Isalathiso ngokubanzi sothotho: Iinethiwekhi zekhompyuter zee-SMEs: Intshayelelo
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico
Molweni zihlobo nabahlobo!
Eli nqaku kukuqhubekeka kwe- Ukuqinisekiswa kwe-squid + ye-PAM kwi-CentOS 7- iinethiwekhi ze-SMB.
Iinkqubo zokusebenza ze-UNIX / Linux zibonelela ngendawo yokusebenza yabasebenzisi bokwenyani, apho uninzi lwabasebenzisi lunokusebenza ngaxeshanye kwinkqubo enye kwaye babelane ngezixhobo ezinje ngeeprosesa, iihard drive, imemori, unxibelelwano lwenethiwekhi, izixhobo ezifakwe kwinkqubo, njalo njalo.
Ngesi sizathu, abaLawuli beNkqubo banyanzelekile ukuba baqhubeke ngokulawula abasebenzisi kunye namaqela enkqubo kunye nokuyila nokuphumeza isicwangciso esiliqili solawulo.
Emva koko siza kubona ngokufutshane imiba ngokubanzi yalo msebenzi ubalulekileyo kuLawulo lweeNkqubo zeLinux.
Ngamanye amaxesha kungcono ukubonelela ngeeNkonzo kwaye emva koko ufune.
Lo ngumzekelo oqhelekileyo waloo myalelo. Kuqala sibonisa uyenza njani inkonzo yommeli we-Intanethi ngeSquid kunye nabasebenzisi bendawo. Ngoku kufuneka sizibuze:
- ¿Ndingazenza njani iinkonzo zenethiwekhi kwi-UNIX / Linux LAN evela kubasebenzisi bengingqi kunye nefayile ye- ukhuseleko olwamkelekileyo?.
Ayinamsebenzi ukuba abathengi beWindows bakwanxibelelana nale nethiwekhi. Ibaluleke kuphela imfuno yokuba zeziphi iinkonzo ezifunwa yiNethiwekhi ye-SME kwaye yeyiphi indlela elula neyona ingabizi kakhulu yokuphumeza.
- ¿Mhlawumbi indlela yokuqinisekisa ekuzalweni kwe- I-ARPANET, Internet kunye nezinye iinethiwekhi WIDE Aisizathu NEnkqubo o Lyendawo Aisizathu NEnkqubo oonobumba bokuqala bamagama babusekwe kwi I-LDAP, Inkonzo yoLawulo, okanye ngaphakathi IMicrosoft LSASS, okanye ngaphakathi Active Directory, okanye nge IKerberos?, ukukhankanya nje ezimbalwa.
Umbuzo olungileyo wokuba wonke umntu afune iimpendulo zakhe. Ndiyakumema ukuba ukhangele igama elithi «ungqinisiso lwendawo»KwiWikipedia ngesiNgesi, eyeyona igqibelele kwaye ingaguquguquki ngokomxholo wokuqala -isiNgesi-.
NgokweMbali sele ikho kalukhuni, kuqala yaba Uqinisekiso y Ugunyaziso zendawo, emva NIS Inkqubo yeNgcaciso yeNethiwekhi iphuhliswe yi-Sun Microsystem kwaye yaziwa njenge Amakhasi aBomvu o yp, ke ngoku I-LDAP IProsoft Access Protocol.
Uthini nge "Ukhuseleko olwamkelekileyo»Iza ngenxa yokuba amaxesha amaninzi sinexhala malunga nokhuseleko lwenethiwekhi yethu, ngelixa singena kuFacebook, uGmail, uYahoo, njlnjl. Ukukhankanya nje ezimbalwa- kwaye sinika Imfihlo yethu kubo. Kwaye jonga inani elikhulu lamanqaku kunye namaxwebhu ngokubhekisele kwi- Akukho bucala kwi-Intanethi zikhona
Qaphela kwiCentOS nakwiDebian
I-CentOS / Red Hat kunye ne-Debian banefilosofi yabo malunga nendlela yokuphumeza ukhuseleko, olungafaniyo ngokusisiseko. Nangona kunjalo, siyangqina ukuba zombini zizinzile, zikhuselekile kwaye zithembekile. Umzekelo, kwi-CentOS umxholo we-SELinux unikwe amandla ngokungagqibekanga. Kwi-Debian kufuneka sifake iphakheji iselinux-iziseko, ebonisa ukuba singasebenzisa iSELinux.
Kwi-CentOS, FreeBSD,, kunye nezinye iinkqubo zokusebenza, inkqubo-yeqela iyenziwa ivili ukuvumela ukufikelela njenge Ingcambu kuphela kubasebenzisi benkqubo abakwelo qela. Funda /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html, kwaye /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. I-Debian ayibandakanyi iqela ivili.
Iifayile eziphambili kunye nemiyalelo
ZoLondolozo
Iifayile eziphambili ezinxulumene nokulawula abasebenzisi bendawo kwinkqubo yokusebenza yeLinux zezi:
CentOS kunye neDebian
- / njl / njlUlwazi lweakhawunti yomsebenzisi.
- / njl / isithunzi-Ulwazi ngokhuseleko lweakhawunti yomsebenzisi.
- / njl / iqelaUlwazi lweakhawunti yeqela.
