diff options
Diffstat (limited to 'sag-0.6.1-www/sag-0.6.1.html/x1991.html')
| -rw-r--r-- | sag-0.6.1-www/sag-0.6.1.html/x1991.html | 207 |
1 files changed, 207 insertions, 0 deletions
diff --git a/sag-0.6.1-www/sag-0.6.1.html/x1991.html b/sag-0.6.1-www/sag-0.6.1.html/x1991.html new file mode 100644 index 0000000..b8184e9 --- /dev/null +++ b/sag-0.6.1-www/sag-0.6.1.html/x1991.html @@ -0,0 +1,207 @@ +<!DOCTYPE HTML PUBLIC "-//Norman Walsh//DTD DocBook HTML 1.0//EN"> +<HTML +><HEAD +><TITLE +>Access control</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet"><LINK +REL="HOME" +TITLE="The Linux System Administrators' Guide" +HREF="book1.html"><LINK +REL="UP" +TITLE="Logging In And Out" +HREF="c1905.html"><LINK +REL="PREVIOUS" +TITLE="X and xdm" +HREF="x1988.html"><LINK +REL="NEXT" +TITLE="Shell startup" +HREF="x2008.html"></HEAD +><BODY +BGCOLOR="#FFFFFF" +TEXT="#000000" +><DIV +CLASS="NAVHEADER" +><TABLE +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>The Linux System Administrators' Guide</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="x1988.html" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +>Chapter 8. Logging In And Out</TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="x2008.html" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN1991" +>Access control</A +></H1 +><P +> The user database is traditionally contained in the + <TT +CLASS="FILENAME" +>/etc/passwd</TT +> file. Some systems use + <I +CLASS="GLOSSTERM" +>shadow passwords</I +>, and have moved the + passwords to <B +CLASS="COMMAND" +>/etc/shadow</B +>. Sites with many + computers that share the accounts use NIS or some other method + to store the user database; they might also automatically copy + the database from one central location to all other computers. + </P +><P +> The user database contains not only the passwords, but + also some additional information about the users, such as their + real names, home directories, and login shells. This other + information needs to be public, so that anyone can read it. + Therefore the password is stored encrypted. This does have + the drawback that anyone with access to the encrypted password + can use various cryptographical methods to guess it, without + trying to actually log into the computer. Shadow passwords try + to avoid this by moving the password into another file, which + only root can read (the password is still stored encrypted). + However, installing shadow passwords later onto a system that + did not support them can be difficult. </P +><P +> With or without passwords, it is important to make + sure that all passwords in a system are good, i.e., not easily + guessable. The <B +CLASS="COMMAND" +>crack</B +> program can be used + to crack passwords; any password it can find is by definition + not a good one. While <B +CLASS="COMMAND" +>crack</B +> can be run + by intruders, it can also be run by the system adminstrator + to avoid bad passwords. Good passwords can also be enforced + by the <B +CLASS="COMMAND" +>passwd</B +> program; this is in fact more + effective in CPU cycles, since cracking passwords requires quite + a lot of computation. </P +><P +> The user group database is kept in + <TT +CLASS="FILENAME" +>/etc/group</TT +>; for systems with shadow + passwords, there can be a <TT +CLASS="FILENAME" +>/etc/shadow.group</TT +>. + </P +><P +> root usually can't login via most terminals + or the network, only via terminals listed in the + <TT +CLASS="FILENAME" +>/etc/securetty</TT +> file. This makes it necessary + to get physical access to one of these terminals. It is, however, + possible to log in via any terminal as any other user, and use + the <B +CLASS="COMMAND" +>su</B +> command to become root. </P +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="x1988.html" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="book1.html" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="x2008.html" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>X and xdm</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="c1905.html" +>Up</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Shell startup</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file |