Ukuphathwa kwabasebenzisi bendawo namaqembu - amanethiwekhi we-SME

Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso

Sanibonani bangani nabangane!

Lo mbhalo ungukuqhubeka kwe Ukuqinisekiswa kwe-squid + PAM kuma-CentOS 7- SMB Networks.

Izinhlelo zokusebenza ze-UNIX / Linux zinikela ngemvelo yabasebenzisi abaningi, lapho abasebenzisi abaningi bangasebenza khona kanyekanye ohlelweni olufanayo futhi babelane ngezinsizakusebenza ezinjengama-processor, ama-hard drive, inkumbulo, izixhumi zenethiwekhi, amadivayisi afakwe ohlelweni, njalo njalo.

Ngalesi sizathu, abaPhathi beSistimu baphoqelekile ukuthi baqhubeke nokuphatha abasebenzisi namaqembu ohlelo futhi benze futhi basebenzise isu elihle lokuphatha.

Okulandelayo sizobona ngamafuphi kakhulu izici ezijwayelekile zalo msebenzi obalulekile ku-Linux Systems Administration.

Kwesinye isikhathi kungcono ukunikela nge-Utility bese u-Need.

Lesi yisibonelo esijwayelekile salolo oda. Okokuqala siyabonisa ungayisebenzisa kanjani insiza eyi-Internet Proxy nge-squid nabasebenzisi bendawo. Manje kufanele sizibuze:

• ¿Ngingazisebenzisa kanjani izinsizakalo zokuxhumana kwi-UNIX / Linux LAN kusuka kubasebenzisi bendawo futhi nge ukuvikeleka okwamukelekayo?.

Akunandaba ukuthi, ngaphezu kwalokho, amaklayenti eWindows axhunywe kule nethiwekhi. Kubaluleke kuphela isidingo sokuthi i-SME Network idinga usizo luni nokuthi iyiphi indlela elula neshibhile yokuziqalisa.

• ¿Mhlawumbe indlela yokuqinisekisa ekuzalweni kwe- I-ARPANET, Internet namanye amanethiwekhi Wi-ide Aimbangela NEtwork o Lwendawo Aimbangela NEtwork ama-initials ayesuselwa ku- I-LDAP, Insiza Yezincwadi, noma ungene IMicrosoft LSASS, noma ungene I-Active Directory, noma nge I-Kerberos?, ukubala nje ezimbalwa.

Umbuzo omuhle wokuthi wonke umuntu kufanele afune izimpendulo zakhe. Ngikumema ukuba ufune igama elithi «ukuqinisekiswa»Ku-Wikipedia ngesiNgisi, okuyiwona ophelele kakhulu futhi ongaguquguquki ngokuya ngokuqukethwe kwangempela - ngesiNgisi-.

Ngokusho komlando vele ukukhuluma ngokukhululekile, okokuqala kwaba yi- Ukufakazela ubuqiniso y Ukugunyazwa zendawo, ngemuva I-NIS Uhlelo Lolwazi Lwenethiwekhi lakhiwa yiSun Microsystem futhi yaziwa nangokuthi amakhasi Yellow o ypbese kuthi I-LDAP UHlelo Lwesiqondisi Kungena Esilula.

Mayelana nani "Ezokuphepha ezamukelekayo»Kuza ngoba izikhathi eziningi sikhathazeka ngokuphepha kwenethiwekhi yethu yasendaweni, ngenkathi sifinyelela ku-Facebook, i-Gmail, i-Yahoo, njll-ukusho nje ezimbalwa- futhi sinikeza Ubumfihlo Bethu kuzo. Futhi bheka inani elikhulu lama-athikili namadokhumentari aphathelene ne- Akunabumfihlo ku-inthanethi zikhona

Qaphela ku-CentOS naku-Debian

I-CentOS / Red Hat ne-Debian banefilosofi yabo yokuthi bangakusebenzisa kanjani ukuphepha, okungahlukile ngokuyisisekelo. Kodwa-ke, siyaqinisekisa ukuthi zombili zizinzile kakhulu, ziphephile futhi zithembekile. Isibonelo, ku-CentOS umongo we-SELinux unikwe amandla ngokuzenzakalela. Ku-Debian kufanele sifake iphakheji selinux-izisekelo, okukhombisa ukuthi singasebenzisa futhi i-SELinux.

Ku-CentOS, I-FreeBSD, kanye nezinye izinhlelo zokusebenza, iqembu -system- liyakhiwa Isondo ukuvumela ukufinyelela njenge izimpande kubasebenzisi besistimu kuphela bakulelo qembu. Funda /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html, futhi /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. I-Debian ayifaki iqembu Isondo.

