޲zu@A۷n@NOy޲zbzաI]ӨtγOAb޲zAåBҦ@Τ᪺ӽСAnzLAU~IҥHANnAѤ@Up޲zn@Ӻb޲zաIb޲z Linux DbɡAڭ̥AѤ@U Linux 쩳OpOC@ӨϥΪ̪I

• ϥΪ̪ ID Psժ ID G

Linux ä|{ѧAybW١zAL{ѪOAyb ID z~OIpGAgH tarball w˹Ln骺ܡAӤo{AbY᪺ɮסAK?ɮ׾֦̳MOyƦrzH_ǧaHoSn_ǪA] Linux bܡALuu{ѥNAXӤwIӹXPbAhOOb /etc/passwd I

• ˵nJ Linux DrH

nFAڭ̦Aӽͤ@͡A쩳ڭ̬O˵nJ Linux DOH]աIڭ̦bDeΪ̬OH telnet Ϊ ssh nJDɡAtη|X{@ login eAJbAoӮɭԷAJbPKXA Linux |G
@
1. M /etc/passwd ̭O_oӱbHpGShXApGܫhNӱb UID ( User ID )P GID ( Group ID )ŪXӡAt~AӱbaؿP shell ]w]@ŪXF
2. AӫhOֹKXաIo Linux |iJ /etc/shadow ̭XbP UIDAMֹ@UAJKXPYKXO_۲šH
3. pG@ OK ܡANiJ Shell ުqoI

jPWpNoˡAҥHOAAnnJA Linux DɭԡA /etc/passwd P /etc/shadow NntŪաA]o]Oܦh̷|NSbg /etc/passwd YhtGI^ҥHOApGAnƥ Linux tΪbܡAoɮ״N@wݭnƥ~I

• { UIDBGIDBSUIDPSGIDG

ٰOoڭ̦byɮרtλPɮݩz@g峹ɭԦC@ɮ׳㦳y֦HP֦sաzݩʶܡHɮצpPOL֦̻PsթOHNOQ UID P GID աIC@ɮ׳|ҿת֦ ID P֦s ID AYO UID P GID AMtη|̾ /etc/passwd eAhNɮת֦̻PsզW١AϥαbΦӨqXӡIڭ̥iH@ӤpAAiHH root vi /etc/passwd AMNA@먭ϥΪ̪ ID HK@ӸXAMAA@먭ؿUݬݭӱb֦ɮסAA|o{ɮת֦HܦFyƦrFzIo˥iHzѤFܡH
 

[root @test /root]# vi /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin test:x:500:500:test user:/home/test:/bin/bash  <==N 500 令 510  [root @test /root]# cd /home/test [root @test test]# ll  -rw-rw-r--    1 500      test        12542 Apr 12 11:22 test ݤWA֦oܦFƦrF

AѤFAл֦^ /etc/passwd ̭ANƦr^ӳI

• { /etc/passwd ɮ׻P /etc/shadow ɮסG

ѤWzjwgDAKKIb޲z̭nɮ״NOy /etc/passwd P /etc/shadow zFIoɮץiHO Linux Y̭nɮפ@FIpGSoɮתܡAIziOLknJ Linux I
@
• passwd cyG

oɮתcyOo˪GC@泣N@ӱbAXNNXӱbbAtΤILݭnSOdNOAYܦhbӴNOtΤn]Ҧp bin, daemon, adm, nobody ^AФnHNL??F
 

root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin

WO Mandrake 9.0 w]XӱbAoDZbOtΦbϥΪIڭ̥Ӭݤ@U root oӨtκ޲zo@nFAAiH㪺ݥXӡAC@ϥΡy:zj}A@CөNNAOO
 

1. bWGNObWٰաI UID ΪIҦp root NOw]tκ޲zbW١F

@
2. KXG Unix tΪKXOboɮפALѩoˤ@ӫܮeyƪQѨAҥHӴNNƵL /etc/shadow FAo@@UAAӳo̧A|ݨ@ x AIO߱KXwgQʨ shadow oӥ[KL᪺ɮoF

@
3. UIDGoӴNOϥΪѧOX]ID^oIq` Linux UID XӭݭnzAѤ@UG
• 0 tκ޲zAҥHAn@t@Өtκ޲zbɡAAiHNӱb UID 令 0 YiF
• 1~500 OdtΨϥΪIDA 1~65534 bèSPA]NOF 0 ~AL UID èS@ˡAw] 500 HUtΧ@OdbuO@ӲߺDCo˪nBOAH named ҡAoӵ{w]ҦH named b UID O 25 ALbPˬO 25 ɡAܥi|ytΪ@ǤpDIFo˪DAijOd 500 He UID tΧaI
• 500~65535 @ϥΪ̥ΪI
Wo˻iHAѤFܡHOA UID 0 ɭԡANO root IҥHЯSOdN@UA /etc/passwd ɮסI
@
4. GIDGoӻP /etc/group I /etc/group [P /etc/passwd thAuOLOΨӳWd group ӤwI

@
5. Go򥻤WèSγ~AuOΨӸoӱbNqӤwI LApGzѨϥ finger \ɡAoiHѫܦhTOIU chfn iH@UoI

@
6. aؿGoOϥΪ̪aؿAHWҡA root aؿb /root AҥH root nJAWbҦbNO /root YաIIpGAӱbϥΪŶSOjAAQnNӱbaؿʨLwХhASIiHbo̶iקIw]ϥΪ̮aؿb /home/yourIDname