- / njl / gshadow-Ulwazi ngokhuseleko lweakhawunti yeqela.
- / njl / engagqibekanga / yomsebenzisiamaxabiso asisiseko ekudalweni kweakhawunti.
- / njl / iskel /: ulawulo oluqulathe iifayile ezingagqibekanga eziza kubandakanywa kulawulo lweKhaya lomsebenzisi omtsha.
- /etc/login.defs-I-suite yokhuseleko lwegama eliyimfihlo.
Debian
- /etc/adduser.confamaxabiso asisiseko ekudalweni kweakhawunti.
Imiyalelo kwi-CentOS kunye ne-Debian
[(Imeyile ikhuselwe) ~] # chwshddd -h # Hlaziya iiphasiwedi kwimowudi yebatch Imowudi yokusetyenziswa: chpasswd [iinketho] Iinketho: -c, -crypt-method INDLELA ye-crypt indlela (enye ye-NONE DES MD5 SHA256 SHA512) -e, -rypted the passwords provided are encrypted -h, -help shows this uncede ukukhawulezisa kunye nokuphelisa -m, -md5 ubhala iphasiwedi ngokucacileyo usebenzisa i-MD5 algorithm -R, --root CHROOT_DIR isikhombisi sokungena kwi -s, -sha-rounds inani le-SHA ejikeleze i-SHA encryption algorithms * # batchYenza imiyalelo xa umthwalo wenkqubo uvumela. Ngamanye amagama # xa umthwalo ophakathi uwa ngaphantsi kwe-0.8 okanye ixabiso elichaziweyo xa ubhengeza # umyalelo we-atd. Iinkcukacha ezithe xaxe ibhetshi yomntu. [(Imeyile ikhuselwe) ~] # yeyo -h # Xela abalawuli ku / njl / iqela kunye / njl / gshadow Uyisebenzisa kanjani: gpasswd [iinketho] GROUP iinketho: -a, --add USER yongeza USER kwiGROUP -d, --delete USER isusa USER kwiGROUP -h, --help ibonisa lomyalezo woncedo kwaye iphela -Q, - -root CHROOT_DIR isikhombisi kwi-chroot kwi -r, -susa-iphasiwedi ususe iphasiwedi ye-GROUP -R, -restrict ithintela ukufikelela kwi-GROUP kumalungu ayo -M, -khumbula USER, ... icwangcisa uluhlu lwamalungu GROUP -A, - abaphathi ADMIN, ... icwangcisa uluhlu lwabaphathi beGROUP Ngaphandle kwe--A kunye -M ukhetho, ukhetho alunakudityaniswa. [(Imeyile ikhuselwe) ~] # iqela -h # Yenza iqela elitsha Usebenzisa kanjani: groupadd [iinketho] GROUP ongakhetha kuyo: -f, --force terminate if group already already, and cancel -g if GID is already use -g, -gid GID use GID for new group - h, - uncedo lubonisa lo myalezo woncedo kunye nokuphela -K, --key KEY = IXABISO libhala ngaphezulu kwamaxabiso asisiseko e "/etc/login.defs" -o, -non-unique ikuvumela ukuba wenze amaqela ane-GIDs (hayi eyahlukileyo) Iphindiwe -p, -igama eliphambili IPASSWORD sebenzisa le-password ebhaliweyo kwiqela elitsha -r, -isistim yenza iakhawunti yenkqubo -R, --root CHROOT_DIR isikhombisi ukungena kuyo [(Imeyile ikhuselwe) ~] # iqela -h # Cima iqela esele likho Uyisebenzisa kanjani: iqeladel [ukhetho] IQELA ukukhetha: -h, -help bonisa lo myalezo woncedo kunye nokuphelisa -R, --root CHROOT_DIR isikhombisi sokungena [(Imeyile ikhuselwe) ~] # nwabisa -h # Xela abalawuli kwiqela eliphambili lomsebenzisi Uyisebenzisa kanjani: iqela lendibanisela [ukhetho] [isenzo] Khetha: -g, -Iqela GROUP tshintsha igama leqela endaweni yeqela lomsebenzisi (linokwenziwa kuphela ngumlawuli) -R, --root CHROOT_DIR isikhombisi sokungena Iintshukumo: -a, --dibanisa USER wongeza USER kumalungu eqela -d, -susa u-USER ususa u-USER kuluhlu lwamalungu eqela -h, -help bonisa lo myalezo woncedo kunye neziphelo -p, - coca onke amalungu eqela -l, - uluhlu lwamalungu eqela [(Imeyile ikhuselwe) ~] # imvucrub -h # Guqula inkcazo yeqela Uyisebenzisa kanjani: iqela leqela [ukhetho] IQELA ukhetho: -g, -gid i-GID itshintsha isazisi seqela kwi-GID -h, -help ibonisa lo myalezo woncedo kunye neziphelo -n, -igama elitsha NEW_Group etshintsha igama i-NEW_GROUP -o, -non-unique ivumela ukusebenzisa ikopi ye-GID (ayifumanekanga) -p, -PasswordORD itshintsha iphasiwedi ibe yi-PASSWORD (encrypted) -R, --root CHROOT_DIR directory to chroot into [(Imeyile ikhuselwe) ~] # Yiya -h # Jonga ukuthembeka kwefayile yeqela Uyisebenzisa kanjani: grpck [iinketho] [iqela [gshadow]] Khetha: -h, -help bonisa lo myalezo woncedo kwaye uphume -r, -funda-kuphela iziphene zokubonisa kunye nezilumkiso kodwa ungatshintshi iifayile -R, - -root CHROOT_DIR isikhombisi kwi-chroot kwi -s, -sort sort entries