1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
<!DOCTYPE HTML PUBLIC "-//Norman Walsh//DTD DocBook HTML 1.0//EN">
<HTML
><HEAD
><TITLE
>Access control</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet"><LINK
REL="HOME"
TITLE="The Linux System Administrators' Guide"
HREF="book1.html"><LINK
REL="UP"
TITLE="Logging In And Out"
HREF="c1905.html"><LINK
REL="PREVIOUS"
TITLE="X and xdm"
HREF="x1988.html"><LINK
REL="NEXT"
TITLE="Shell startup"
HREF="x2008.html"></HEAD
><BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The Linux System Administrators' Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x1988.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 8. Logging In And Out</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x2008.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN1991"
>Access control</A
></H1
><P
> The user database is traditionally contained in the
<TT
CLASS="FILENAME"
>/etc/passwd</TT
> file. Some systems use
<I
CLASS="GLOSSTERM"
>shadow passwords</I
>, and have moved the
passwords to <B
CLASS="COMMAND"
>/etc/shadow</B
>. Sites with many
computers that share the accounts use NIS or some other method
to store the user database; they might also automatically copy
the database from one central location to all other computers.
</P
><P
> The user database contains not only the passwords, but
also some additional information about the users, such as their
real names, home directories, and login shells. This other
information needs to be public, so that anyone can read it.
Therefore the password is stored encrypted. This does have
the drawback that anyone with access to the encrypted password
can use various cryptographical methods to guess it, without
trying to actually log into the computer. Shadow passwords try
to avoid this by moving the password into another file, which
only root can read (the password is still stored encrypted).
However, installing shadow passwords later onto a system that
did not support them can be difficult. </P
><P
> With or without passwords, it is important to make
sure that all passwords in a system are good, i.e., not easily
guessable. The <B
CLASS="COMMAND"
>crack</B
> program can be used
to crack passwords; any password it can find is by definition
not a good one. While <B
CLASS="COMMAND"
>crack</B
> can be run
by intruders, it can also be run by the system adminstrator
to avoid bad passwords. Good passwords can also be enforced
by the <B
CLASS="COMMAND"
>passwd</B
> program; this is in fact more
effective in CPU cycles, since cracking passwords requires quite
a lot of computation. </P
><P
> The user group database is kept in
<TT
CLASS="FILENAME"
>/etc/group</TT
>; for systems with shadow
passwords, there can be a <TT
CLASS="FILENAME"
>/etc/shadow.group</TT
>.
</P
><P
> root usually can't login via most terminals
or the network, only via terminals listed in the
<TT
CLASS="FILENAME"
>/etc/securetty</TT
> file. This makes it necessary
to get physical access to one of these terminals. It is, however,
possible to log in via any terminal as any other user, and use
the <B
CLASS="COMMAND"
>su</B
> command to become root. </P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x1988.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="book1.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x2008.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>X and xdm</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="c1905.html"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Shell startup</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
|