@
7. Shell Gҿת shell OΨӷqHUFOPw𫗪uʧ@ɭIڭ̳q`ϥ /bin/bash o shell ӶiOUFI shell Ϊkڭ̷|b᭱AΪIo̤ݭn`NOA@ shell iHΨӴNbLknJOINO /bin/false oӪFIo]iHΨӻs@ pop lb̪ƩOI
• shadow cyG

ѩ /etc/passwd äwAҥHӵoiXNKXʨ /etc/shadow oɮפj}Ӫ޳NIåB[JFܦhѼƦb /etc/shadow YIڭ̨AѤ@UoɮתcyaI
 

root:$K.K2.hqu.QfV.dkjjteojiasdlkjeo:11661:0:99999:7::: bin:*:11661:0:99999:7::: daemon:*:11661:0:99999:7::: adm:*:11661:0:99999:7:::

oO shadow ΦA]P˪Hy:z@jŸCƤ@ơA@iHo{EAOLpUG
 

1. bWGoӸ passwd ݭnI]NO passwd ۦPNաI

@
2. KXGoӤ~OuKXAӥBOgLsXLKXաIAu|ݨ즳@ǯSŸrNOFIݭnSOdNOAMoǥ[KLKXQѥXӡAOyzy|zAҥHAoɮתw]ݩʬOy-rw-------zYu root ~iHŪgNOFIAoHɪ`NAnpߧʤFoɮתݩʩOIt~ApGObKX檺Ĥ@Ӧry * zܳoӱbä|QΨӵnJNCҥHU@@ѧAYӨϥΪ̤ĮɡAiHboɮפANLKXh[@ * IKKILNLkϥθӱboILܨĤFAALҥΰڡI

@

`NƶGKXѰOΪ̳QʤFH ɭԷ|oͳo˪pANOAA root KXѰOFInHsw˶ܡHt~AɭԬOQJIFA root KXQʹLAӦpOnH oӮɭԴNnϥΨ /etc/shadow oӸƤFIڭ̭訚DKXOsboɮפAҥHunAHnж}AiJyH@tΡzANiHοJKXӥH root nJ]q`NOb boot: ɿJ linux single NOFI^MiJ /etc/shadow oɮפAN root KXo@MšIMAnJ Linux @AoӮɭ root NݭnKX]ɭԻݭnJťզr^NiHnJFIoӮɭԽл֥H passwd ]w root KXYiI

@
3. WʱKXGoOFyʱKX@ѡzALAܩ_ǧrIbڪҤl|O 11979 OHAoӬO]p Linux ɶOH 1970 ~ 1 1 @ 1 A 1971 ~ 1 1 h 366 աIҥHoӤO֥[OIo`N@UoӸI̪ 2002 ~ 1 1 NO 11689 աAAѤFܡH

@
4. KXiQʪѼGĥ|OFoӱbKXݭngLXѤ~iHQܧIpGO 0 ܡAܱKXHɥiHʪNCoOFȱKXQYǤH@Aӳ]pIpG]w 20 ѪܡAA]wFKXA 20 ѤLkܳoӱKXI

@
5. KXݭnsܧ󪺤ѼGѩ`ȱKXQYǡyߤHhzѨӦM`ӨtΪwAҥHFo쪺]pCAnboӮɶs]wAKXA_hoӱbN|ȮɥġCӦpGW 99999 ܡANܡAAKXݭnsJաILApGOFwʡA̦niH]w@qɶAYnDϥΪܧKXOI

@
6. KXݭnܧeĵiGbKXĴ֭n쪺ɭԡAtη|̾ڳo쪺]wAoXyĵiz׵oӱbALyAL n ѧAKXNnĤFAкɧ֭s]wAKXIzApWҤlAhOKXe 7 ѤAtη|ĵiӥΤC

@
7. bĴGpGΤLFĵiSsJKXAϱoKXĤFAӸӥΤbo쭭wɶSS root AbsҥΡAoӱbNȮɪġI

@
8. bGoӤĤT@ˡAOϥ 1970 ~HӪ]wCoܡGoӱbbWwANLkAϥΡCo|Qϥγq`ӬObyOAȡztΤAAiHWw@ӤӱbAϥΰաI

@
9. OdG̫@OOdAݥHᦳSs\[JC
@

o /etc/shadow OܭnơAdU򥢤]Q root H~HݨέקIרOKXA]ܦeNwgoFyɤOpzKX{ApGAKXQݹLFAhOHiHQθӵ{htXAuKXAAɭԥiN˸FIOOI򤰻O SUID P SGID OHeLFIɮݩʤA Io  hݬݧaI

• { /etc/group P /etc/gshadow ɮסG

{ѱbPKXOϥ /etc/passwd P /etc/shadow A{ group NO /etc/group P /etc/gshadow oIOKIڭ̤]ӬݬݳoɮתcyaI
 
• { /etc/group

oɮץiHANbҭn䴩sե[iӡIҦpA@ӱbW٬ myaccount AAQnoӱbiH䴩 root oӸsաAhAiHb /etc/group ̭[JOIܤKAݭnʥΪOI
 

root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon

oӤe]pUG
 

1. sզWGNOsզWٰաI
2. sձKXGq`ݭn]wA]ڭ̫ܤ֨ϥΨsյnJILAP˪AKX]OQb /etc/gshadow oI
3. s IDGNOҿת GID աI
4. 䴩bWGoӸsո̭ҦbApWҨApGAQn mysccount ]ݩ root oӸsժܡANNWĤ@̫᭱[W ,myaccount ]nŮ^Ϧyroot:x:0:root,myaccountzNiHաC
• /etc/gshadow cyG