by UID [(Imeyile ikhuselwe) ~] # grpconv # Imiyalelo edibeneyo: pwconv, ipwcon, grpconv, grpunconv # Isetyenziselwa ukuguqula isuke kwi-passwords yamaqela kunye namaqela # Imiyalelo emine isebenza kwiifayile / njl / ukudlula, / njl / iqela, / njl / isithunzi, # kunye / njl / gshadow. Ngolwazi oluthe kratya indoda grpconv. [(Imeyile ikhuselwe) ~] # sg -h # Yenza umthetho nge-ID yeqela eyahlukileyo okanye i-GID Indlela yokusebenzisa: Iqela le-sg [[-c] i-odolo] [(Imeyile ikhuselwe) ~] # entsha -h # Guqula i-GID yangoku ngexesha lokungena Indlela yokusebenzisa: i-newgrp [-] [iqela] [(Imeyile ikhuselwe) ~] # izinto ezintsha -h # Hlaziya kwaye wenze abasebenzisi abatsha kwimowudi yebatch Imowudi yokusetyenziswa: izinto ezintsha [iinketho] Iinketho: -c, -crypt-method INDLELA indlela yokubhala (enye ye-NONE DES MD5 SHA256 SHA512) -h, -help bonisa lomyalezo woncedo kwaye uphume -r, -system Yenza iiakhawunti zenkqubo -R, -root CHROOT_DIR isikhombisi sokungena kwi -s, -sha-rounds inani le-SHA imijikelezo ye-SHA encryption algorithms * [(Imeyile ikhuselwe) ~] # pwk -h # Jonga ukuthembeka kweefayile zegama eligqithisiweyo Usebenzisa njani: kodwa ungatshintshi iifayile -R, --root CHROOT_DIR isikhombisi kwi-chroot kwi -s, -sort sort entries by UID [(Imeyile ikhuselwe) ~] # yomsebenzisi -h # Yenza umsebenzisi omtsha okanye uhlaziye okungagqibekanga # ulwazi lomsebenzisi omtsha Uyisebenzisa kanjani: useradd [iinketho] USER useradd -D useradd -D [iinketho] Iinketho: -b, --base-dir BAS_DIR isiseko solawulo kulawulo lwasekhaya lweakhawunti entsha -c, --comment INGXELO GECOS intsimi ye iakhawunti entsha -d, -ikhaya-dir PERSONAL_DIR lawulo lwasekhaya lwe-akhawunti -D, -ukungagqibeki ukushicilela okanye ukutshintsha ukuseta okungagqibekanga komsebenzisi -d, -phelelwa lixesha EXPIRY_DATE umhla wokuphelelwa kweakhawunti -f, - Engasebenziyo INACTIVE ixesha lokungasebenzi kwepaswedi yeakhawunti entsha iqela -g, -gid GROUP igama okanye isazisi seqela eliphambili le-akhawunti entsha -G, - uluhlu lwamaqela eqela lamaqela ongezelelweyo eakhawunti entsha -h, --help ibonisa lo myalezo woncedo kwaye uyaphela -k, - skel DIR_SKEL isebenzisa olu tshintsho "skeleton" lawulo -K, --key KEY = VALUE ibhala ngaphezulu kwamaxabiso asisiseko e "/etc/login.defs" -l, -no-log-init ayongezi umsebenzisi kwindawo yogcino lwedatha Ukusuka kwilog yokugqibela kunye nokungaphumeleli -m, -ukwakha ikhaya kwenza umkhombandlela wasekhaya womsebenzisi -M, -ukwenzi-ikhaya akwenzi umkhombandlela wasekhaya womsebenzisi -N, -ngekho-umsebenzisi-iqela alenzi qela Igama elifanayo nomsebenzisi -o, -non-unique ivumela ukudala abasebenzisi abaneempazamo (ezingafaniyo) zokuchonga (ii-UIDs) -p, -gama eligqithisiweyo le-PASSWORD iphasiwedi ebhaliweyo ye-akhawunti entsha -r, -isistim yenza iakhawunti Inkqubo -R, --root CHROOT_DIR isikhombisi sokungena kwi -s, -shell CONSOLE ukufikelela kwikhonsoli yeakhawunti entsha -u, -uid Isazisi somsebenzisi se-UID seakhawunti entsha -U, -iqela lomsebenzisiiqela elinegama elifanayo nelomsebenzisi -Z, -selinux-umsebenzisi USER_SE isebenzisa umsebenzisi ochaziweyo kumsebenzisi we-SELinux [(Imeyile ikhuselwe) ~] # yomsebenzisi -h # Cima iakhawunti yomsebenzisi kunye neefayile ezinxulumene nazo Imo yokusebenzisa: i-userdel [iinketho] UKUSETYENZISWA KOKUSETYENZISWA: -f, -forforce ezinye izinto ezinokuthi zisilele ngenye indlela umz.ukususwa komsebenzisi okungena okanye iifayile, nokuba ayingomsebenzisi -h, -help ibonisa lo myalezo Uncedo kunye nokugqiba -r, -ukususa isikhombisi sasekhaya kunye nebhokisi yeposi -R, --root CHROOT_DIR isikhombisi kwi-chroot kwi -Z, -selinux-umsebenzisi ususe nayiphi na imephu yomsebenzisi ye-SELinux [(Imeyile ikhuselwe) ~] # iisermod -h # Guqula iakhawunti yomsebenzisi Uyisebenzisa kanjani: usermod [iinketho] USER iinketho: -c, -comment COMMENT ixabiso elitsha kumhlaba we-GECOS -d, -home PERSONAL_DIR ulawulo lwasekhaya lomsebenzisi omtsha -e, -expiredate EXPIR_DATE iseta umhla wokuphelelwa iakhawunti