Linux with Operating System Concepts

Download 5,65 Mb.

Pdf ko'rish

bet	140/254
Sana	22.07.2022
Hajmi	5,65 Mb.
	#840170

1 ... 136 137 138 139 140 141 142 143 ... 254

Bog'liq
Linux-with-Operating-System-Concepts-Fox-Richard-CRC-Press-2014

Directive
Usage
Possible Values
CREATE_HOME
When creating a user account, does useradd
default to automatically creating a home
directory or not creating a home directory?
yes, no
DEFAULT_HOME
If user’s home directory is not available (e.g., not
mounted), is login still allowed?
yes, no
ENCRYPT_METHOD
Encryption algorithm used to store encrypted
passwords
SHA512, DES
(default), MD5
ENV_PATH,
ENV_SUPATH
To establish the initial PATH variable for logged
in users, for root
PATH
=
/bin:/usr/bin
FAIL_DELAY
Number of seconds after a failed login that the
user must wait before retrying
0, 5, etc.
MAIL_DIR,
MAIL_FILE
Default directory, filename of user mail spool files
/var/spool/mail
.mail or
username
MAX_MEMBERS_PER_
GROUP
Maximum number of users allowable in a group,
once reached, a new group of the same name is
created, this creates a new line in /etc/group that
shares the same name and GID (and password)
0 (unlimited)
PASS_ALWAYS_WARN
Warn about weak passwords (even though they
are still allowed)
yes, no
PASS_CHANGE_TRIES
Maximum number of attempts to change a
password if password is rejected (too weak)
0 (unlimited), 3
PASS_MAX_DAYS,
PASS_MIN_DAYS,
PASS_MIN_LEN,
PASS_WARN_AGE
Maximum, minimum number of days a password
may be used, minimum password length, default
warning date (as with chage -W)
Numeric value, 99999
for max, 0 for min
are common defaults
UID_MIN, UID_MAX,
GID_MIN, GID_MAX
Range of UID, GID available for useradd,
groupadd
500, 60000
UMASK
Default umask value if none is specified (as in the
/etc/profile)
022

User Accounts
◾
377
Through ulimit, for instance, the system administrator can limit the size of a file created
or the amount of memory usage permissible. To view the current limitations, use
ulimit
–a
. To alter a limit, use
ulimit
option value
where
option
is the proper option for the limit. Table 9.7 illustrates some of the more useful
options.
9.7 THE SUDO COMMAND
The
sudo
command allows a user to execute commands as another user. Let us assume
that zappaf has created an executable program that reads data files from zappaf’s home
directory. Because these data files contain secure information, zappaf has set their permis-
sions so that only he has access. However, the program is one that he wants dukeg to be
able to use. Instead of creating a group account of which zappaf and dukeg are members,
zappaf decides to provide dukeg access via the sudo command. Now, dukeg can run this
program through sudo.
The format of the sudo command is
sudo [–u
username
|
uid
] [–g
groupname
|
gid
]
command
The
username/UID
or
groupname/GID
is that of owner of the program to be executed,
not of the user wishing to run it. So, for instance, dukeg could issue
sudo –u zappaf
program
where
program
is the program that zappaf wants to share with dukeg. You will
notice that the user and group are optional. If not provided, then sudo runs
command
under root instead. Thus, sudo gives us the means of allowing ordinary users to run pro-
grams that are normally restricted to root.
Why would we want to give access to root-level programs to ordinary users? Because
we are going to restrict sudo usage. In order for sudo to work, we must first establish the
commands available to the various users of the system. This is done through a file called
/
etc/sudoers
.
TABLE 9.7
Useful ulimit Options

Download 5,65 Mb.

Do'stlaringiz bilan baham:

1 ... 136 137 138 139 140 141 142 143 ... 254