02, 2017 Iphasiwedi engasebenziyo: ayikhe iphelelwe lixesha iAkhawunti: ayikhe ibe liNani leentsuku phakathi kokutshintsha kwephasiwedi: 0 Elona nani liphezulu leentsuku phakathi kokutshintsha kwephasiwedi: 42
Inani leentsuku zesaziso ngaphambi kokuba ipaswedi iphelelwe: 7

Kwaye njalo-njalo, sinokutshintsha iiphasiwedi zabasebenzisi esele zenziwe kunye namaxabiso abo okuphelelwa ngesandla, besebenzisa isixhobo sokubonisa «Abasebenzisi kunye namaqela», okanye ukusebenzisa iskripthi- elishicilelwe ezenzekelayo eminye yemisebenzi engadibaniyo.

• Ngale ndlela, ukuba senza abasebenzisi basekhaya benkqubo ngendlela engacetyiswayo zizinto eziqhelekileyo ngokubhekisele kukhuseleko, sinokutshintsha isimilo ngaphambi kokuqhubeka nokuphumeza iinkonzo ezisekwe kwi-PAM..

Ukuba senza umsebenzisi kunye nge NGEMA «kunye»Nepassword«Igama eligqithisiweyo»Siza kufumana ezi ziphumo zilandelayo:

[(Imeyile ikhuselwe) ~] # yomsebenzisi yongeza
[(Imeyile ikhuselwe) ~] # i-passwd anduin
Ukutshintsha iphasiwedi yomsebenzisi kunye. Iphasiwedi entsha: Igama eligqithisiweyo
Iphasiwedi engachanekanga Phinda uchwetheze iphasiwedi entsha: Igama eligqithisiweyo
passwd-Zonke iithokheni zokuqinisekisa zihlaziyiwe ngempumelelo.

Ngamanye amagama, inkqubo iyile ngokwaneleyo ukuba ibonise ubuthathaka begama eligqithisiweyo.

[(Imeyile ikhuselwe) ~] # i-passwd anduin
Ukutshintsha iphasiwedi yomsebenzisi kunye. Iphasiwedi entsha: Iindlela ze-Altos02
Phinda uchwetheze iphasiwedi entsha: Iindlela ze-Altos02
passwd-Zonke iithokheni zokuqinisekisa zihlaziyiwe ngempumelelo.

Isishwankathelo somgaqo-nkqubo

• Kucacile ukuba umgaqo-nkqubo wokuntsokotha kwegama eligqithisiweyo, kunye nobude obuncinci beempawu ezi-5, zenziwa zasebenza kwi-CentOS. Kwi-Debian, ubunzima bokutshekisha kusebenza kubasebenzisi abaqhelekileyo xa bezama ukutshintsha ipassword yabo ngokucela umyalelo passwd. Umsebenzisi Ingcambu, akukho mida imiselweyo.
• Kubalulekile ukuba wazi iindlela ezahlukeneyo esinokuthi sizibhengeze kwifayile /etc/login.defs usebenzisa umyalelo ukungena kwabantu.
• Jonga umxholo weefayile / njl / engagqibekanga / yomsebenzisi, Kwaye nakwi-Debian /etc/adduser.conf.

Abasebenzisi beNkqubo kunye namaQela

Kwinkqubo yokufaka inkqubo yokusebenza, lonke uthotho lwabasebenzisi kunye namaqela ayilelwe, uncwadi olunye lubiza abaSebenzisi abaqhelekileyo kunye nolunye aBasebenzisi beNkqubo. Sikhetha ukubabiza ngokuba ngaBasebenzisi beNkqubo kunye namaQela.

Njengomthetho, abasebenzisi benkqubo bane I-UID <1000 iiakhawunti zakho zisetyenziswa zizicelo ezahlukeneyo zenkqubo yokusebenza. Umzekelo, iakhawunti yomsebenzisi «isikwati»Isetyenziswa yinkqubo ye-squid, ngelixa i-akhawunti« lp »isetyenziselwa inkqubo yokuprinta ukusuka kubahleli bamagama okanye ababhaliweyo.

Ukuba sifuna ukudwelisa abo basebenzisi kunye namaqela, sinokuyenza sisebenzisa imiyalelo:

[root @ linuxbox ~] # ikati / njl / ukudlula
[root @ linuxbox ~] # ikati / njl / iqela

Akucetyiswa konke konke ukuguqula abasebenzisi kunye namaqela enkqubo. 😉

Ngenxa yokubaluleka kwayo, siyaphinda ukuba kwi-CentOS, FreeBSD,, kunye nezinye iinkqubo zokusebenza, inkqubo-yeqela iyenziwa ivili ukuvumela ukufikelela njenge Ingcambu kuphela kubasebenzisi benkqubo abakwelo qela. Funda /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html, kwaye /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. I-Debian ayibandakanyi iqela ivili.

Ukulawula iakhawunti yomsebenzisi kunye neqela

Eyona ndlela yokufunda indlela yokulawula iakhawunti yomsebenzisi kunye neqela yile:

• Ukuziqhelanisa nokusetyenziswa kwemiyalelo edweliswe apha ngasentla, ngokukhethekileyo kumatshini oqinisekileyo kunye ngaphambili ukusebenzisa izixhobo zokuzoba.
• Ukujonga iincwadi okanye amaphepha omntu yomyalelo ngamnye ngaphambi kokukhangela nayiphi na enye ingcaciso kwi-Intanethi.

Ukuziqhelanisa ngowona mgaqo ubalaseleyo wenyaniso.

Isishwankathelo

Ukuza kuthi ga ngoku, inqaku elinye elinikezelwe kuMsebenzisi waseKhaya noLawulo lweQela alonelanga. Inqanaba lolwazi olufunyanwa nguMlawuli ngamnye liya kuxhomekeka kumdla wakho ekufundeni nasekunzuzeni malunga noku kunye nezinye izihloko ezinxulumene noko. Kuyafana nayo yonke imiba esiyenzileyo kuthotho lwamanqaku Iinethiwekhi zeSME. Ngendlela efanayo ungayonwabela le nguqulo kwi-pdf Apha

Ukuhanjiswa okulandelayo

Siza kuqhubeka nokwenza iinkonzo ngokuqinisekisa ngokuchasene nabasebenzisi bendawo. Emva koko siya kufaka inkonzo yemiyalezo kwangoko esekwe kwinkqubo Inkqubo.

Ndiza kubona kungekudala!