ukuya ku-EXPIRED_DATE -f, -Ingasebenzi i-INACTIVE iseta ixesha elingenzi nto emva kokuba i-akhawunti iphelelwe lixesha ku-INACTIVE -g, -gid GROUP inyanzelisa ukusetyenziswa kweGROUP kwiakhawunti yomsebenzisi entsha -G, - uluhlu lwamaqela GROUPS amaqela ongezelelweyo -a, - faka isicelo kumsebenzisi ongezelelweyo GROUPS okhankanywe yi -G ukhetho ngaphandle kokumsusa kwamanye amaqela -h, -help bonisa lo myalezo woncedo kwaye uphelise -l, -ngena NAME kwakhona igama lomsebenzisi -L, -lokutshixa iakhawunti yomsebenzisi -m, -ukuhambisa-umxholo wasekhaya kulawulo lwasekhaya kulawulo olutsha (sebenzisa kuphela ngokudibeneyo ne -d) -o, -non-unique Ivumela ukusetyenziswa Ukuphindaphinda (okungafaniyo) i-UIDs -p, -Password igama eligqithisiweyo eligqithisiweyo usebenzisa i-akhawunti ebhaliweyo ye-akhawunti entsha -R, --root CHR Ulawulo lwe-OOT_DIR ukuya kwi -s, -shell CONSOLE ikhonsoli entsha yokufikelela kwiakhawunti yomsebenzisi -u, -uid UID unyanzelisa ukusetyenziswa kwe-UID kwiakhawunti yomsebenzisi entsha -U, -ukuvula iakhawunti yomsebenzisi -Z, -selinux-user SEUSER imephu entsha yomsebenzisi we-SELinux yeakhawunti yomsebenzisi
Imiyalelo kwiDebian
I-Debian yahlula phakathi yomsebenzisi y adduser. Icebisa ukuba abaLawuli beNkqubo basebenzise adduser.
(Imeyile ikhuselwe): / ekhaya / xeon # adduser -h # Yongeza umsebenzisi kwinkqubo (Imeyile ikhuselwe): / ekhaya / xeon # iqela elongezelelweyo -h # Yongeza iqela kwinkqubo i-adduser [-iKhaya UMLAWULI] [-shell SHELL] [- akukho-ukudala-ikhaya] [-i-ID ye-ID] [-i-ID yokuqala ye-ID] [-I-ID yokugqibela] [--gecos GECOS] [-iqela IQELA | ID -gid ID] [-i-password ekhubazekileyo] [-disabled-login] USER Yongeza umsebenzisi oqhelekileyo adduser -system [--iKhaya UMLAWULI] [--shell SHELL] [--no-create-home] [ -Iid ID] [--gecos GECOS] [-iqela | -Iqela leQELA | -I-ID yesazisi] [-i-password ekhubazekileyo] [-khubazisiwe-ungene] USER Yongeza umsebenzisi wenkqubo adduser -group [-gid ID] GROUP addgroup [-gid ID] GROUP Yongeza iqela lomsebenzisi elongezayo --system [--gid ID] IQELA Yongeza inkqubo yeqela lomsebenzisi IQELA ELISETYENZISWA Yongeza umsebenzisi okhoyo kwiqela elikhona ngoku: -q musa ukubonisa ulwazi lwenkqubo kwimveliso esemgangathweni --force-badname vumela amagama abasebenzisi angahambelaniyo nokucwangciswa okungafaniyo NAME_REGEX --help | -h umyalezo wokusebenzisa -version | Inombolo yenguqulo -v kunye nelungelo lokushicilela-conf | -c FILE Sebenzisa iFILE njengefayile yoqwalaselo (Imeyile ikhuselwe): / ekhaya / xeon # ugqwetha -h # Susa umsebenzisi oqhelekileyo kwinkqubo (Imeyile ikhuselwe): / ekhaya / xeon # iqela -h # Susa iqela eliqhelekileyo kwinkqubo Umlahlekisi USER ususa umsebenzisi oqhelekileyo kumzekelo wenkqubo: I-deluser miguel -isusa-ikhaya isusa isikhombisi sasekhaya somsebenzisi kunye nomgca weposi. -ukususa-zonke iifayile kususa zonke iifayile ezizezomsebenzisi. -Ukugcina iifayile ngaphambi kokucima. -ukugcina-ukuya ulawulo lwendawo oluza kugcina kuyo. Ulawulo lwangoku lusetyenziswa ngokungagqibekanga. Inkqubo -susa kuphela ukuba ungumsebenzisi wenkqubo. I-delgroup GROUP i-deluser -group GROUP isusa iqela kwinkqubo yomzekelo: i-deluser -group students -system isusa kuphela ukuba liqela elivela kwinkqubo. -kukuba-ukuba-akukho nto kususwe kuphela ukuba abanamalungu angaphezulu. I-deluser USER GROUP isusa umsebenzisi kumzekelo weqela: i-deluser miguel yabafundi ukhetho ngokubanzi: -quiet | -q Musa ukunika ulwazi lwenkqubo kwi-stdout -help | -h umyalezo wokusebenzisa -version | Inombolo yenguqulo -v kunye nelungelo lokushicilela-conf | -c FILE Sebenzisa iFILE njengefayile yoqwalaselo
Imigaqo-nkqubo
Zimbini iintlobo zemigaqo-nkqubo ekufuneka sizithathele ingqalelo xa sisenza iiakhawunti zomsebenzisi:
- Imigaqo-nkqubo yeAkhawunti yoMsebenzisi
- Imigaqo-nkqubo yokuguga
Imigaqo-nkqubo yeAkhawunti yoMsebenzisi
Ukuziqhelanisa, izinto ezisisiseko ezichonga iakhawunti yomsebenzisi zezi:
- Igama leakhawunti yomsebenzisi-umsebenzisi NGEMA, hayi igama neefani.