Amafayela amakhulu nemiyalo

Amadokhumenti

Amafayela amakhulu ahlobene nokuphatha abasebenzisi bendawo ohlelweni lokusebenza lwe-Linux yilawa:

I-CentOS ne-Debian

• / njll / passwd: imininingwane ye-akhawunti yomsebenzisi.
• / njll / isithunzi- Imininingwane yokuphepha ye-akhawunti yomsebenzisi.
• / njll / iqembu: imininingwane ye-akhawunti yeqembu.
• / njll / gshadow- Imininingwane yezokuphepha yama-akhawunti weqembu.
• / etc / default / useraddAmanani wokuzenzakalelayo wokwenza ama-akhawunti.
• / njll / skel /isiqondisi esiqukethe amafayela azenzakalelayo azofakwa enkombeni ye-HOME yomsebenzisi omusha.
• /etc/login.defs- Iphasiwedi ukumisa suite.

Debian

• /etc/adduser.confAmanani wokuzenzakalelayo wokwenza ama-akhawunti.

Imiyalo ku-CentOS naku-Debian

[impande @ linuxbox ~] # bhekumuzi -h # Buyekeza amaphasiwedi kumodi ye-batch
Isetshenziswa kanjani: chpasswd [izinketho] Izinketho: -c, --crypt-method INDLELA indlela ye-crypt (enye ye-NONE DES MD5 SHA256 SHA512) -e, - ibethele amaphasiwedi anikeziwe abethelwe -h, --help ikhombisa lokhu help prompt and end -m, --md5 encrypts password in clear using MD5 algorithm -R, --root CHROOT_DIR directory to chroot into -s, --sha-rounds number of SHA rounds for SHA encryption algorithms * # ibhethri- Yenza imiyalo lapho umthwalo wesistimu ukuvumela. Ngamanye amagama # lapho umthwalo omaphakathi wehla ngaphansi kuka-0.8 noma inani elishiwo ngokufaka # umyalo we-atd. Imininingwane engaphezulu indoda batch.

[impande @ linuxbox ~] # gwedwd -h # Memezela Abaphathi ku / etc / group kanye / etc / gshadow
Isetshenziswa kanjani: gpasswd [izinketho] GROUP Izinketho: -a, --add USER ungeza USER kuGROUP -d, --delete USER ususa USER kuGROUP -h, --help ukhombisa lo mlayezo wosizo bese uyaphela -Q, - -root CHROOT_DIR isiqondisi ukuze ungene ku -r, --susa-password ususe iphasiwedi ye-GROUP -R, --restrict ivimbela ukufinyelela kwe-GROUP kumalungu ayo -M, --members USER, ... isetha uhlu lwamalungu I-GROUP -A, - abaphathi i-ADMIN, ... ibeka uhlu lwabaphathi be-GROUP Ngaphandle kwezinketho ze -A ne -M, izinketho azikwazi ukuhlanganiswa.

[impande @ linuxbox ~] # iqembu -h    # Dala iqembu elisha
Isetshenziswa kanjani: groupadd [izinketho] GROUP Izinketho: -f, --force terminate if group already already, and cancel -g if GID is already used -g, --gid GID use GID for new group - h, --help ibonisa lo mlayezo wosizo bese uyaphela -K, --key KEY = VALUE ubhala ngaphezulu amanani azenzakalelayo we - "/etc/login.defs" -o, --non-unique ikuvumela ukuthi wakhe amaqembu ngama-GIDs (awahlukile okuphindiwe -p, - igama eliphakeme le-PASSWORD sebenzisa le phasiwedi ebethelwe iqembu elisha -r, --system create a system account -R, --root CHROOT_DIR directory to chroot into

[impande @ linuxbox ~] # iqembu -h # Susa iqembu elivele likhona
Isetshenziswa kanjani: groupdel [izinketho] GROUP Izinketho: -h, --help khombisa lo mlayezo wosizo bese unqamula -R, --root CHROOT_DIR lwemibhalo ozongena kuyo

[impande @ linuxbox ~] # bhekumuzi -h # Memezela Abaphathi eqenjini eliyinhloko lomsebenzisi
Isetshenziswa kanjani: groupmems [izinketho] [isenzo] Izinketho: -g, --group GROUP shintsha igama leqembu esikhundleni seqembu lomsebenzisi (kungenziwa kuphela ngumlawuli) -R, --root CHROOT_DIR directory to chroot into Izenzo: -a, - engeza u-USER ungeza u-USER kumalungu eqembu -d, --delete USER ususa u-USER ohlwini lwamalungu eqembu -h, --help ibonisa lo mlayezo wosizo futhi anqamule -p, - khipha wonke amalungu eqembu -l, - uhlu lubala amalungu eqembu

