diff options
Diffstat (limited to 'sag-0.6.1-www/Invisible/sag-0.6/node84.html')
-rw-r--r-- | sag-0.6.1-www/Invisible/sag-0.6/node84.html | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/sag-0.6.1-www/Invisible/sag-0.6/node84.html b/sag-0.6.1-www/Invisible/sag-0.6/node84.html new file mode 100644 index 0000000..2165353 --- /dev/null +++ b/sag-0.6.1-www/Invisible/sag-0.6/node84.html @@ -0,0 +1,70 @@ +<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> +<!--Converted with LaTeX2HTML 96.1-h (September 30, 1996) by Nikos Drakos (nikos@cbl.leeds.ac.uk), CBLU, University of Leeds --> +<HTML> +<HEAD> +<TITLE>Access control</TITLE> +<META NAME="description" CONTENT="Access control"> +<META NAME="keywords" CONTENT="sag"> +<META NAME="resource-type" CONTENT="document"> +<META NAME="distribution" CONTENT="global"> +<LINK REL=STYLESHEET HREF="sag.css"> +</HEAD> +<BODY LANG="EN" > + <A NAME="tex2html1369" HREF="node85.html"><IMG WIDTH=37 HEIGHT=24 ALIGN=BOTTOM ALT="next" SRC="./next_motif.gif"></A> <A NAME="tex2html1367" HREF="node79.html"><IMG WIDTH=26 HEIGHT=24 ALIGN=BOTTOM ALT="up" SRC="./up_motif.gif"></A> <A NAME="tex2html1361" HREF="node83.html"><IMG WIDTH=63 HEIGHT=24 ALIGN=BOTTOM ALT="previous" SRC="./previous_motif.gif"></A> <A NAME="tex2html1371" HREF="node1.html"><IMG WIDTH=65 HEIGHT=24 ALIGN=BOTTOM ALT="contents" SRC="./contents_motif.gif"></A> <A NAME="tex2html1372" HREF="node114.html"><IMG WIDTH=43 HEIGHT=24 ALIGN=BOTTOM ALT="index" SRC="./index_motif.gif"></A> <BR> +<B> Next:</B> <A NAME="tex2html1370" HREF="node85.html">Shell startup</A> +<B>Up:</B> <A NAME="tex2html1368" HREF="node79.html">Logging In And Out</A> +<B> Previous:</B> <A NAME="tex2html1362" HREF="node83.html">X and xdm</A> +<BR> <P> +<H1><A NAME="SECTION00950000000000000000">Access control</A></H1> +<P> + The user database is traditionally contained in the + <tt>/etc/passwd</tt><A NAME="2689"> </A> file. Some systems use <b>shadow passwords</b>, + and have moved the passwords to <tt>/etc/shadow</tt><A NAME="2692"> </A>. + Sites with many computers that share the accounts use + NIS or some other method to store the user database; they might + also automatically copy the database from one central location + to all other computers. +<P> + The user database contains not only the passwords, but also + some additional information about the users, such as their + real names, home directories, and login shells. This other + information needs to be public, so that anyone can read it. + Therefore the password is stored encrypted. This does have + the drawback that anyone with access to the encrypted password + can use various cryptographical methods to guess it, without + trying to actually log into the computer. Shadow passwords + try to avoid this by moving the password into another file, + which only <tt>root</tt> can read (the password is still + stored encrypted). However, installing shadow passwords later + onto a system that did not support them can be difficult. +<P> + With or without passwords, it is important to make sure that + all passwords in a system are good, i.e., not easily guessable. + The <tt>crack</tt><A NAME="2694"> </A> program can be used to crack passwords; any + password it can find is by definition not a good one. While + <tt>crack</tt><A NAME="2696"> </A> can be run by intruders, it can also be run by + the system adminstrator to avoid bad passwords. Good passwords + can also be enforced by the <tt>passwd</tt><A NAME="2698"> </A> program; this is + in fact more effective in CPU cycles, since cracking passwords + requires quite a lot of computation. +<P> + The user group database is kept in <tt>/etc/group</tt><A NAME="2700"> </A>; for systems + with shadow passwords, there can be a <tt>/etc/shadow.group</tt><A NAME="2702"> </A>. +<P> + <tt>root</tt> usually can't login via most terminals or the + network, only via terminals listed in the <tt>/etc/securetty</tt><A NAME="2704"> </A> + file. This makes it necessary to get physical access to + one of these terminals. It is, however, possible to log in + via any terminal as any other user, and use the <tt>su</tt><A NAME="2706"> </A> command + to become <tt>root</tt>. +<P> +<HR><A NAME="tex2html1369" HREF="node85.html"><IMG WIDTH=37 HEIGHT=24 ALIGN=BOTTOM ALT="next" SRC="./next_motif.gif"></A> <A NAME="tex2html1367" HREF="node79.html"><IMG WIDTH=26 HEIGHT=24 ALIGN=BOTTOM ALT="up" SRC="./up_motif.gif"></A> <A NAME="tex2html1361" HREF="node83.html"><IMG WIDTH=63 HEIGHT=24 ALIGN=BOTTOM ALT="previous" SRC="./previous_motif.gif"></A> <A NAME="tex2html1371" HREF="node1.html"><IMG WIDTH=65 HEIGHT=24 ALIGN=BOTTOM ALT="contents" SRC="./contents_motif.gif"></A> <A NAME="tex2html1372" HREF="node114.html"><IMG WIDTH=43 HEIGHT=24 ALIGN=BOTTOM ALT="index" SRC="./index_motif.gif"></A> <BR> +<B> Next:</B> <A NAME="tex2html1370" HREF="node85.html">Shell startup</A> +<B>Up:</B> <A NAME="tex2html1368" HREF="node79.html">Logging In And Out</A> +<B> Previous:</B> <A NAME="tex2html1362" HREF="node83.html">X and xdm</A> +<P><ADDRESS> +<I>Lars Wirzenius <BR> +Sat Nov 15 02:32:11 EET 1997</I> +</ADDRESS> +</BODY> +</HTML> |