 

root:::root bin:::root,bin,daemon daemon:::root,bin,daemon sys:::root,bin,adm adm:::root,adm,daemon

@ӻAgroup password OΨǤb group A{ɥ[J group ΪA쪺ܥiHϥ man newgrp AѤ@ULΪkILA]oA "KX"An޲zA]ܤ֥ΡCuQ[JApN[JӸsաAαKXϦӤKC

• W[ϥΪ̪@BJG

sWϥΪ̪ɭԡApGӨϥΪ̩ݪsդsbAho(1)sWsաFM(2)AsWϥΪ̱bCMApGnRsծɡAhnϹLӡARϥΪ̤~RsաIoIФjadNoI

{ѧF@ǻݭn`NF褧Aڭ̨Ӭs@UpHyOzW[sաBϥΪ̻PܧKXaIbUӪҤlAyziH̷өUרҪUFOhլݬݡIz@OuܭnաI

---

• groupadd

ykG

[root @test /root ]# groupadd [-g GID] groupname ѼƻG -g GID Gۦ]w GID jp dҡG [root @test /root]# groupadd -g 55 testing<==]w@ӸsաAGID  55

G
oӫO|W[sթOIӧ@Ψ쪺ɮץuy/etc/group P /etc/gshadowzoɮסAbAA]iHקoɮ״NnFAڥݭnϥΨoӫOIϥ vi קWɮ٤²OIt~ApGAnsWϥΪ̩ҭnsըäsbtΤAzbW[ϥΪ̱beANnsWsoI

---

• groupdel

ykG

[root @test /root ]# groupdel groupname ѼƻG dҡG [root @test /root]# groupdel testing

G
o²檺ANON group ID LhILA@InSOdNANOybsդeAХNӸsժ primary ϥΪ̧RIz~nIO Primary ϥΪ̩OHF]²աINO /etc/passwd ̭A GID ]woӸsժ GID ӨϥΪ̴NաI

---

• useradd

ykG

[root @test /root ]# useradd [-u UID] [-g GID] [-d HOME] [-mM] [-s shell] username ѼƻG -u   G@ UID -g   G@ GID ] GID wgsb /etc/group ^ -d   GNLaؿVwgsbؿ]tΤ|Aإߡ^ -M   Gإ߮aؿ -s   GwqϥΪ shell dҡG [root @test /root]# useradd testing    <==Hw]ƫإߤ@ӦW testing b [root @test /root]# useradd -u 720 -g 100 -M -s /bin/bash testing   <==Hۤv]wإ߱b

G
oӫOܧɮץihFI]AFUUɮסG
@
• /etc/passwd
• /etc/shadow
• /etc/group
• /etc/gshadow
• /etc/skel
• /etc/default/useradd
• /etc/login.defs

إ߹w]bG
إ߱bɭԡApGSS]wAq`ڭ̥uϥΡy useradd username zNiHإߤ@ӦW username bFILADw]b򥻳]wܡHKKKKI򥻳]wNb /etc/login.defs P /etc/default/useradd oɮפIb login.defs YIUoˡG

MAIL_DIR        /var/spool/mail  <==lw]ؿ\B PASS_MAX_DAYS   99999           <==KXݭnܧ󪺮ɶ PASS_MIN_DAYS   0            <==KXh[ݭnܧ PASS_MIN_LEN    5            <==KX̤pס]oӥiHj@ǧaI^ PASS_WARN_AGE   7            <==KX֭nĤeXѵoĵiTH UID_MIN                   500    <==w]b̤p_⪺ UID ƥء]̤p 500 ^ UID_MAX                 60000    <==̤j UID GID_MIN                   500    <==GID GID_MAX                 60000    <==GID CREATE_HOME     yes            <==O_إ߮aؿAw]Onإ߮aؿ]Y mail server iHء^

XGiH]wbo̳]wFIҥHݭnAѤ@UoɮסIt~ApGAOM} mail server AѩϥΪ̱bݭnnJDAҥH]NݭnaؿAoӮɭԳ̫@ GREATE_HOME Ϊ̥iH]w no I~AAHw]ƫإ߱bɡAӱb UID N|ثeb /etc/passwd y̤j]Op 60000^z@ UID + 1 YOw]b UID oI

Ӧܩ useradd ehG

GROUP=100      <==w]ϥΪ̸sլ 100 Adݤ@U /etc/group ɡAoӸsզW٬ users OI HOME=/home     <==w]ϥΪ̪aؿإߪؿ INACTIVE=-1    <==O_ҰʡA]w -1 ۵MNOҰʰաI EXPIRE=        <==O_ݭn]wy`zɶHpGAƱӥΤb줧N\nJAiH]wѼơC SHELL=/bin/bash <==w] Shell H SKEL=/etc/skel <==ϥΪ̮aؿeI

boӶؤA̻ݭnAѪNO SKEL աIAإߤ@ӦW testing bɡAw]aؿ|Oy /home/testing zoӥؿAӳoӥؿeNO /etc/skel copy LhIҥHyAQnϥΪ̪w]aؿeʮɡAiHNnʪƼgb /etc/skel Iz