- Isazisi somsebenzisi - UID.
- Elona qela liphambili apho - IGid.
- Inombolo yokuvula - inombolo yokuvula.
- Iimvume zokufikelela - iimvume zokufikelela.
Izinto eziphambili ekufuneka ziqwalaselwe xa kusenziwa iakhawunti yomsebenzisi zezi:
- Ubude bexesha umsebenzisi aya kuba nalo ukufikelela kwinkqubo yefayile kunye nezixhobo.
- Ubungakanani bexesha apho umsebenzisi kufuneka atshintshe ipassword yakhe-ngamaxesha athile-ngenxa yezizathu zokhuseleko.
- Ubude bexesha apho ukungena ngemvume- kuya kuhlala kusebenza.
Ngaphaya koko, xa unika umsebenzisi eyakhe UID y inombolo yokuvula, kufuneka sithathele ingqalelo ukuba:
- Ixabiso elipheleleyo UID mayibe yodwa kwaye ingabi negative.
- El inombolo yokuvula kufuneka ibe nobude obaneleyo kunye nobunzima, ukuze kube nzima ukuyicacisa.
Imigaqo-nkqubo yokuguga
Kwinkqubo yeLinux, i inombolo yokuvula yomsebenzisi ayabelwe ixesha lokuphelelwa lixesha. Ukuba sisebenzisa imigaqo-nkqubo yokuguga, sinokutshintsha isimilo esingagqibekanga kwaye xa sisenza abasebenzisi, imigaqo-nkqubo echaziweyo iya kuthathelwa ingqalelo.
Ukuziqhelanisa, zimbini izinto ekufuneka ziqwalaselwe xa useta ubudala begama eligqithisiweyo:
- Ukhuseleko
- Uncedo lomsebenzisi.
Iphasiwedi ikhuseleke ngakumbi xa lifutshane nokuphelelwa lixesha. Kukho umngcipheko omncinci wokuvuza kwabanye abasebenzisi.
Ukuseka imigaqo-nkqubo yokuguga, sinokusebenzisa lo myalelo Chage:
[(Imeyile ikhuselwe) ~] # chage Imo yokusetyenziswa: chage [iinketho] USER iinketho: -d, -lastday LAST_DAY iseta usuku lokugqibela lokutshintsha kwephasiwedi ibe LAST_DAY -E, -phelelwe lixesha CAD_DATE iseta umhla wokuphelelwa kwi-CAD_DATE -h, -help shows lo myalezo woncedo kunye nokuphela -I, -ingasebenzi i-INACTIVE ikhubaza iakhawunti emva kweentsuku ezi-INACTIVE ukusuka kumhla wokuphelelwa -l, -uhlu lubonisa ulwazi lobudala be-akhawunti -m, -mindays MINDAYS iseta inani ubuncinci beentsuku ngaphambi kokutshintsha iphasiwedi ibe yi-MIN_DAYS -M, -maxdays MAX_DAYS iseta elona nani liphezulu leentsuku ngaphambi kokutshintsha iphasiwedi ibe ngu-MAX_DAYS -R, --root CHROOT_DIR isikhombisi ungene ku -W, iintsuku zokuphelelwa yisikhathi ukuya kwi- DAYS_NOTICE
Kwinqaku elidlulileyo senze abasebenzisi abaliqela njengomzekelo. Ukuba sifuna ukwazi amaxabiso obudala beakhawunti yomsebenzisi nge NGEMA igaladriel:
[(Imeyile ikhuselwe) ~] # chage-uluhlu lwegaladriel Utshintsho lokugqibela lwegama eligqithisiweyo: Epreli 21, 2017 Iphasiwedi iphelelwa: ayikaze isebenze iphasiwedi: soze iAkhawunti iphelelwe: ayikhe ibe liNani leentsuku phakathi kokutshintsha kwephasiwedi: 0 Elona nani liphezulu leentsuku phakathi kokutshintsha kwephasiwedi: 99999 Inani leentsuku zesaziso ngaphambili iphelelwa lixesha: 7
La ngamaxabiso asisiseko ebenayo inkqubo xa sasenza iakhawunti yomsebenzisi sisebenzisa isixhobo solawulo somzobo "Abasebenzisi namaqela":
Ukutshintsha amaxabiso asisiseko okwedatha, kuyacetyiswa ukuba uhlele ifayile /etc/login.defs y guqula ubuncinci bexabiso esilifunayo. Kule fayile siya kutshintsha kuphela la maxabiso alandelayo:
