1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<!--Converted with LaTeX2HTML 96.1-h (September 30, 1996) by Nikos Drakos (nikos@cbl.leeds.ac.uk), CBLU, University of Leeds -->
<HTML>
<HEAD>
<TITLE>Access control</TITLE>
<META NAME="description" CONTENT="Access control">
<META NAME="keywords" CONTENT="sag">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<LINK REL=STYLESHEET HREF="sag.css">
</HEAD>
<BODY LANG="EN" >
<A NAME="tex2html1369" HREF="node85.html"><IMG WIDTH=37 HEIGHT=24 ALIGN=BOTTOM ALT="next" SRC="./next_motif.gif"></A> <A NAME="tex2html1367" HREF="node79.html"><IMG WIDTH=26 HEIGHT=24 ALIGN=BOTTOM ALT="up" SRC="./up_motif.gif"></A> <A NAME="tex2html1361" HREF="node83.html"><IMG WIDTH=63 HEIGHT=24 ALIGN=BOTTOM ALT="previous" SRC="./previous_motif.gif"></A> <A NAME="tex2html1371" HREF="node1.html"><IMG WIDTH=65 HEIGHT=24 ALIGN=BOTTOM ALT="contents" SRC="./contents_motif.gif"></A> <A NAME="tex2html1372" HREF="node114.html"><IMG WIDTH=43 HEIGHT=24 ALIGN=BOTTOM ALT="index" SRC="./index_motif.gif"></A> <BR>
<B> Next:</B> <A NAME="tex2html1370" HREF="node85.html">Shell startup</A>
<B>Up:</B> <A NAME="tex2html1368" HREF="node79.html">Logging In And Out</A>
<B> Previous:</B> <A NAME="tex2html1362" HREF="node83.html">X and xdm</A>
<BR> <P>
<H1><A NAME="SECTION00950000000000000000">Access control</A></H1>
<P>
The user database is traditionally contained in the
<tt>/etc/passwd</tt><A NAME="2689"> </A> file. Some systems use <b>shadow passwords</b>,
and have moved the passwords to <tt>/etc/shadow</tt><A NAME="2692"> </A>.
Sites with many computers that share the accounts use
NIS or some other method to store the user database; they might
also automatically copy the database from one central location
to all other computers.
<P>
The user database contains not only the passwords, but also
some additional information about the users, such as their
real names, home directories, and login shells. This other
information needs to be public, so that anyone can read it.
Therefore the password is stored encrypted. This does have
the drawback that anyone with access to the encrypted password
can use various cryptographical methods to guess it, without
trying to actually log into the computer. Shadow passwords
try to avoid this by moving the password into another file,
which only <tt>root</tt> can read (the password is still
stored encrypted). However, installing shadow passwords later
onto a system that did not support them can be difficult.
<P>
With or without passwords, it is important to make sure that
all passwords in a system are good, i.e., not easily guessable.
The <tt>crack</tt><A NAME="2694"> </A> program can be used to crack passwords; any
password it can find is by definition not a good one. While
<tt>crack</tt><A NAME="2696"> </A> can be run by intruders, it can also be run by
the system adminstrator to avoid bad passwords. Good passwords
can also be enforced by the <tt>passwd</tt><A NAME="2698"> </A> program; this is
in fact more effective in CPU cycles, since cracking passwords
requires quite a lot of computation.
<P>
The user group database is kept in <tt>/etc/group</tt><A NAME="2700"> </A>; for systems
with shadow passwords, there can be a <tt>/etc/shadow.group</tt><A NAME="2702"> </A>.
<P>
<tt>root</tt> usually can't login via most terminals or the
network, only via terminals listed in the <tt>/etc/securetty</tt><A NAME="2704"> </A>
file. This makes it necessary to get physical access to
one of these terminals. It is, however, possible to log in
via any terminal as any other user, and use the <tt>su</tt><A NAME="2706"> </A> command
to become <tt>root</tt>.
<P>
<HR><A NAME="tex2html1369" HREF="node85.html"><IMG WIDTH=37 HEIGHT=24 ALIGN=BOTTOM ALT="next" SRC="./next_motif.gif"></A> <A NAME="tex2html1367" HREF="node79.html"><IMG WIDTH=26 HEIGHT=24 ALIGN=BOTTOM ALT="up" SRC="./up_motif.gif"></A> <A NAME="tex2html1361" HREF="node83.html"><IMG WIDTH=63 HEIGHT=24 ALIGN=BOTTOM ALT="previous" SRC="./previous_motif.gif"></A> <A NAME="tex2html1371" HREF="node1.html"><IMG WIDTH=65 HEIGHT=24 ALIGN=BOTTOM ALT="contents" SRC="./contents_motif.gif"></A> <A NAME="tex2html1372" HREF="node114.html"><IMG WIDTH=43 HEIGHT=24 ALIGN=BOTTOM ALT="index" SRC="./index_motif.gif"></A> <BR>
<B> Next:</B> <A NAME="tex2html1370" HREF="node85.html">Shell startup</A>
<B>Up:</B> <A NAME="tex2html1368" HREF="node79.html">Logging In And Out</A>
<B> Previous:</B> <A NAME="tex2html1362" HREF="node83.html">X and xdm</A>
<P><ADDRESS>
<I>Lars Wirzenius <BR>
Sat Nov 15 02:32:11 EET 1997</I>
</ADDRESS>
</BODY>
</HTML>
|
