Qun tr ngi dng

Gii thiu ngi dng v nhm

Ngi dng users
Mi truy nhp vo h thng u thng qua mt ti khon ca ngi s dng. Mi ti khon c thit lp bi ngi qun tr h thng ngoi tr ti khon root (v mt s ti khon h thng). Mc d mt s h Linux ch c mt ngi dng nhng cng khng nn dng ti khon root cho cc hot ng thng ngy. Hu ht cc h thng cho php nhiu ngi truy nhp vo. Vy vic qun l cc ti khon, cc th mc lin quan l mt kha cnh quan trng trong vic qun tr h thng Linux Ti khon ca ngi qun tr Trong qu trnh ci t Linux chng ta khi to ngi s dng root cho h thng. y l superuser, tc l ngi s dng c bit c quyn khng gii hn. S dng quyn root chng ta rt thy thoi mi v chng ta c th lm c thao tc m khng phi lo lng g t xt quyn truy cp ny hay khc. Tuy nhin, khi h thng b s c do mt li lm no , chng ta mi thy s nguy him khi lm vic nh root. Hy ch dng quyn root khi bn khng c cch no khc. Mt iu quan trng l khng phi ti khon superuser no cng gi l root, mc d n c to mc nh l root khi ci t Linux. N c th c tn bt k nhng thng c dng nht di tn root. Ti khon ny c nh ngha l ti khon c UserID l 0 , cc userID c nh ngha trong file /etc/passwd Cn phn bit bn ang login nh root hay ngi s dng thng thng qua du nhc ca shell. login: tuanna Password: Last login: Sat Oct 28 14:30:15 from 172.16.10.199 [tuanna@pascal tuanna]$ su l root Password: [root@pascal /root]# Dng th t vi du $ cho thy ta ang kt ni nh mt ngi s dng thng (tuanna). Dng cui cng vi du # cho thy bn ang thc hin cc lnh nh root. Lnh su user_name cho php bn thay i login di mt user khc (user_name) m khng phi logout ri login li. Bn cn to cc ti khon (account) cho ngi s dng thng sm nht c th c (u tin l cho bn thn bn). Vi nhng server quan trng v c nhiu dch v khc nhau, thm tr bn c th to ra cc

superuser thch hp cho tng dch v trnh dng root cho cc cng tc ny. V d nh superuser cho cng tc backup ch cn chc nng c (read-only) m khng cn chc nng ghi.

Nhm - groups
Mi ngi dng trong cc h unix hay Linux u thuc v mt nhm. Nhm dng gom nhm cc users c chung mt quyn hoc chnh sch ring i vi h thng nhm to thun li trong vic qun tr h thng Linux. V d nh trong mt c quan, c nhiu phng ban, mi phng ban c cc users v cc users ca cc phng ban khc nhau s c cc chnh sch bo mt khc nhau. Cc users thng ch c s dng ti nguyn h thng mt cch c h thng. Chng hn cc users ca vn phng v cc phng nghin cu c s dng cc ti nguyn sau: Truy cp Web S dng e-mail trao i thng tin S dng cc chng trnh chat, icq trao i tin tc Truy cp n cc file server trong cng ty Khng c login vo cc my ch, khng c chy chng trnh trn my ch Tuy nhin cc users ca phng qun tr h thng c th c cc quyn u tin hn: Bao gm cc quyn ca ngi dng bnh thng trn C quyn thc thi mt s lnh c bit dnh cho qun tr h thng C th login vo server. Cc nhm c t quyn cc thnh vin ca n c th truy nhp n cc thit b, file, h thng file hoc ton b my tnh m nhng ngi khc nhm c th b hn ch. Cc thng tin v nhm c lu trong file /etc/groups
suse:~ # more /etc/group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2: sys:x:3: kmem:x:9:

wheel:x:10: mail:x:12:cyrus news:x:13:news uucp:x:14:uucp,fax,root,fnet,tuanna shadow:x:15:root,gdm named:x:44:named dbmaker:x:52: oinstall:x:54: dba:x:55:oracle localham:x:56:dpbox logmastr:x:57: users:x:100: nogroup:x:65534:root suse:~ #

Cc dng c dng nh sau:

group name:group password:group ID:users group name: Tn duy nht xc nh mt nhm, thng di ti a 8 k t group password:Trng mt khu c m ho, thng trng hoc l du *. Cng c th l mt khu m user mun gia nhp nhm phi nhp vo. Tuy nhin khng phi phin bn no ca Unix u s dng trng ny do n c trng tng thch vi nhau. group ID: S duy nht cho mi nhm, c s dng bi h iu hnh users : Cha danh sch mi tn ngi dng thuc nhm , phn cch bi du ",". Danh sch ny khng k nhng ngi dng thuc nhm theo s hiu nhm c ghi trong file /etc/passwd ca ngi (tc l nhng thnh vin mc nh ca nhm).

Mi h Linux u c mt s cc nhm mc nh thuc h iu hnh. Cc nhm ny thng l bin,mail,uucp,sys, Do vy khng nn cho mt ngi s dng thuc vo nhm ny v chng s c quyn tng ng nh root. Ch c cc ng nhp h thng mi cho php truy nhp n cc nhm ca h iu hnh . Cc nhm mc nh ca h thng: 1 root/wheel/system: thng dng cho php ngi dng s dng lnh su chuyn ln quyn root.