Hۤvإ߱bG
pGnHۤvإ߱bɭԡA@ڳOwʪW[աIMNOHW@ӨҤlW[@ӱbAbhʭק /etc/passwd ɮסI

---

userdel

ykG

[root @test /root ]# userdel [-r] username ѼƻG -r  GNӱb[home directory]P[/var/spool/mail/username]@֧RI dҡG [root @test /root]# userdel testing     <==u屼 /etc/passwd P /etc/shadow ӱbeF [root @test /root]# userdel -r testing<==sӱb /home/testing P /var/spool/mail/testing 屼I

G
oӫOUFɭԭnpߤFIq`ڭ̭n@ӱbɭԡAAiHʪN /etc/passwd P /etc/shadow YӱbYiI@ӨApGӱbuOyȮɤҥΡzܡAN /etc/shadow Y̫˼Ƥ@]w 0 NiHӱbLkϥΡAOҦӱbƳ|dUIϥ userdel ɾq`OyAuTwnӥΤbDWϥΥƤFIz

---

chsh

ykG

[root @test /root ]# chsh [-l] [-s shellname] ѼƻG -l   GCXثeoWΪ shell W -s   Gܥثe shell shellname dҡG [test @test /root]# chsh -l          <==CXWҦΪ shell W /bin/sh /bin/bash /bin/ash /bin/bsh /bin/csh [test @test /root]# chsh -s /bin/csh  <==test oӥΤۦܦۤvw] shell

G
oOΨӧܨϥΪ̦ۤv shell OIn`NAѩoɮׯ /etc/passwd eAҥHLw]ݩʴN SUID ݩʤFIq` VBird ]|ϥγoӫOA] /etc/passwd NiHաI

---

chfn

ykG

[root @test /root ]# chfn ѼƻG dҡG [test@test test]$ chfn Changing finger information for test. Password:                    <==o̿JsKX Name [Testing]: Testing      <==o̿JAnܪyʺ١z Office []:  Office Phone []: Home Phone []: Finger information changed.

G
oӫObADOADܦhΤA_h˯uOΤ۳oӵ{IoNIO bbs YAyӤHݩʡz@ӸưաIoӵ{DnOft finger o{bB@ILAѩ finger o{OܦwAҥHw]OSw˥LIpGzQn@U finger ܡAХѦ RPM MwˤeAbw finger RPM ɮסAMAӪaIUo̳٬O²檺Ф@UNnFI
ϥ chfn oӫOA{|nDzJ\hTA]tFG

KX
ʺ
줽ǸX
줽ǹq
a̹q

oXөNNL]wnAA /etc/passwd |ܦ˩OHڭ̥H޽uROAtXWܪkAX test oӤHTpUG

[root @test root]# more /etc/passwd | grep test test:x:501:501:Testing user,06-123-1234,06-123-1234,06-123-1234:/home/test:/bin/bash

KKIhXF@dzrIjbĤToIӴNO chfn 諸ToIuoӦaNOFIҥHA]iHۦקOIAӧAiHϥ finger test Ӭݤ@U test oӤH򥻸TI

---

userconf

׫򻡡AH useradd P groupadd oӫOӼW[sջPb`OӤKI򦳨Sϧάɭ觋iHӷsWϥΪ̩OHIMAb Mandrake P Red Hat NOϥ userconf NiHաI]zwgwˤF Linuxconf oӮMAҥH۵M]Nt userconf oөNNI]AH root bOCҦJ userconf N|X{UϡG
@ @
boӵeAثeڭ̩ҭnϥΨ쪺\uG

• User accounts
• Group definitions
• Change root password

MAڭߪu User accounts o@oIbާ@WAϥΡyWUzʤϥժuAӨϥΡyTabzӨϴвʨ쩳U Quit Help sIUڭ̴@bb޲z譱A̱`ϥΪӥ\AOOywsbbץP޲zzAΡysWbIz

• ݤwsbbeBץP޲zG

bWϷAHWU䲾ʴШ User accounts WhAMU Enter aI|ܦpUeG
@

@
bWoӵeAڭ̥iHo{C@ӦΪbbWYAӥLDnT]CܦbWYFIMաAoǸTyb /etc/passwd ̭IzSIҥHAunD passwd oɮ׸̭NNqAo̴NܮeAѥLNաInFA]ڭnק test oӤwgsbϥΪ̸TANNвʨ test WAMU Enter A|X{pUϥܡG
@

@
z|o{AЬObk䪺 Base info ̭AAiHʴСAåBhקLOIҦpAnק group ܡANʨ users WhA׭קYiIP˪A HOME( aؿ )P shell ( NO Command interpreter @ )קﳣOʴЦAӭ׭qYiIoӤաILApGnקKXOHANݨϥ <Tab> Aʨ Passwd ӫsWAULANiH]wKXFI
@

