[ Pobierz całość w formacie PDF ]
.When it notices an incoming network login i.e., it notices that it gets a newvirtual connection to some other computer , it starts a new process to handle thatsingle login.The original process remains and continues to listen for new logins.To make things a bit more complicated, there is more than one communicationprotocol for network logins.The two most important ones are telnet and rlogin.In addition to logins, there are many other virtual connections that may be made for 8.3.What login does 80FTP, Gopher, HTTP, and other network services.It would be ine ective to have aseparate process listening for a particular type of connection, so instead there is onlyone listener that can recognize the type of the connection and can start the correcttype of program to provide the service.This single listener is called inetd; see theLinux Network Administrators' Guide for more information.8.3 What login doesThe login program takes care of authenticating the user making sure that the user-name and password match , and of setting up an initial environment for the user bysetting permissions for the serial line and starting the shell.Part of the initial setup is outputting the contents of the le etc motd shortfor message of the day and checking for electronic mail.These can be disabled bycreating a le called.hushlogin in the user's home directory.If the le etc nologin exists, logins are disabled.That le is typically createdby shutdown and relatives.login checks for this le, and will refuse to accept a loginif it exists.If it does exist, login outputs its contents to the terminal before it quits.login logs all failed login attempts in a system log le via syslog.It also logsall logins by root.Both of these can be useful when tracking down intruders.Currently logged in people are listed in var run utmp.This le is valid only untilthe system is next rebooted or shut down; it is cleared when the system is booted.Itlists each user and the terminal or network connection he is using, along with someother useful information.The who, w, and other similar commands look in utmp tosee who are logged in.All successful logins are recorded into var log wtmp.This le will grow withoutlimit, so it must be cleaned regularly, for example by having a weekly cron job toclear it.1 The last command browses wtmp.Both utmp and wtmp are in a binary format see the utmp manual page ; it isunfortunately not convenient to examine them without special programs.8.4 X and xdmMETA: X implements logins via xdm; also: xterm -ls1Good Linux distributions do this out of the box. 8.5.Access control 818.5 Access controlThe user database is traditionally contained in the etc passwd le.Some systemsuse shadow passwords, and have moved the passwords to etc shadow.Sites withmany computers that share the accounts use NIS or some other method to storethe user database; they might also automatically copy the database from one centrallocation to all other computers.The user database contains not only the passwords, but also some additional infor-mation about the users, such as their real names, home directories, and login shells.This other information needs to be public, so that anyone can read it.Therefore thepassword is stored encrypted.This does have the drawback that anyone with accessto the encrypted password can use various cryptographical methods to guess it, with-out trying to actually log into the computer.Shadow passwords try to avoid thisby moving the password into another le, which only root can read the passwordis still stored encrypted.However, installing shadow passwords later onto a systemthat did not support them can be di cult.With or without passwords, it is important to make sure that all passwords in asystem are good, i.e., not easily guessable.The crack program can be used to crackpasswords; any password it can nd is by de nition not a good one.While crackcan be run by intruders, it can also be run by the system adminstrator to avoid badpasswords.Good passwords can also be enforced by the passwd program; this is infact more e ective in CPU cycles, since cracking passwords requires quite a lot ofcomputation.The user group database is kept in etc group; for systems with shadow pass-words, there can be a etc shadow.group.root usually can't login via most terminals or the network, only via terminalslisted in the etc securetty le.This makes it necessary to get physical access toone of these terminals.It is, however, possible to log in via any terminal as any otheruser, and use the su command to become root.8.6 Shell startupWhen an interactive login shell starts, it automatically executes one or more pre-de ned les.Di erent shells execute di erent les; see the documentation of eachshell for further information. 8.6.Shell startup 82Most shells rst run some global le, for example, the Bourne shell bin shand its derivatives execute etc profile; in addition, they execute.profile in theuser's home directory.etc profile allows the system administrator to have set up acommon user environment, especially by setting the PATH to include local commanddirectories in addition to the normal ones.On the other hand,.profile allows theuser to customize the environment to his own tastes by overriding, if necessary, thedefault environment. 8.6.Shell startup 83STARTinit: fork +exec("/sbin/getty")getty: wait for usergetty: read username,exec("/bin/login")login: read passwordnologin: exit do they match?yeslogin: exec("/bin/sh")sh: read and executecommandssh: exitFigure 8.1: Logins via terminals: the interaction of init, getty, login, and the shell. Chapter 9Managing user accountsThe similarities of sysadmins and drug dealers:both measure stu in K' s, and both have users.Old, tired computer joke.This chapter explains how to create new user accounts, how to modify the propertiesof those accounts, and how to remove the accounts.Di erent Linux systems havedi erent tools for doing this.9 [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • funlifepok.htw.pl

    •