[impande @ linuxbox ~] # iqeqe -h # Shintsha incazelo yeqembu
Isetshenziswa kanjani: groupmod [izinketho] GROUP Izinketho: -g, --gid GID iguqula isikhombi seqembu ibe yi-GID -h, --help ikhombisa lo mlayezo wosizo bese iyaphela -n, --new-name NEW_Group ishintsha igama i-NEW_GROUP -o, --non-unique ivumela ukusebenzisa impinda ye-GID (hhayi eyingqayizivele) -p, - igama eliphakeme le-PASSWORD liguqula iphasiwedi libe yi-PASSWORD (ibethelwe) -R, --root umkhombandlela we-CHROOT_DIR ozongena kuwo

[impande @ linuxbox ~] # grpck -h # Hlola ubuqotho befayela leqembu
Isetshenziswa kanjani: i-grpck [izinketho] [iqembu [gshadow]] Izinketho: -h, --help bonisa lo mlayezo wosizo bese uphuma -r, - funda kuphela amaphutha nezixwayiso kepha ungawashintshi amafayela -R, - -root CHROOT_DIR umkhombandlela ukuze ungene ku -s, --sort sort entries by UID

[impande @ linuxbox ~] # grpconv
# Imiyalo ehlanganisiwe: pwconv, pwunconv, grpconv, grpunconv
# Kusetshenziselwa ukuguqulela kusuka nokusuka kumaphasiwedi wesithunzi namaqembu
# Imiyalo emine isebenza kumafayela / etc / passwd, / etc / group, / etc / shadow, 
# kanye / njll / gshadow. Ngeminye imininingwane indoda grpconv.

[impande @ linuxbox ~] # sg -h # Yenza umyalo nge-ID yeqembu ehlukile noma i-GID
Isetshenziswa kanjani: i-sg group [[-c] oda]

[impande @ linuxbox ~] # newgp -h # Shintsha i-GID yamanje ngesikhathi sokungena ngemvume
Isetshenziswa kanjani: i-newgrp [-] [iqembu]

[impande @ linuxbox ~] # okusha -h # Buyekeza futhi udale abasebenzisi abasha ngemodi ye-batch
Imodi yokusetshenziswa: ama-newusers [izinketho] Izinketho: -c, --crypt-method METHOD indlela ye-crypt (enye ye-NONE DES MD5 SHA256 SHA512) -h, --help show this message message and exit -r, --system dala ama-akhawunti wesistimu -R, --root CHROOT_DIR isiqondisi ukuze ungene ku -s, --sha-rounds inani lama-SHA rounds for SHA encryption algorithms *

[impande @ linuxbox ~] # pwck -h # Hlola ubuqotho bamafayela wephasiwedi
Isetshenziswa kanjani: pwck [izinketho] [passwd [shadow]] Izinketho: -h, --help khombisa lo mlayezo wosizo bese uphuma -q, - amaphutha okubika okuthulile kuphela -r, - funda kuphela amaphutha okukhombisa nezixwayiso kepha ungaguquli amafayela -R, --root umkhombandlela we-CHROOT_DIR ube yi-chroot ungene -s, --sort sort entries by UID

