Документ взят из кэша поисковой машины. Адрес оригинального документа : http://star.arm.ac.uk/sag-0.4/node78.html
Дата изменения: Sun May 4 15:24:40 1997
Дата индексирования: Mon Oct 1 22:49:45 2012
Кодировка:

Поисковые слова: южная атлантическая аномалия
Access control next up previous contents index
Next: Shell startup Up: Logging In And Out Previous: X and xdm

Access control

The user database is traditionally contained in the /etc/passwd  file. Some systems use shadow passwords, and have moved the passwords to /etc/shadow . Sites with many computers that share the accounts use NIS or some other method to store the user database; they might also automatically copy the database from one central location to all other computers.

The user database contains not only the passwords, but also some additional information about the users, such as their real names, home directories, and login shells. This other information needs to be public, so that anyone can read it. Therefore the password is stored encrypted. This does have the drawback that anyone with access to the encrypted password can use various cryptographical methods to guess it, without trying to actually log into the computer. Shadow passwords try to avoid this by moving the password into another file, which only root can read (the password is still stored encrypted). However, installing shadow passwords later onto a system that did not support them can be difficult.

With or without passwords, it is important to make sure that all passwords in a system are good, i.e., not easily guessable. The crack  program can be used to crack passwords; any password it can find is by definition not a good one. While crack  can be run by intruders, it can also be run by the system adminstrator to avoid bad passwords. Good passwords can also be enforced by the passwd  program; this is in fact more effective in CPU cycles, since cracking passwords requires quite a lot of computation.

The user group database is kept in /etc/group ; for systems with shadow passwords, there can be a /etc/shadow.group .

root usually can't login via most terminals or the network, only via terminals listed in the /etc/securetty  file. This makes it necessary to get physical access to one of these terminals. It is, however, possible to log in via any terminal as any other user, and use the su  command to become root.


next up previous contents index
Next: Shell startup Up: Logging In And Out Previous: X and xdm

Lars Wirzenius
Sun May 4 14:08:43 EEST 1997