# Iphasiwedi yokulawula ukuguga: # # PASS_MAX_DAYS Elona nani liphezulu leentsuku ezinokusetyenziswa iphasiwedi. # PASS_MIN_DAYS Ubuncinane beentsuku ezivunyelweyo phakathi kotshintsho lwegama eligqithisiweyo. # PASS_MIN_LEN Ubuncinane begama lokugqitha elamkelekileyo. # PASS_WARN_AGE Inani leentsuku zesilumkiso esinikwe ngaphambi kokuba ipaswedi iphelelwe. # PASS_MAX_DAYS 99999 #! Ngaphezulu kweminyaka engama-273! PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7
yexabiso esikhethe ngokweendlela zethu kunye neemfuno:
I-PASS_MAX_DAYS 42 # 42 iintsuku eziqhubekayo onokuzisebenzisa inombolo yokuvula PASS_MIN_DAYS 0 # igama eligqithisiweyo linokutshintshwa nangaliphi na ixesha PASS_MIN_LEN 8 # ubuncinci begama eligqithisiweyo PASS_WARN_AGE 7 # Inani leentsuku isixokelelwano silumkisa wena # kufuneka utshintshe ipassword phambi kokuba iphelelwe.
Sishiya yonke ifayile njengoko yayinjalo kwaye sicebisa ukuba singatshintshi ezinye iiparameter de siyazi kakuhle into esiyenzayo.
Amaxabiso amatsha aya kuthathelwa ingqalelo xa sisenza abasebenzisi abatsha. Ukuba sitshintsha iphasiwedi yomsebenzisi osele edaliwe, ixabiso lobuncinci begama eligqithisiweyo liya kuhlonitshwa. Ukuba sisebenzisa lo myalelo passwd endaweni yesixhobo esibonisa imizobo kwaye sibhala ukuba igama eligqithisiweyo liya kuba «iigolola17«, Inkqubo ikhalaza njengesixhobo segraphic« Abasebenzisi kunye namaqela »kwaye iyaphendula ukuba«Ngandlela-thile iphasiwedi ifunda igama lomsebenzisi»Nangona ekugqibeleni ndiyayamkela loo password ibuthathaka.
[(Imeyile ikhuselwe) ~] # i-passwd legolas Ukutshintsha iphasiwedi yomsebenzisi we-legolas. Iphasiwedi entsha: unozinti # ingaphantsi koonobumba abasi-7 Iphasiwedi engachanekanga: Iphasiwedi ingaphantsi koonobumba abasi-8 Phinda uphinde ubambe iphasiwedi entsha: iigolola17 Amagama agqithisiweyo awahambelani. # Ngaba kunjalo? Iphasiwedi entsha: iigolola17 IPHEPHA ELINGALunganga: Ngandlela thile, igama eligqithisiweyo lifunda igama lomsebenzisi Phinda uchwetheze iphasiwedi entsha: iigolola17 passwd: zonke iithokheni zokungqinisisa zihlaziyiwe ngempumelelo.
Sifumana "ubuthathaka" bokubhengeza igama lokugqithisa elibandakanya NGEMA umsebenzisi. Yindlela engacetyiswayo leyo. Indlela echanekileyo iya kuba:
[(Imeyile ikhuselwe) ~] # i-passwd legolas Ukutshintsha iphasiwedi yomsebenzisi we-legolas. Iphasiwedi entsha: Iindlela ze-Altos01 Phinda uchwetheze iphasiwedi entsha: Iindlela ze-Altos01 passwd: zonke iithokheni zokungqinisisa zihlaziyiwe ngempumelelo.
Ukutshintsha amaxabiso okuphelelwa li inombolo yokuvula de igaladriel, Sisebenzisa umyalelo we-chage, kwaye kufuneka sitshintshe kuphela ixabiso le- PASS_MAX_DAYS ukusuka kwi-99999 ukuya kwi-42:
[(Imeyile ikhuselwe) ~] # chage -M 42 galadriel
[(Imeyile ikhuselwe) ~] # chage -l galadriel
Utshintsho lokugqibela lwegama eligqithisiweyo: Epreli 21, 2017 Iphasiwedi iphelelwa: Juni 02, 2017 Iphasiwedi engasebenziyo: ayikhe iphelelwe lixesha iAkhawunti: ayikhe ibe liNani leentsuku phakathi kokutshintsha kwephasiwedi: 0 Elona nani liphezulu leentsuku phakathi kokutshintsha kwephasiwedi: 42
Inani leentsuku zesaziso ngaphambi kokuba ipaswedi iphelelwe: 7
Kwaye njalo-njalo, sinokutshintsha iiphasiwedi zabasebenzisi esele zenziwe kunye namaxabiso abo okuphelelwa ngesandla, besebenzisa isixhobo sokubonisa «Abasebenzisi kunye namaqela», okanye ukusebenzisa iskripthi- elishicilelwe ezenzekelayo eminye yemisebenzi engadibaniyo.