[impande @ linuxbox ~] # umsebenzisi -h # Dala umsebenzisi omusha noma uvuselele imininingwane ezenzakalelayo # yomsebenzisi omusha
Isetshenziswa kanjani: useradd [izinketho] USER useradd -D useradd -D [ongakhetha] Izinketho: -b, --base-dir BAS_DIR base directory for the home directory of the new account -c, --comment COMMENT GECOS field of the i-akhawunti entsha -d, --home-dir PERSONAL_DIR isiqondisi sasekhaya se-akhawunti entsha -D, --iziphambeko ziphrinta noma zishintshe ukusethwa okuzenzakalelayo kwe-useradd -e, --phelelwa yisikhathi EXPIRY_DATE usuku lokuphelelwa isikhathi kwe-akhawunti entsha -f, - isikhathi esingasebenzi sokungasebenzi kwe-password ye-akhawunti entsha
umabhebhana
  -g, --gid GROUP igama noma isihlonzi seqembu eliyinhloko le-akhawunti entsha -G, --groups GROUPS uhlu lwamaqembu angeziwe e-akhawunti entsha -h, --help ikhombisa lo mlayezo wosizo futhi iyaphela -k, - iskel DIR_SKEL sisebenzisa enye imikhombandlela "yamathambo" -K, --key KEY = VALUE ibhala ngaphezulu amanani ezenzakalelayo we "/etc/login.defs" -l, --no-log-init ayingezi umsebenzisi kulwazi kusuka ku-lastlog ne-faillog -m, --create-home kwakha umkhombandlela wasekhaya womsebenzisi -M, --no-create-home akwenzi umkhombandlela wasekhaya womsebenzisi -N, --no-user-group Akwenzi iqembu ne igama elifanayo nomsebenzisi -o, --non-unique livumela ukudala abasebenzisi abanezihlonzi eziyimpinda (ezingahlukile) (i-UIDs) -p, - iphasiwedi ye-PASSWORD iphasiwedi ebethelwe ye-akhawunti entsha -r, --system kudala i-akhawunti uhlelo -R, --root CHROOT_DIR lwemibhalo ukuze ungene ku -s, --shell CONSOLE ukufinyelela kwe-akhawunti entsha -u, --uid UID isihlonzi somsebenzisi se-akhawunti entsha -U, - iqembu le -useriqembu elinegama elifanayo nomsebenzisi -Z, --selinux-userUSER_SE lisebenzisa umsebenzisi ocacisiwe kumsebenzisi we-SELinux

[impande @ linuxbox ~] # yomsebenzisi -h # Susa i-akhawunti yomsebenzisi namafayela ahlobene
Imodi yokusetshenziswa: i-userdel [izinketho] Izinketho ze-USER: -f, --force Force ezinye izenzo ezizohluleka ngenye indlela isb ukususwa komsebenzisi ungene ngemvume noma ukufaka amafayela, noma ngabe akusiye owomsebenzisi -h, --help ukhombisa lo mlayezo Usizo nokuqeda -r, --susa ukususa umkhombandlela wasekhaya nebhokisi leposi -R, --root CHROOT_DIR isiqondisi ukuze ungene ku -Z, --selinux-umsebenzisi asuse noma imiphi imephu yomsebenzisi ye-SELinux yomsebenzisi

[impande @ linuxbox ~] # usermod -h # Shintsha i-akhawunti yomsebenzisi
Ungayisebenzisa kanjani: i-usermod [izinketho] Izinketho ze-USER: -c, --comment COMMENT inani elisha lenkambu ye-GECOS -d, --home PERSONAL_DIR umkhombandlela omusha wasekhaya womsebenzisi omusha -e, --expiredate EXPIRED_DATE usetha usuku lokuphelelwa isikhathi i-akhawunti eya ku-EXPIRED_DATE -f, - engasebenzi i-INACTIVE isetha isikhathi sokungenzi lutho ngemuva kokuthi i-akhawunti iphelelwe yisikhathi ku-INACTIVE -g, --gid GROUP iphoqa ukusetshenziswa kweGROUP kwe-akhawunti entsha yomsebenzisi -G, - uhlu lwamaqembu amaGroups amaqembu wokungezelela -a, -append engeza umsebenzisi kuma-GROUPS ongezelelweyo ashiwo yi -G ngaphandle kokumsusa kwamanye amaqembu -h, --help bonisa lo mlayezo wosizo bese unqamula -l, --gingena NAME futhi igama lomsebenzisi -L, --lock locks user account -m, --move-home move content of home directory to new directory (sebenzisa kuphela ngokuhlangana ne -d) -o, --non-unique ivumela ukusetshenziswa I-UIDs -p eyimpinda (engahlukile) -p, igama eliphakeme le-PASSWORD isebenzisa iphasiwedi ebethelwe ye-akhawunti entsha -R, --root CHR Isiqondisi se-OOT_DIR sokungena ku -s, --shell CONSOLE ikhonsoli entsha yokufinyelela ye-akhawunti yomsebenzisi -u, --uid UID iphoqa ukusetshenziswa kwe-UID kwe-akhawunti entsha yomsebenzisi -U, - ukuvula ukuvula i-akhawunti yomsebenzisi -Z, --selinux-user SEUSER imephu entsha yomsebenzisi we-SELinux ye-akhawunti yomsebenzisi

Imiyalo ku-Debian

UDebian wehlukanisa phakathi umsebenzisi y i-adduser. Ncoma ukuthi Abaphathi Besistimu basebenzise i-adduser.