@
ק粒A|^bϥܪeAoӮɭԱziH~[LbOI

• sWbG

AӫhOsWbIbbϥܵeUyTabz Nвʦ Add o@A EnterA|X{G
@

@
boӵeAAһݭnJu Login name NiHFALFtη|۰A]w] (opt) Otη|ۦ̷ /etc/login.defs P /etc/defaults/useradd eۦ[H]wI^CLApGAݭnNϥΪ̤OܡA̦n٬O]w@UnIxIsOHHڬҡAڭ̳쪺DۤvsǪ٦~BͶ}bAȡAѩ~bȴ mail AȡAӦۤvsǦh]tFҦDWiHi檺u@IFӤ޲zA䪺Hި( ²檺kNOH UID Group Ӥ )N㪺nhFInFI򤰻Fb userconf o{̭ݭnSOAѤ@UOH
@
1. Login nameGJnsWϥΪ̪b]NO ID ա^AɶqnϥΤjgrաIF
2. Full name GoOoӱbϥΪ̥WAoӦaOiiLA|vTI
3. group GΨӫwo@ ID ݸsաAq`|NbھWϥΪ̤XUOAӤOPsաAnKޱI
4. Supplementary groupsGFDnsդ~ALinux ٴѧAL䴩sաILq`γ]wNiHFCpG]wܡAק諸ɮרNO /etc/group oF
5. Home directory(opt) GoOΨӳ]woӱbϥΪ̪aؿCq`pG]wܡAw]ϥΪ̮aؿb /home/userID AOAwЮeqjɭԡAΪ̷QNYHʨY@ӥؿܡANiHbo@oI
6. Command interpreter(opt) GoOϥΪ̹w] Shell Aq`b Linux UAڭ̳ϥ BASH AҥHΧաF
7. User ID(opt) G`NAo ID iOe login ID Ao ID Oe Uid sAAiHۤv]w@Ӥj 500 BPLbƪ IDA]iHѨtΦ۰ʳ]wF
@
OKI]wAU yTabz A Accept EnterAoɷ|X{nAJKXeANpPW 13-1-4 CпJoӱbҷQnKXCЪ`NAq`KXOG
@
• KXPbۦPF
• KXɶqnΦr̭|X{rF
• KXݭnWL 8 ӦrF
@
oODnALAѩAOyvOLj޲zzAҥHKXΦOyz]MSӳWxӮɡAb]w|X{@ǿ~TALä|vTA]wI^CJ|X{bJ@eAAJ@KXANsWFI
@
򥻤WA userconf \OܦhաIOAL]uONڭ̪ /etc/passwd oɮ׶iϪOˤlӤwIèSs_ƪOIҥHoApGAwgܼxɮפFAڥϥ vi ]NiHաI Userconf ٥ΤWOI

AӸja@ӭnKXIzonSOdNOAѡAzDYODJIA𫍧Ĥ@ӤJII۵MNOzDWbyKXzFAҥHApGzKXwqY檺ܡA۵MNeqAKXA۵MN|OٰաI
@
ثe@ Cracker `ϥΪKX}ѳnAjOyrkzΩҿתyɤOkzANrWNqӻAyrkzONr̭Ҭd쪺rΤyJ{AMϥθӵ{@Ӥ@Ӫhկ}ѧAKXAnıoo˪tצGܺCAڤWA{qBtפӰFArkާ@IJv򥻤WOܰIt@ӡyɤOkzNOϥLWiHϥΪAM̷ӲզXAH 1 , 2 , 3 ӡK. KXզX觋h}ѧAKXIoӤ觋NuC@IApGAKXզXO 6~8 ӦrHWAɤOk٬Oݭnn@qɶ~}ѪFI
@
ѤWyrkzPyɤOkzqAKX觋ӻAzDp]w@ӦnKXFܡHOAzKX̦nݭnUXӯSʡG

• KXtƭӯSrAҦp $#@^&* μƦr䵥GpPW쪺AzV_ǡANVeϥάJnӯ}ѡI
• ^rjpgVXϥΡF
• KXצܤ֭n 6 ~ 8 ӥHW~nF
• SSNqrμƦrզXAåB۫ܦhSrI

oرKXuܤeQ}ѡAOܤA]ܮeQAڧѰO??ҥHOAijz``ϥΤ@ǹOHӻOSNqAOzTS[NrIҦpڱ``쪺AڷRڦѱCIy I&Mywife*^zKXIeQqA]eQAۤvOI򦳨SyܭnRKXzOHAUXرKXNܭnRG

• `Ϊ^rGҦp party, park, andyliu, linux, paper AnIeQrk}ѡI
• HWrAҦptBpĪWrA Tom, andy, eric AnI
• ªGҦpzͤաIAnI
• PzƦrΨLTAҦpҸBȦbF

VBird gLHbKXpIuOnR??ӦnqF?
@
nFIDFKXnʡAP򥻪]wAۤUӧڭ̽ͤ@ͦpʳ]wKXaI򥻤WA root iH]wy˦KXzAӥBA root ]iHU user qwL̪KXIܩ user ȯקۤvKXIקKXϥΤROHNO passwd oөROաIxIo̬MLQXӭnTAjaƲߤ@UG

• pM passwd oӫOH

ϥ which passwd Yi

• p passwd oɮתݩʡHýлLݩʬH

ϥ ls Vl `which passwd` YiIL㦳 SUID ݩʡI

• O SUID H

NOӵ{bQ檺L{A㦳{֦̪vI

• ڸӦpd /etc/passwd P /usr/bin/passwd ΪkP[cH

Oϥ man passwd man 5 passwd

oǫOPNqpG٨SѰOI߱zFIuOInFAٰOoڭ̱KXb̶ܡHաINO /etc/shadow ̭AɮתvO Vrw------- ҥHu root iHקA]A passwd ݭn㦳 SUID ~@ϥΪ̭קL̪KXoI