- Ngale ndlela, ukuba senza abasebenzisi basekhaya benkqubo ngendlela engacetyiswayo zizinto eziqhelekileyo ngokubhekisele kukhuseleko, sinokutshintsha isimilo ngaphambi kokuqhubeka nokuphumeza iinkonzo ezisekwe kwi-PAM..
Ukuba senza umsebenzisi kunye nge NGEMA «kunye»Nepassword«Igama eligqithisiweyo»Siza kufumana ezi ziphumo zilandelayo:
[(Imeyile ikhuselwe) ~] # yomsebenzisi yongeza [(Imeyile ikhuselwe) ~] # i-passwd anduin Ukutshintsha iphasiwedi yomsebenzisi kunye. Iphasiwedi entsha: Igama eligqithisiweyo Iphasiwedi engachanekanga Phinda uchwetheze iphasiwedi entsha: Igama eligqithisiweyo passwd-Zonke iithokheni zokuqinisekisa zihlaziyiwe ngempumelelo.
Ngamanye amagama, inkqubo iyile ngokwaneleyo ukuba ibonise ubuthathaka begama eligqithisiweyo.
[(Imeyile ikhuselwe) ~] # i-passwd anduin Ukutshintsha iphasiwedi yomsebenzisi kunye. Iphasiwedi entsha: Iindlela ze-Altos02 Phinda uchwetheze iphasiwedi entsha: Iindlela ze-Altos02 passwd-Zonke iithokheni zokuqinisekisa zihlaziyiwe ngempumelelo.
Isishwankathelo somgaqo-nkqubo
- Kucacile ukuba umgaqo-nkqubo wokuntsokotha kwegama eligqithisiweyo, kunye nobude obuncinci beempawu ezi-5, zenziwa zasebenza kwi-CentOS. Kwi-Debian, ubunzima bokutshekisha kusebenza kubasebenzisi abaqhelekileyo xa bezama ukutshintsha ipassword yabo ngokucela umyalelo passwd. Umsebenzisi Ingcambu, akukho mida imiselweyo.
- Kubalulekile ukuba wazi iindlela ezahlukeneyo esinokuthi sizibhengeze kwifayile /etc/login.defs usebenzisa umyalelo ukungena kwabantu.
- Jonga umxholo weefayile / njl / engagqibekanga / yomsebenzisi, Kwaye nakwi-Debian /etc/adduser.conf.
Abasebenzisi beNkqubo kunye namaQela
Kwinkqubo yokufaka inkqubo yokusebenza, lonke uthotho lwabasebenzisi kunye namaqela ayilelwe, uncwadi olunye lubiza abaSebenzisi abaqhelekileyo kunye nolunye aBasebenzisi beNkqubo. Sikhetha ukubabiza ngokuba ngaBasebenzisi beNkqubo kunye namaQela.
Njengomthetho, abasebenzisi benkqubo bane I-UID <1000 iiakhawunti zakho zisetyenziswa zizicelo ezahlukeneyo zenkqubo yokusebenza. Umzekelo, iakhawunti yomsebenzisi «isikwati»Isetyenziswa yinkqubo ye-squid, ngelixa i-akhawunti« lp »isetyenziselwa inkqubo yokuprinta ukusuka kubahleli bamagama okanye ababhaliweyo.
Ukuba sifuna ukudwelisa abo basebenzisi kunye namaqela, sinokuyenza sisebenzisa imiyalelo:
[root @ linuxbox ~] # ikati / njl / ukudlula [root @ linuxbox ~] # ikati / njl / iqela
Akucetyiswa konke konke ukuguqula abasebenzisi kunye namaqela enkqubo. 😉
Ngenxa yokubaluleka kwayo, siyaphinda ukuba kwi-CentOS, FreeBSD,, kunye nezinye iinkqubo zokusebenza, inkqubo-yeqela iyenziwa ivili ukuvumela ukufikelela njenge Ingcambu kuphela kubasebenzisi benkqubo abakwelo qela. Funda /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html, kwaye /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. I-Debian ayibandakanyi iqela ivili.
Ukulawula iakhawunti yomsebenzisi kunye neqela
Eyona ndlela yokufunda indlela yokulawula iakhawunti yomsebenzisi kunye neqela yile:
- Ukuziqhelanisa nokusetyenziswa kwemiyalelo edweliswe apha ngasentla, ngokukhethekileyo kumatshini oqinisekileyo kunye ngaphambili ukusebenzisa izixhobo zokuzoba.
- Ukujonga iincwadi okanye amaphepha omntu yomyalelo ngamnye ngaphambi kokukhangela nayiphi na enye ingcaciso kwi-Intanethi.
Ukuziqhelanisa ngowona mgaqo ubalaseleyo wenyaniso.