impande @ sysadmin: / ikhaya / xeon # i-adduser -h # Faka umsebenzisi ohlelweni
impande @ sysadmin: / ikhaya / xeon # isengezo -h # Faka iqembu ohlelweni
i-adduser [- home DIRECTORY] [--shell SHELL] [- akukho-yakhela ikhaya] [--uid ID] [- ID yokuqala ye-ID] [- - ID ye -astuid] [--gecos GECOS] [- iqembu IQEMBU | --gid ID] [--disabled-password] [--disabled-login] USER Faka i-adduser ejwayelekile yomsebenzisi --system [--home DIRECTORY] [--shell SHELL] [--no-create-home] [ --uid ID] [--gecos GECOS] [- iqembu | --Iqembu IQEMBU | --gid ID] [--disabled-password] [--disabled-login] USER Faka umsebenzisi kusuka ku-adduser system --group [--gid ID] GROUP addgroup [--gid ID] GROUP Faka iqembu le-addgroup --system [--gid ID] GROUP Ngeza iqembu kusuka ku-adduser yohlelo USER GROUP Faka umsebenzisi okhona kuzinketho ezivamile zeqembu: --quiet | -q ayibonisi imininingwane yenqubo ekukhishweni okujwayelekile --force-badname vumela amagama abasebenzisi angahambelani nokuguquguquka kokumiswa kwe-NAME_REGEX --help | -h umyalezo wokusetshenziswa --version | Inombolo yenguqulo ye -v ne-copyright --conf | -c FILE sebenzisa FILE njengefayela lokumisa

impande @ sysadmin: / ikhaya / xeon # i-deluser -h # Susa umsebenzisi ojwayelekile ohlelweni
impande @ sysadmin: / ikhaya / xeon # umabhebhana -h # Susa iqembu elijwayelekile kusuka ohlelweni
I-deluser USER isusa umsebenzisi ojwayelekile kusibonelo sohlelo: i-deluser miguel --remove-home isusa umkhombandlela wasekhaya womsebenzisi nolayini weposi. --susa wonke amafayela kususa wonke amafayela aphethwe ngumsebenzisi. --backup yenza isipele amafayela ngaphambi kokususa. --backup-to umkhombandlela wokufika wezipele. Isiqondisi samanje sisetshenziswa ngokuzenzakalela. Isistimu isusa kuphela uma ungumsebenzisi wesistimu. I-delgroup GROUP deluser --group GROUP isusa iqembu esibonelweni sesistimu: i-deluser --group students --system isusa kuphela uma kuyiqembu kusuka ohlelweni. - kuphela-uma kungenalutho kususa kuphela uma bengekho amanye amalungu. I-deluser USER GROUP isusa umsebenzisi esibonelweni seqembu: i-deluser miguel students izinketho ezijwayelekile: --quiet | -q Unganikezi imininingwane yenqubo ku-stdout --help | -h umyalezo wokusetshenziswa --version | Inombolo yenguqulo ye -v ne-copyright --conf | -c FILE sebenzisa FILE njengefayela lokumisa

Izinqubomgomo

Kunezinhlobo ezimbili zezinqubomgomo okufanele sizicabangele lapho sakha ama-akhawunti womsebenzisi:

• Izinqubomgomo ze-Akhawunti Yomsebenzisi
• Izinqubomgomo zokuguga kwephasiwedi

Izinqubomgomo ze-Akhawunti Yomsebenzisi

Ngokwenzayo, izinto eziyisisekelo ezikhomba i-akhawunti yomsebenzisi yilezi:

• Igama le-akhawunti yomsebenzisi - umsebenzisi NGENA NGEMVUME, hhayi igama nezibongo.
• I-ID Yomsebenzisi - I-UID.
• Iqembu elikhulu okuyilona - I-GID.
• Iphasiwedi - iphasiwedi.
• Izimvume zokufinyelela - ukufinyelela izimvume.

Izici eziyinhloko okufanele uzicabangele lapho wenza i-akhawunti yomsebenzisi yilezi:

• Ubude besikhathi umsebenzisi azokwazi ukufinyelela ngaso uhlelo lwefayela nezinsizakusebenza.
• Isikhathi lapho umsebenzisi kufanele aguqule khona iphasiwedi yakhe - ngezikhathi ezithile - ngenxa yezizathu zokuphepha.
• Ubude besikhathi i-login -login- ezohlala isebenza ngaso.

Ngaphezu kwalokho, lapho wabela umsebenzisi ifayili lakhe le- I-UID y iphasiwedi, kufanele sinake ukuthi:

• Inani eliphelele I-UID kufanele ihluke futhi ingabi yimbi.
• El iphasiwedi kufanele ibe nobude obenele nobunzima, ukuze kube nzima ukuyiqonda.