---

passwd

ykG

[root @test /root]# passwd [username] [test @test /root]# passwd [root @test /root]# passwd test Changing password for user test New password:     <==JKX BAD PASSWORD: it is based on a dictionary word Retype new password:   <==AJ@I passwd: all authentication tokens updated successfully

G
oӫOiHקϥΪ̪KXIn`NOAoӫOb /bin/passwd AӱbҦs񪺦ab /etc/passwd AO@˪IdMI

• @ϥΪ̪ΪkOJ passwd YiF
• root iHϥ passwd [username] Ӵ username oӱb@ӷsKXI

o̦ӫܦ쪺DnӸjaɤ@UAٰOobjѪ~ṊA٨S ssh ɭԡAڭ̳Oϥ telnet nJtΪAtιw]O} root H telnet nJAnFIڭ̭n˻ݾޱڭ̪ Linux DrIH]ѫeЧڭ̤o{Atη̯SbNO UID 0 ϥΪ̤FAL㦳ܰLWvOIӥBOtκ޲znƪA_h˾ޱDOHzOaInFA telnet N root nJvFAӦpGڭ̦bs@@ӨϥΪ̡AñN UID ܬ 0 ܤSpHKKIܩpA telnet NO{ UID AҥH֩w٬OiFtΡAoӮɭԭnrIHNOܴrIN@ϥΪ̪ܦF root NFI
@
OܴrH򻡩OHNOA@ӨAڭ̳ƱH root nJDAHקKQǫȤJIFIO@DSi৹i׸ɩΪ̬O]wʧ@IoӮɭԭnpN@ϥΪ̪ܦ root OHDnؤ觋AOOG

• H su Nܦ root YiAOoӫOoݭn root KXA]NOApGAnH su ܦ root ܡAA@ϥΪ̴Nn root KX~F

• ҥHܦhHPɺ޲z@DɭԡA root KXNܦhHDFHOܦna?ҥHApGQnN root KXyXhOHIiHϥ sudo Ӷiu@I

Uڭ̴Nӻ@ su sudo ΪkաI

---

su

ykG

[root @test /root ]# su ѼƻG dҡG [test@test test]$ su Password:          <==J root KX [root@test test]#       <==ܦ root FI [test@test test]$ su -  <==sҰѼɮ׳OŪ root I [root@test root]# su test  <==N root אּ test ABݭnJKXI

G
oӫOܦIoOΨӱNy@먭ഫ super user zOIq`FwҶqA telnet P ssh ɶqnH root ӵnJIOɫڭ̤Snb~YH root ӭקtγ]wAoӮɭ su NܦΤFIsu ϥίu²AJ su ALJ root KXAɱzNO root FIOݭnSOdNOG

• MzwgO root AOzҷA٬OݩnJӨϥΪ̡IҦpڥH test nJ Linux AAH su root AOڪ mail, PATH ΨL@ǬܼơA٬O test oӨOI

• ܩܼƷA̳·Ъ PATH oӪFA]FקK@ϥΪ̨ϥΤF root ޲zOAҥHq` Linux |NObӥDnؿAOO /bin P /sbin I /sbin jhO super user NO root ΨӺ޲ztΪOաIҥHAi઺ܡAN test PATH s]w root PATH Aoˤ]KrI

• pGnܼƧϥ root ]wɡAoӮɭԥݨϥΡy su - zӤUFROI

~A su ]iHNzഫLϥΪ̡AӡApGzO root AഫLϥΪ̡ANݭnJKXIܹL}aIҦpW̫@ӨҤlI

---

sudo

ykG

[root @test /root ]# sudo [-u username] [command] ѼƻG -u  GNܦ username dҡG [test@test test]$ sudo mkdir /root/testing Password:          <==J test ۤvKX [root@test test]$ sudo -u test touch test <==root iH test oӨϥΪ̪OAإ test ɮסI

G

• pGªϥ su ܴ root A̤jnBOiHUFڭ̺DΪOAOA٬O|DANOpGDOѦhH@ުɭԡAѩҦHnD root KXAp@ӡAIܳ·ЪաI]ȳQJIIӥBun root ܤFKXAҦHݭnq@Iܳ·СA[WApG޲zs@ӤHp߬XF root KXANJF??򦳨SiHݭn root KXAo٬OiH root uOHIoӮɭԴN sudo X{FI

• sudo 򥻻ykNOb sudo Y[WOAҦpWҤlA mkdir /root/testing NOROաINiHӰ root iHʧ@ƱI~Aѩ root u@ɡAyJKXOϥΪ̪KXAӤO root KXAҥHiH root KX~yDIzp root KXN|yXhFIO sudo bϥΪɭԽФpߡANOnb /etc/sudoers Y]wӦƶIbw]pUAu root ~ϥ sudo IΡIڭ̬O@ϥΪ̡AQnϥΪO sudo ܦ root rIISYIiHϥ visudo ӽs /etc/sudoers oɮקYiIb Mandrake 9.0 P Red Hat Linux w]pAϥΡy visudo z~s /etc/sudoers oɮסA~As̪n root ~IpsOHbw]pAڭ̷|ƱNiH root ʧ@H group ]w wheel AMG