Isishwankathelo
Ukuza kuthi ga ngoku, inqaku elinye elinikezelwe kuMsebenzisi waseKhaya noLawulo lweQela alonelanga. Inqanaba lolwazi olufunyanwa nguMlawuli ngamnye liya kuxhomekeka kumdla wakho ekufundeni nasekunzuzeni malunga noku kunye nezinye izihloko ezinxulumene noko. Kuyafana nayo yonke imiba esiyenzileyo kuthotho lwamanqaku Iinethiwekhi zeSME. Ngendlela efanayo ungayonwabela le nguqulo kwi-pdf Apha
Ukuhanjiswa okulandelayo
Siza kuqhubeka nokwenza iinkonzo ngokuqinisekisa ngokuchasene nabasebenzisi bendawo. Emva koko siya kufaka inkonzo yemiyalezo kwangoko esekwe kwinkqubo Inkqubo.
Ndiza kubona kungekudala!
Molo, inqaku elikhulu, ndikubuza ukuba ndisebenza phi, iiprinta kwabelwana ngazo kakhulu, ingxaki ikwiikomityi, ngamanye amaxesha zixhomekeke kwaye azinakho ukuprinta njengoko ndingabanika imvume yokuyiqala kwakhona (kuba ixesha elininzi sisebenza kwezinye iindawo) ngaphandle kokunika ipassword ingcambu kuba ekuphela kwendlela endiyifumene ngayo kukutshintsha ukuze umsebenzisi othile akwazi ukuqala kwakhona.
Ukususela sele enkosi kakhulu.
Ukubulisa HO2GI!. Umzekelo, masithi umsebenzisi imilo ufuna ukuyinika imvume yokuqalisa kwakhona inkonzo ye-CUPS, usebenzisa umthetho sudo, ekufuneka ifakwe:
[(Imeyile ikhuselwe) ~] # visudo
I-Cmnd alias imigaqo
Cmnd_Alias RESTARTCUPS = /etc/init.d/cups qala kwakhona
Ukucaciswa kwelungelo lomsebenzisi
ingcambu ZONKE = (ZONKE: ZONKE) ZONKE
i-legolas ZONKE = UKUQALA OKUQALAYO
Gcina utshintsho olwenziwe kwifayile ukubila. Ngena njengomsebenzisi imilo:
i-legolas @ linuxbox: ~ $ sudo /etc/init.d/squid phinda ulayishe
[sudo] iphasiwedi ye-legolas:
Sorry, user legolas is not allowed to execute ‘/etc/init.d/postfix reload’ as root on linuxbox.desdelinux.umlandeli.
i-legolas @ linuxbox: ~ $ sudo /etc/init.d/cups qala kwakhona
[sudo] iphasiwedi ye-legolas:
[ok] Ukuqala kwakhona iNkqubo yokuPrinta ye-Unix eqhelekileyo: i-cupsd.
Ndixolele ukuba isantya sahlukile kwi-CentOS, kuba bendikhokelwa yile ndiyenzileyo kwi-Debian Wheezy. ;-). Apho ndikhoyo ngoku, andinayo i-CentOS ngesandla.
Kwelinye icala, ukuba ufuna ukongeza abanye aBasebenzisi beNkqubo njengabaLawuli abaPheleleyo be-CUPS-banokuyilungisa ngendlela engalunganga-ubenza babe ngamalungu eqela lpadmin, eyenziweyo xa ufaka i-CUPS.
https://www.cups.org/doc/man-lpadmin.html
http://www.computerhope.com/unix/ulpadmin.htm
Enkosi kakhulu kwi-Fico eliwaka ndiza kuyizama ngoku.
I-HO2GI, kwi-CentOS / Red -Hat iya kuba:
[(Imeyile ikhuselwe) ~] # visudo
iinkonzo
I-Cmnd_Alias RESTARTTCUPS = / usr / bin / systemctl ukuqala kwakhona iikomityi, / usr / bin / systemctl imeko yeekomityi
Vumela ingcambu ukuba iqhube nayiphi na imiyalelo naphina
ingcambu ZONKE = (ZONKE) ZONKE
i-legolas ZONKE = UKUQALA OKUQALILEYO
Gcina Utshintsho
[root @ linuxbox ~] # ukuphuma
buzz @ sysadmin: ~ $ ssh legolas @ linuxbox
I-password ye-legolas @ linuxbox:
[legolas @ linuxbox ~] $ sudo systemctl qala kwakhona iikomityi
Siyathemba ukuba uyifumene intetho eqhelekileyo kwiNkqubo yobulali
Umlawuli. Ihlala ibila kwezi zinto zintathu:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] iphasiwedi ye-legolas:
[legolas @ linuxbox ~] $ sudo systemctl imeko yeekomityi
● iikomityi.inkonzo - Inkonzo yokuPrinta yeCUPS
Ikhutshiwe: ilayishiwe (/usr/lib/systemd/system/cups.service; yenziwe; umthengisi usetwe kwangaphambili: yenziwe)
Iyasebenza: iyasebenza (iyasebenza) ukusukela nge-Mar 2017-04-25 22:23:10 EDT; 6s eyadlulayo
I-PID ephambili: 1594 (cupsd)
Iqela: / inkqubo.slice/cups.service
└─1594 / usr / sbin / cupsd -f
[legolas @ linuxbox ~] $ sudo systemctl qala kwakhona squid.service
Uxolo, umsebenzisi we-legolas akavunyelwe ukwenza '/ bin / systemctl restart squid.service' njengengcambu kwi-linuxbox.
[legolas @ linuxbox ~] $ ukuphuma