Izinqubomgomo zokuguga kwephasiwedi

Kuhlelo lweLinux, i iphasiwedi yomsebenzisi ayinikiwe isikhathi sokuphela okuzenzakalelayo. Uma sisebenzisa izinqubomgomo zokuguga kwephasiwedi, singashintsha ukusebenza okuzenzakalelayo futhi lapho sakha abasebenzisi izinqubomgomo ezichaziwe zizobhekwa.

Ngokwenzayo, kunezici ezimbili okufanele uzicabangele lapho usetha iminyaka ye-password:

• Ezokuphepha
• Ukusebenziseka kalula komsebenzisi.

Iphasiwedi ivikeleke kakhudlwana uma kufushane isikhathi sayo sokuphela. Kunobungozi obuncane bokuthi bulethwe kwabanye abasebenzisi.

Ukusungula izinqubomgomo zokuguga ngephasiwedi, singasebenzisa umyalo shintsha:

[impande @ linuxbox ~] # chage
Imodi yokusetshenziswa: chage [izinketho] Izinketho ze-USER: -d, --lastday LAST_DAY isetha usuku lokuguqulwa kwephasiwedi lokugcina lube ngu-LAST_DAY -E, --expiredate CAD_DATE isetha usuku lokuphelelwa isikhathi kube ngu-CAD_DATE -h, - lo myalezo wosizo futhi uphela -I, --inactive INACTIVE ikhubaza i-akhawunti ngemuva kwezinsuku ezingu-INACTIVE kusukela ngosuku lokuphelelwa yisikhathi -l, --list ikhombisa imininingwane yeminyaka ye-akhawunti -m, --mindays MINDAYS isetha inombolo ubuncane bezinsuku ngaphambi kokushintsha iphasiwedi ibe yi-MIN_DAYS -M, --maxdays MAX_DAYS isetha inani eliphakeme lezinsuku ngaphambi kokuba iphasiwedi iguqulwe ibe ngu-MAX_DAYS -R, --root CHROOT_DIR lwemibhalo ibe yisiqubulo ku -W, --warwarays IZEXWAYISO zisetha izinsuku zesaziso sokuphelelwa yisikhathi ku-DAYS_NOTICE

Esihlokweni esandulele sidale abasebenzisi abaningana njengesibonelo. Uma sifuna ukwazi amanani weminyaka we-akhawunti yomsebenzisi nge NGENA NGEMVUME sibongile:

[root @ linuxbox ~] # chage - uhlu galadriel
Ukushintshwa kwephasiwedi kokugcina: Apr 21, 2017 Iphasiwedi iphelelwa yisikhathi: ayikaze Iphasiwedi engasebenzi: i-Akhawunti iphelelwa yisikhathi: ayikaze Inombolo encane yezinsuku phakathi kokushintshwa kwephasiwedi: 0 Isibalo esiphezulu sezinsuku phakathi kokushintshwa kwephasiwedi: 99999 Inani lezinsuku zesaziso ngaphambili iphasiwedi iphelelwa yisikhathi: 7

Lawo bekungamanani wokuzenzakalelayo uhlelo abenawo ngenkathi senza i-akhawunti yomsebenzisi sisebenzisa insiza yokuphatha yokuqhafaza "Abasebenzisi namaqembu":

Ukushintsha okuzenzakalelayo kokuguga kwephasiwedi, kunconywa ukuhlela ifayili /etc/login.defs y shintsha inani eliphansi lamanani esiwadingayo. Kulelo fayela sizoshintsha kuphela amanani alandelayo:

# Izilawuli zokuguga ngephasiwedi: # # PASS_MAX_DAYS Inani eliphakeme lezinsuku iphasiwedi ingasetshenziswa ngalo. # PASS_MIN_DAYS Ubuncane bezinsuku ezivunyelwe phakathi kokushintshwa kwephasiwedi. # PASS_MIN_LEN Ubuncane bephasiwedi eyamukelekayo. # PASS_WARN_AGE Inani lezinsuku ezinikeziwe ngaphambi kokuba iphasiwedi iphelelwe yisikhathi. # PASS_MAX_DAYS 99999 #! Ngaphezulu kweminyaka engama-273! PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7

ngamanani esiwakhethe ngokuya ngemibandela nezidingo zethu:

PASS_MAX_DAYS 42 # 42 izinsuku eziqhubekayo ongazisebenzisa iphasiwedi
PASS_MIN_DAYS 0 # iphasiwedi ingashintshwa nganoma yisiphi isikhathi PASS_MIN_LEN 8 # ubuncane bephasiwedi PASS_WARN_AGE 7 # Inani lezinsuku uhlelo olukuxwayisa ngalo # ukushintsha iphasiwedi ngaphambi kokuthi iphelelwe yisikhathi.