@

[root@est /root]# visudo # sudoers file. # # This file MUST be edited with the 'visudo' command as root. # # See the sudoers man page for the details on how to write a sudoers file. # # Host alias specification # User alias specification # Cmnd alias specification # Defaults specification # User privilege specification root    ALL=(ALL) ALL test    ALL=(ALL) ALL                  <==o@iH[JA test oӤHiHϥ sudo # Uncomment to allow people in group wheel to run all commands # %wheel        ALL=(ALL)       ALL    <==No@ѲŸ # Same thing without a password # %wheel        ALL=(ALL)       NOPASSWD: ALL # Samples # %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users  localhost=/sbin/shutdown -h now

@
pGpPW觋ANr騺@ /etc/sudoers YN
@
y # %wheel        ALL=(ALL)       ALLz
@
o@檺ѲŸAp@ӡAhsլ wheel HNiHi root u@Io wheel Otιw] group OI]ApGzQnoDY@먭ϥΪ̨㦳 sudo ϥvAzNݱN user J䴩 wheel oӸsոYIp[JHIWOФF /etc/group ܡHhݬݡIU@ڷQnyWӤHiHϥ sudo \zOHINH visudo [Wo@
@
ytest ALL=(ALL) ALLz
@
YiI test Yiϥ sudo \oI²aIOаOonH vi ק sudoers I|DI

• sudo Fܦ root \ध~IKKIL٥iHܦyHz\I|²檺ҤlӻnFAڭ̳DҰʵ{ǪɭԳ̦nnϥ root ӱҰʡA]p@ӷӵ{dzQޮɡAު̡]Ϊ̻OJI̡^N֦ root vFIҥHӧڭ̳Ʊ椣nH root ӱҰʤ@ǵ{ǰաI|wIڭ̭nH root ӱҰʦ test ]Ҧp`Ϊ nobody oӱb^np@H²ANϥΤWĤGӨҤlӬݡG

@
sudo -u test touch test
 @
root iHܨ test ӫإɮסIKKI٤ݭnJKXIܴΧaIoӰʧ@ڴgb squid oӰ{ǤWLAoˤ@ӡAYϧڪ squid QQΤFAөǫȥu֦ nobody vAKKIvOܤpܤpIҥHiHFO@D\I

nFADF UIDAGID HλPb@ǸTAڭ̭n@@Ap󪾹D@ӨϥΪ̪ UID P GID AHΥL̩үѪ䴩sթOHi઺ܡAMiH /etc/passwd /etc/group ̭hdoIO٦²檺kOANOϥ²檺OurI²KuOHNOUoXӡG

• id  dߨϥΪ̪ UID, GID ΩҾ֦sաF
• groups dߨϥΪ̯䴩sաF
• finger  dߨϥΪ̪@ǬTAҦpqܸXC

---

• id

ykG

[root @test root]# id [username] dҡG [root @test root]# id uid=0(root) gid=0(root) groups=0(root) [root @test root]# id test uid=501(test) gid=501(test) groups=501(test)

G
J id NiHDثeoӱb UID, GID PݪsաIMoApGQnDYӨϥΪ̪TANϥ id username AҦp id test NiHD test oӨϥΪ̪ToIܤKaIݭnhd /etc/passwd /etc/group I
@


---

• finger

ykG

[root @test root]# finger [-s] username ѼƻG -s  GCX dҡG [root @test root]# finger test Login: test                             Name: Testing user Directory: /home/test                   Shell: /bin/bash Office: 06-123-1234, 06-123-1234        Home Phone: 06-123-1234 Never logged in. No mail. No Plan. [root @test root]# finger Vs test Login     Name           Tty      Idle  Login Time   Office     Office Phone test      Testing user    *     *  No logins    06-123-123 06-123-1234

G
finger Ϊk]Ou²ANOL finger username NiHD@ӤHTFIӳoӬT򥻤WOgb /etc/passwd ̭AMA̭ٷjMF /var/spool/mail oӶlmaIAҥHٷ|ܥXO_l󪺰TOI۷KaILAo finger q`ݭntX chfn oӫOAYO 13-1-6 e쪺ӫOA~ܥXhTOIt~A finger OӫܦwOA]A Mandrake tιw]Ow˳oӮM󪺡IpGzQnոլ finger ܡAШ̷ӲĤGgоɪeAN Mandrake w˥вĤGJ CDROM AM mount cdrom OAAHy rpm Vivh finger* zӦw finger aIܩ rpm  ΪkAڭ̷|bĤQKɭԦbi满I
@


---

• groups

J groups NiHܥXثeϥΪ̪ݸsդFI]tF Primary PLsճ|QܥXөOI

nFAڭ̤wgDpsWbPRƦܬOקbFAIO_qAѤUӥOHMOFIOH]zѭnsWbeOyƦrbzܡAO_iHϥ useradd sWbOHҦpG

useradd 1234567

ܩp?useradd ä\o˪b]wI?uLADSLkiHsWo˪ϥΪ̱bFܡHxI褣OLAڭ̳Oϥ /etc/passwd /etc/shadow oXɮרӳ]wbܡHϥΤʪ觋O_NiHѨMo˪xZFIBingo ISINOoˡIҥHUڭ̹ըϥΤʪ觋ӷsWbAոլݯणন\W[@ӨϥΪ 1234 OH

• @ϥΪ̱bW[G

nFA{bڭ̪Dϥ userconf B useradd P groupadd |Ψ쪺ɮ׳ANO /etc/passwd P /etc/shadow oIpʪW[@ӨϥΪ̩OH̤jxZb passwd P shadow PBաIOKIjPBJiHo˻G

