(4) the shutdown command with the shutdown command to shut the system, the program sends a warning notification shutdownshell all users leave the system in a given period of time "to terminate the process after the demolition of the file system, enter single user mode or shutdown.
Once you enter single user mode, all the gettys stops running, the user cannot log on. After entering the shutdown available electrical system off. Shutdown only as the root user from running on the system console. So any of the shutdown command can only be run on the root writable. (5) the system V cron program cron on UNIX systems are multi-user mode is run, according to the provisions of the schedule to execute the specified command, every minute, check a file, search for/usr/lib/crontab should run program? if you find a program to run, just run the program, or sleep wait a minute. Actual/usr/lib/crontab for rules under full day schedule to run the program, you can also run during the day and at night to run scared of reducing other users rate programs. Often programs that run from cron is such as accounting, save the file in this program. Cron in General after the system enters the number of users, by/etc/rc starts running when shutdown killall command will stop running. By cron to run programs as root, so it should be noted that what is in the crontab, also make sure that/usr/lib/crontab and listed in the table of any program on any person who is not writable. If the user needs to execute a program from cron, system administrators can use the su command in the crontab entry in a table, so that users cannot obtain root privileges. (6) the system V release 2 after cron program in the system V release 2, cron was modified to allow users to create their own crontab entry,/usr/lib/crontab file no longer exists, the files in the directory/usr/spool/cron/crontabs instead. These file formats and crontab the same, but each file with a user in the system, and to a corresponding user name to run by cron. If you want to restrict users to set up crontab may file/usr/lib/cron/cron.allow file lists allow users to run crontab command. Any column in the file, the user cannot run crontab. Conversely, if you prefer to list does not allow the user to run crontab command, you can bring them into/usr/lib/cron/cron.deny file not listed in the files of other users will be allowed to set up crontab. Note: If both files exist, the system will use cron.allow, ignore cron.deny. If two files are not present, only root can run crontab. therefore, if you want to allow all users on the system can run crontab command, should establish an empty cron.deny file, if it exists cron.allow, delete the file. This version of the cron command levels of security than the previous high, because the user can only see their own crontab, system administrators do not have to worry about other users of the program will run as root, because the Allow log on user of each system has its own crontab, also simplifies the program must be run from cron, but do not have to run as root systems program. You must ensure that the root crontab file only root can write, and the file is located in a directory and all parent directories are writable only to root. (7)/etc/profile whenever users (including root) when you log in, the shell executes/etc/profile file, make sure that the file and from the file running programs and commands are only root can write. 5./etc/passwd file/etc/passwd file is a UNIX security one of the key file. This file is used to validate users when they log in the user's password, of course, should only be writable by root. File of each line in the General format is: LOGNAME: PASSWORD: UID: GID: USERINFO: HOME: SHELL for the first two of each row is a login and encrypted password, followed by two numbers is the UID and GID, followed by a system administrator would like to write about the users of any information, the last two are two path name: one is assigned to the user's HOME directory, and the second is when the user logs on, the shell will be executed (if space is the default for/bin/s). (1) password aging/etc/passwd file format enables the system administrator can require users to periodically change their passwords. In the password file, you can see that some of the encrypted password with commas comma after several characters and a colon. Such as: steve: xyDfccTrt180x, M.y8: 0: 0: admin:/:/bin/shrestrict: pomJk109Jky41,. 1: 0: 0: admin:/:/bin/shpat: xmotTVoyumjls: 0: 0: admin:/:/bin/sh can see steve's password after comma has 4 characters, restrict 2, pat No commas. The comma after the first character is a password is valid for a maximum number of weeks, the second character determines the user again modify the message before the original password should use the most number of Xiao zhouto (this prevents the user to a new password and change it back after into old password).The remaining characters indicate the password of the latest modification time. To be able to read the password in the information after comma, you must first know how to use count to count passwd_esc:. = 0/= 10-9 = 2-11A-Z = 12-37a-z = 38-63 system administrator must be the first two characters into/etc/passwd file to require users to regularly change the password, the other two characters when the user changes a password, fill the passwd command. Note: If you want to let users change passwords, the last time a password is modified, on both the "." , Then the next time the user logs on will be required to modify their own password. There are two special cases:. Maximum number of weeks (the first character) is less than the number of Xiao zhouto (the second character), you do not allow users to modify passwords, only the superuser may change the password for the user. The first and the second character is the "." When the user next login is required to modify password, modify password passwd command after the "." Remove, then no longer requires the user to modify the password. (2) UID and GID/etc/passwd UID in the important information, the system uses the UID instead of the login name is the difference between users. In General, the user's UID should be unique, other users should not have the same UID values. In accordance with established practice, from 0 to 99 UID retention as a system user UID (root, bin, uucp, etc.). If/etc/passwd file has two different entries have the same UID (owner), the user on each other's files have the same access privileges. 6./etc/group file/etc/group file contains information about the group, each/etc/passwd GID in this paper should have a corresponding entry, the entry entry lists the group name and group of users. This can easily understand each group of users, it must, in accordance with GID in/etc/passwd file from beginning to end to find the same set of users. /Etc/group file on group permissions control is not necessary because the system uses the UID, GID (taken from/etc/passwd) determines the file access permissions, even if/etc/group file does not exist in the system, have the same GID of the user or group access permissions for shared files. Groups like the logged-in users can have the password. If/etc/group file entries in the second field is not empty, you will be considered to be an encrypted password, the newgrp command will require the user to export order, then the password will be encrypted, the encryption password for the domain. To the group set up a password is usually not a good practice. First, if the group to share files, if there is someone guess the password with the group, that group of all user files may leak; Secondly, the management group password alot, because the group is similar to the passwd command. Available/usr/lib/makekey generates a password write/etc/group. following must establish new groups: (1) you may want to add a new user, the user does not belong to any one of the existing group. (2) a user may often need alone as a group. (3) a user may have an SGID programs, the need for a group alone.
No comments:
Post a Comment