Sishiya lonke ifayili njengoba lalinjalo futhi sincoma ukuthi singashintshi amanye amapharamitha size sazi ukuthi senzani.

Amanani amasha azocatshangelwa lapho sakha abasebenzisi abasha. Uma siguqula iphasiwedi yomsebenzisi osedaliwe, inani lobude bephasiwedi lizohlonishwa. Uma sisebenzisa umyalo i-passwd esikhundleni sensiza yokuqhafaza futhi sibhala ukuthi iphasiwedi izoba «i-legolas17«, Uhlelo lukhononda njengethuluzi lokuqhafaza« Abasebenzisi namaqembu »futhi liphendula ukuthi«Ngandlela thile iphasiwedi ifunda igama lomsebenzisi»Yize ekugcineni ngamukela lelo phasiwedi elibuthaka.

[impande @ linuxbox ~] # ama-legolas adlulayo
Ukushintsha iphasiwedi yomsebenzisi we-legolas. Iphasiwedi Entsha: unozinti               # ingaphansi kwezinhlamvu eziyi-7
Iphasiwedi engafanele: Iphasiwedi ingaphansi kwezinhlamvu eziyi-8 Phinda uthayiphe iphasiwedi entsha: i-legolas17
Amaphasiwedi awafani.               # Kunengqondo?
Iphasiwedi entsha: i-legolas17
Iphasiwedi engafanele: Ngandlela thile iphasiwedi ifunda igama lomsebenzisi Phinda uphindaphinde iphasiwedi entsha: i-legolas17
passwd: wonke amathokheni wokuqinisekisa abuyekezwe ngempumelelo.

Sithola "ubuthakathaka" bokumemezela iphasiwedi efaka i- NGENA NGEMVUME yomsebenzisi. Lowo mkhuba onganconyiwe. Indlela eyiyo kungaba:

[impande @ linuxbox ~] # ama-legolas adlulayo
Ukushintsha iphasiwedi yomsebenzisi we-legolas. Iphasiwedi Entsha: Okufanayo
Thayipha kabusha iphasiwedi entsha: Okufanayo
passwd: wonke amathokheni wokuqinisekisa abuyekezwe ngempumelelo.

Ukushintsha amanani wokuphelelwa yisikhathi we iphasiwedi de sibongile, sisebenzisa umyalo we-chage, futhi kufanele sishintshe kuphela inani le- PASS_MAX_DAYS kusuka ku-99999 kuye ku-42:

[impande @ linuxbox ~] # chage -M 42 galadriel
[impande @ linuxbox ~] # chage -l galadriel
Ukushintshwa kwephasiwedi kokugcina: Apr 21, 2017 Iphasiwedi iyaphela: Jun 02, 2017 Iphasiwedi engasebenzi: ayiphelelwa yisikhathi i-Akhawunti: ayikaze Inani elincane lezinsuku phakathi kokushintshwa kwephasiwedi: 0 Isibalo esiphezulu sezinsuku phakathi kokushintshwa kwephasiwedi: 42
Inani lezinsuku zesaziso ngaphambi kokuphela kwephasiwedi: 7

Futhi nokunye, singashintsha amaphasiwedi wabasebenzisi asebavele badaliwe namanani wabo wokuphelelwa yisikhathi ngesandla, sisebenzisa ithuluzi lokuqhafaza «Abasebenzisi namaqembu», noma ukusebenzisa umbhalo - iskripthi lokho kwenza omunye umsebenzi ongasebenzi.

• Ngale ndlela, uma sakha abasebenzisi bendawo bohlelo ngendlela enganconywa yimikhuba ejwayelekile kakhulu ephathelene nokuvikeleka, singakushintsha lokho kuziphatha ngaphambi kokuqhubeka nokusebenzisa amasevisi amaningi asuselwa ku-PAM..

Uma sakha umsebenzisi futhi con NGENA NGEMVUME «futhi»Nephasiwedi«Iphasiwedi»Sizothola imiphumela elandelayo:

[izimpande @ linuxbox ~] # useradd anduin
[impande @ linuxbox ~] # i-passwd anduin
Ukushintsha iphasiwedi yomsebenzisi futhi. Iphasiwedi Entsha: Iphasiwedi
Iphasiwedi engafanele: Iphasiwedi ayidlulisi ukuqinisekiswa kwesichazamazwi - Isuselwe egameni kusichazamazwi. Thayipha kabusha iphasiwedi entsha: Iphasiwedi
passwd - Onke amathokheni wokuqinisekisa abuyekezwe ngempumelelo.