2 deamon: dng ch nhng ngi lm ch th mc spool ( mail, squid, lpd,) 3 kmem: dng cho cc chng trnh truy cp n kernel, b nh trc tip ( ps ) 4 tty: lm ch tt c cc file c bit dng lm vic vi terminal Thm nhm groupadd hoc addgroup Xo nhm groupdel hoc delgroup

Tp tin /etc/passwd
Tp tin /etc/passwd ng mt vai tr sng cn i vi mt h thng Unix. Mi ngi u c th c c tp tin ny nhng ch c root mi c quyn thay i n. Tp tin /etc/passwd c lu di dng text nh i a s cc tp tin cu hnh ca Unix.
[oracle@appserv oracle]$ more /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: ... tuanna:x:501:501:Tuanna:/home/tuanna:/bin/bash

Mi user c lu trong mt dng gm 7 ct. Ct 1 : tn ngi s dng Ct 2 : m lin quan n passwd cho Unix chun v x i vi Linux. Linux lu m ny trong mt tp tin khc /etc/shadow m ch c root mi c quyn c. Ct 3:4 : user ID:group ID Ct 5: Tn y ca ngi s dng. Mt s phn mm ph password s dng d liu ca ct ny th on password. Ct 6: th mc c nhn Ct 7: chng trnh s chy u tin sau khi login (thng l shell) cho user

Tp tin m u bi superuser root. Ch l tt c nhng user c user ID = 0 u l root!!! Tip theo l cc user h thng. y l cc user khng c tht v khng th login vo h thng. Cui cng l cc user bnh thng.

Tp tin /etc/shadow
Unix truyn thng lu cc thng tin lin quan ti mt khu ng nhp (login) trong /etc/passwd. Tuy nhhin, do y l tp tin phi c c bi tt c mi ngi do mt s yu cu cho hot ng bnh thng ca h thng (nh chuyn User ID thnh tn khi hin th trong lnh ls chng hn) v nhn chung cc user t mt khu "yu", do hu ht cc Unix phin bn mi u lu mt khu trong mt tp tin khc /etc/shadow v ch co root c quyn c tp tin ny. Ch : Theo cch xy dng m ha mt khu, ch c 2 cch ph mt khu l vt cn (brute force) v on. Phng php vt cn, theo tnh ton cht ch, l khng th thc hin ni v i hi thi gian tnh ton qu ln, cn on th ch tm ra nhng mt khu ngn, hoc "yu", v d nh nhng t tm thy trong t in nh god, darling ...

Cc lnh qun tr ngi dng v nhm

Lnh adduser
to mt mt account, bn c th s dng lnh adduser (hoc useradd ty vo phin bn). Tt nhin l bn phi lm thao tc ny di quyn root (du nhc #) useradd [-c comment] [-d home_dir] [-e expire_date] [-g initial_group] [-G group[,...]] [-p passwd] [-s shell] [-u uid [ -o]] [-n] [-r] login Trong cc tham s : -c comment: Li ch thch , thng l tn y ca ngi dng -d home_dir: th mc gc ca ngi dng -e expire_date: ngy ht hiu lc ca account -g initial_group: nhm khi to

-G group : nhm m ngi dng thuc vo -p passwd: password ca ngi dng, password ny phi c m ho trc -s shell: shell mc nh ca user -u uid : user identification login : tn username. V d: [root@appserv oracle]# /usr/sbin/adduser foo [root@appserv oracle]# passwd foo Changing password for user foo New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully [root@appserv oracle]# Sau khi bn to xong user bi dng u tin ca v d trn, user foo vn cha kt ni c v thiu password. Bn phi khi to password cho foo bi lnh passwd foo nh thy trn. V vn an ninh ca my Unix ny v ko theo s an ton ca ton h thng mng ca bn, rt quan trng chn ng password. Mt password gi l ng nu : C di ti thiu 8 k t. Phi hp gia ch thng, ch hoa, s v cc k t c bit Khng lin quan n tn tui, ngy sinh ca bn v ngi thn Khng c trong t in Trong v d trn, bn khi to ngi dng v khng quan tm g n nhm (group) ca ngi dng. Rt tin li nu bn tp hp nhiu ngi dng vo chung mt nhm c cng mt chc nng v cng chia s nhau d liu. Khi bn to ngi s dng nh trn, Linux s to cho mi ngi mt nhm. c tp tin /etc/passwd ta thy [root@appserv oracle]# more /etc/passwd|grep foo

foo:x:1012:1013::/home/foo:/bin/bash [root@appserv oracle]# foo l user s 1012 v thuc nhm 1013. Xem tp tin /etc/group ta thy [root@appserv oracle]# more /etc/group root:x:0:root . users:x:100: foo:x:1013: v ta c th kt np foo vo nhm users bng cch thay s 1013 bng 100, l group ID ca users.

Lnh userdel
Lnh userdel dng xa mt user. Bn cng c th xa mt user bng cch xa i dng d liu tng ng trong tp tin /etc/passwd. Qu trnh xo bng tay : 1. Xo im nhp tng ng vi ngi dng trong /etc/passwd v trong /etc/group. 2. Xo cc file mail v mail alias ca ngi dng 3. Xo mi cron v at 4. Xo th mc c nhn ca user