1. إߩһݭnsա] vi /etc/group ^
2. إ߱bUݩʡ] vi /etc/passwd ^
3. N passwd P shadow PB ] pwconv ^
4. إ߸ӱbKX ] passwd acount ^
5. إߨϥΪ̮aؿ ] cp -r /etc/skel /home/account ^
6. aؿݩ ] chown -R account.group /home/account ^

o˴N OK աIaӷsW@ test sջPbӸոլݡG
 

إ߷ss test A] GID 520 [root @test /root ]# vi /etc/group ---- test:x:520:test               <==sWsաABsժH test AGID 520 إ test Uݩ [root @test /root ]# vi /etc/passwd ---- test:x:520:520:testing account:/home/test:/bin/bash   <==إߦUݩ PB /etc/passwd P /etc/shadow [root @test /root ]# pwconv         <==N passwd J /etc/shadow I إ߱KX [root @test /root ]# passwd test    <==إߨϥΪ test KX Changing password for user test New password: Retype new password: passwd: all authentication tokens updated successfully إ߮aؿƮaؿ֦ [root @test /root ]# cp -r /etc/skel /home/test [root @test /root ]# chown -R test:test /home/test

o˴NإߧoII²aIӥѤWҤlAz]iH̾ڦӨϥ scripts ӷsWϥΪ̡AԲӪBJH VBird u}oXӤFAAӸjaiC]pGSOܡAثeܦhwgѬjqإ߱b觋FI^

• POP3 lbW[G

nաIpGڬO@ӶlDAڤnϥΪ̨ϥ ftp, telnet, ssh ܡAu\ϥ POP3 ӤwAӫHI]O²檺AF userconf iHi椧~AA]iHʹF즹@تI

򥻤WzOo˪G

• ѩ󤣻ݭnoӱbѨLAȵnJDAҥHb shell ah令F /bin/false oI
• ѩ󤣻ݭnoӱbnJAҥHaؿ]iHΫإߡII

ҥHӫإߪBJNiH²ƬG

1. إ߱bUݩʡ] vi /etc/passwd ^
2. N passwd P shadow PB ] pwconv ^
3. إ߸ӱbKX ] passwd acount ^

o˴NiHաIڭ̹aӫإߤ@ӦW poptest bոլݡG
 

إ߱b poptest [root @test /root ]# vi /etc/passwd --- poptest:x:530:45:testing pop account:/home/poptest:/bin/false<==aؿ]w]SYI `NGsեݭnsbAq`D group nɭԡAiHϥ 100 oӹw] group ӴNI shell hݭn /bin/false ~I PB passwd P shadow [root @test /root ]# pwconv إ߱KX [root @test /root ]# passwd poptest Changing password for user poptest New password: Retype new password: passwd: all authentication tokens updated successfully

²aIo˴Nإߦn poptest o@Ӷl POP3 bFIoӱbNȥiHϥ pop3 P smtp ӦoHOII

pإߪbOH²檺աI

1. NON /etc/passwd P /etc/shadow ̭TA
2. MA /home UhN account aؿӱNOFI
3. ~AA]ݭn /var/spool/mail UhӱblI

#!/bin/bash
accountfile="user.passwd"
read -p "Input title name:  " filename
read -p "How much accounts: " number
[ -f "$accountfile" ] && mv $accountfile "$accountfile"`date +%Y%m%d`

# 1. create the account and password file
for ((i=1; i<=$number; i++ ))
do
        account="$filename""$i"
        echo "$account":"$account""xx" | tee -a "$accountfile"
done

# 2. create the account from useradd
        cat "$accountfile" | cut -d':' -f1 | xargs -n 1 useradd -m
        chpasswd < "$accountfile"
        pwconv
        pwck

• root UID P GID Oh֡HӰoӲzѡAڭn test oӱb㦳 root vAӫ@H

G
root UID P GID 0 AҥHn test ܦ root vANN /etc/passwd ̭A test UID P GID ܦ 0 YiI
@
• ]ڬO@Өtκ޲zAڦ@ӥΤ̪񤣨ġAҥHڷQȮɱNLbALLkiʧ@A쥼ӥLĤ@IAڦANLbҥΡAаݡGڥiH@nHH

G
ѩoӱbOȮɥĪAҥHϥ userdel ӧRA_hܳ·СIӦp]wOHA^h@@@ /etc/shadow [cAiHDoXӥiϥΪkG
• N /etc/passwd shell g /sbin/nologin AYiӱbȮɵLknJDF
• N /etc/shadow KXAW[@ * b̫eAo˸ӱbLknJI
• N /etc/shadow ĤKbӡA]wpثeƦrALNLknJtΤFI
@
• b]wKXɭԡAO_iHHK]wOH

G
̦nnHK]wKXI̦niHJӪѦҤ@U 13-2 `쪺eI
@
• ڦbϥ useradd ɭԡAsWb̭ UID, GID ٦LKXAObXɮ׸̭]wH

G
b /etc/login.defs ٦ /etc/defaults/useradd ̭WwnI
@
• ڧƱڦb]wCӱbɭ( ϥ useradd )Aw]pAL̪aؿNt@ӦW٬ www lؿAӫ@nH

G
ѩϥ useradd ɭԡA|۰ʥH /etc/skel w]aؿAҥHAڥiHb /etc/skel ̭sW[@ӦW٬ www ؿYiI
@
• pwconv oӫO\OH

G
pwconf iH passwd ̭bA]w@KX /etc/shadow I