Ngamanye amagama, uhlelo lwakha ngokwanele ukukhombisa ubuthakathaka be-password.

[impande @ linuxbox ~] # i-passwd anduin
Ukushintsha iphasiwedi yomsebenzisi futhi. Iphasiwedi Entsha: Okufanayo
Thayipha kabusha iphasiwedi entsha: Okufanayo
passwd - Onke amathokheni wokuqinisekisa abuyekezwe ngempumelelo.

Isifinyezo Senqubomgomo

• Kuyacaca ukuthi inqubomgomo yokuxakaniseka kwephasiwedi, kanye nobude obuncane bezinhlamvu ezi-5, inikwe amandla ngokuzenzakalela ku-CentOS. Ku-Debian, isheke lokuyinkimbinkimbi lisebenzela abasebenzisi abajwayelekile lapho bezama ukushintsha iphasiwedi yabo ngokucela umyalo i-passwd. Okomsebenzisi izimpande, akukho ukulinganiselwa okuzenzakalelayo.
• Kubalulekile ukwazi izinketho ezahlukahlukene esingazimemezela efayeleni /etc/login.defs usebenzisa umyalo ukungena ngemvume kwabantu.
• Futhi, hlola okuqukethwe kwamafayela / etc / default / useradd, futhi nakuDebian /etc/adduser.conf.

Abasebenzisi bohlelo namaqembu

Ngenqubo yokufaka uhlelo lokusebenza, kudalwa uchungechunge lonke lwabasebenzisi namaqembu okuthi, incwadi eyodwa ibize Abasebenzisi Abajwayelekile nenye Abasebenzisi bohlelo. Sincamela ukubabiza ngokuthi Abasebenzisi Besistimu Namaqembu.

Njengomthetho, abasebenzisi bohlelo bane- I-UID <1000 futhi ama-akhawunti akho asetshenziswa izinhlelo ezahlukene zohlelo lokusebenza. Isibonelo, i-akhawunti yomsebenzisi «ingwane»Isetshenziswa uhlelo lwe-squid, ngenkathi i-akhawunti ye-« lp »isetshenziselwa inqubo yokuphrinta kusuka kubahleli bezwi noma bombhalo.

Uma sifuna ukufaka kuhlu labo basebenzisi namaqembu, singakwenza sisebenzisa imiyalo:

[izimpande @ linuxbox ~] # ikati / njll / passwd
[izimpande @ linuxbox ~] # ikati / njll / iqembu

Akunconyelwa nakancane ukuguqula abasebenzisi namaqembu wohlelo. 😉

Ngenxa yokubaluleka kwayo, siyaphinda ukuthi kuCentOS, I-FreeBSD, kanye nezinye izinhlelo zokusebenza, iqembu -system- liyakhiwa Isondo ukuvumela ukufinyelela njenge izimpande kubasebenzisi besistimu kuphela bakulelo qembu. Funda /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html, futhi /usr/share/doc/pam-1.1.8/html/Linux-PAM_SAG.html. I-Debian ayifaki iqembu Isondo.

Ukuphatha ama-akhawunti wabasebenzisi neqembu

Indlela enhle yokufunda ukuthi ungaphatha kanjani ama-akhawunti womsebenzisi neqembu yile:

• Ukuzijwayeza ukusebenzisa imiyalo ebhalwe ngenhla, mhlawumbe kumshini obonakalayo futhi ngaphambili wokusebenzisa amathuluzi wokuqhafaza.
• Ukubonisana namabhukwana noma amakhasi omuntu yomyalo ngamunye ngaphambi kokucinga eminye imininingwane ku-Intanethi.

Ukuzijwayeza umbandela omuhle weqiniso.

Isifingqo

Ngokude, i-athikili eyodwa ebekelwe Ukuphatha Abasebenzisi Bendawo Namaqembu akwanele. Izinga lolwazi uMlawuli ngamunye alitholayo lizoya ngentshisekelo yomuntu siqu ekufundeni nasekujuleni ngalokhu nezinye izihloko ezihlobene. Kuyafana nazo zonke izici esizithuthukisile ochungechungeni lwezihloko Amanethiwekhi we-SME. Ngendlela efanayo ungayijabulela le nguqulo ku-pdf lapha

Ukulethwa okulandelayo

Sizoqhubeka nokwenza izinsizakalo ngokuqinisekisa ngokumelene nabasebenzisi bendawo. Sizobe sesifaka insizakalo yemiyalezo esuselwa ohlelweni I-Prosody.

Sizobonana maduze!