Andrew Hudson - Fedora™ Unleashed, 2008 edition

Здесь есть возможность читать онлайн «Andrew Hudson - Fedora™ Unleashed, 2008 edition» весь текст электронной книги совершенно бесплатно (целиком полную версию без сокращений). В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Город: Indianapolis, Год выпуска: 2008, ISBN: 2008, Издательство: Sams Publishing, Жанр: ОС и Сети, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

Fedora™ Unleashed, 2008 edition: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Fedora™ Unleashed, 2008 edition»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

Quick Glance Guide
Finding information you need is not always easy. This short index provides a list of common tasks discussed inside this book. Browse the table of contents or index for detailed listings and consult the specified chapter for in-depth discussions about each subject.
left How Do I…?
See…
How Do I…?
See…
left Back up my system?
Chapter 13
Partition a hard drive?
Appendix B, Chapters 1, 35
left Build a new Linux kernel?
Chapter 36
Play MP3s and other music?
Chapter 7
left Burn a CD?
Chapter 7
Print a file?
Chapter 8
left Change a password?
Chapter 4
Read a text file?
Chapter 4
left Change the date and time?
Chapter 32
Read or send email?
Chapter 21
left Compress a file?
Chapter 13
Read or post to newsgroups?
Chapter 5
left Configure a modem?
Chapter 2
Reboot Fedora?
Chapter 1
left Configure a printer?
Chapter 8
Rescue my system?
Chapter 13
left Configure a scanner?
Chapter 7
Set up a DNS server?
Chapter 23
left Configure a sound card?
Chapter 7
Set up a firewall?
Chapter 14
left Configure my desktop settings?
Chapter 3
Set up a web server?
Chapter 15
left Connect to the Internet?
Chapter 5
Set up an FTP server?
Chapter 20
left Control a network interface?
Chapter 14
Set up Samba with SWAT?
Chapter 19
left Copy files or directories?
Chapters 13, 32
Set up wireless networking?
Chapter 14
left Create a boot disk to boot Fedora?
Chapter 1
Shut down Fedora?
Chapter 1
left Create a database?
Chapter 16
Use a spreadsheet?
Chapter 6
left Create a user?
Chapter 4
Use Instant Messaging?
Chapter 5
left Delete a file or directory?
Chapter 32
Watch television on my computer?
Chapter 7
left Get images from a digital camera?
Chapter 7
Edit a text file?
Chapter 4
left Install Fedora?
Chapter 1
Make Fedora more secure?
Chapter 14
left Log in to Fedora?
Chapter 1
Mount a CD-ROM or hard drive?
Chapter 35

Fedora™ Unleashed, 2008 edition — читать онлайн бесплатно полную книгу (весь текст) целиком

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Fedora™ Unleashed, 2008 edition», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать
NOTE

Other files that might have suid or guid permissions include at, rcp, rlogin, rsh, chage, chsh, ssh, crontab, sudo, sendmail, ping, mount, and several UNIX-to-UNIX Copy (UUCP) utilities. Many programs (such as games) might also have this type of permission to access a sound device.

Files or programs that have suid or guid permissions can sometimes present security holes because they bypass normal permissions. This problem is especially compounded if the permission extends to an executable binary (a command) with an inherent security flaw because it could lead to any system user or intruder gaining root access. In past exploits, this typically happened when a user fed a vulnerable command with unexpected input (such as a long pathname or option); the command would bomb out, and the user would be presented a root prompt. Although Linux developers are constantly on the lookout for poor programming practices, new exploits are found all the time, and can crop up unexpectedly, especially in newer software packages that haven't had the benefit of peer developer review.

Savvy Linux system administrators keep the number of suid or guid files present on a system to a minimum. The findcommand can be used to display all such files on your system:

# find / -type f -perm +6000 -exec ls -l {} \;

NOTE

The findcommand is quite helpful and can be used for many purposes, such as before or during backup operations. See the section "Using Backup Software" in Chapter 13, "Backing Up."

Note that the programs do not necessarily have to be removed from your system. If your users really do not need to use the program, you can remove execute permission of the program for anyone. You have to decide, as the root operator, whether your users are allowed to, for example, mount and unmount CD-ROMs or other media on your system. Although Linux-based operating systems can be set up to accommodate ease of use and convenience, allowing programs such as mountto be suid might not be the best security policy. Other candidates for suid permission change could include the chsh, at, and chagecommands.

Managing Passwords

Passwords are an integral part of Linux security, and they are the most visible part to the user. In this section, you learn how to establish a minimal password policy for your system, where the passwords are stored, and how to manage passwords for your users.

An effective password policy is a fundamental part of a good system administration plan. The policy should cover the following:

► Allowed and forbidden passwords

► Frequency of mandated password changes

► Retrieval or replacement of lost or forgotten passwords

► Password handling by users

The Password File

The password file is /etc/passwd, and it is the database file for all users on the system. The format of each line is as follows:

username : password : uid : gid : gecos : homedir : shell

The fields are self-explanatory except for the gecos field. This field is for miscellaneous information about the user, such as the user's full name, his office location, office and home phone numbers, and possibly a brief text message. For security and privacy reasons, this field is little used nowadays, but the system administrator should be aware of its existence because the gecos field is used by traditional UNIX programs such as fingerand mail.For that reason, it is commonly referred to as the finger information field . The data in this field is comma delimited; the gecosfield can be changed with the cgfn(change finger) command.

Note that a colon separates all fields in the /etc/passwdfile. If no information is available for a field, that field is empty, but all the colons remain.

If an asterisk appears in the password field, that user is not permitted to log on. Why does this feature exist? So that a user can be easily disabled and (possibly) reinstated later without having to be created all over again. The system administrator manually edits this field, which is the traditional UNIX way of accomplishing this task. Fedora provides improved functionality with the passwd -lcommand mentioned earlier.

Several services run as pseudo-users, usually with root permissions. These are the system, or logical, users mentioned previously. You would not want these accounts available for general login for security reasons, so they are assigned /sbin/nologinas their shell, which prohibits any logins from those "users."

A list of /etc/passwdreveals the following:

# cat /etc/passwd

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

...

gdm:x:42:42::/var/gdm:/sbin/nologin

named:x:25:25:Named:/var/named:/sbin/nologin

dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

andrew:x:500:500:Andrew Hudson:/home/andrew:/bin/bash

Note that the password fields do not show a password, but contain an xbecause they are shadow passwords, a useful security enhancement to Linux, discussed in the following section.

Shadow Passwords

It is considered a security risk to keep any password in /etc/passwdbecause anyone with read access can run a cracking program on the file and obtain the passwords with little trouble. To avoid this risk, shadow passwords are used so that only an x appears in the password field of /etc/passwd; the real passwords are kept in /etc/shadow, a file that can be read by only the sysadmin (and PAM, the Pluggable Authentication Modules authentication manager; see the "PAM Explained" sidebar for an explanation of PAM).

Special versions of the traditional passwordand loginprograms must be used to enable shadow passwords. Shadow passwords are automatically enabled during the installation phase of the operating system on Fedora systems.

Let's examine a listing of the shadow companion to /etc/passwd, the /etc/shadowfile:

# cat /etc/shadow

root:*:13121:0:99999:7:::

daemon:*:13121:0:99999:7:::

bin:*:13121:0:99999:7:::

sys:*:13121:0:99999:7:::

sync:*:13121:0:99999:7:::

games:*:13121:0:99999:7:::

man:*:13121:0:99999:7:::

...

andrew:$1$z/9LTBHL$omt7QdYk.KJL7rwBiM0511:13121:0:99999:7:::

The fields are separated by colons and are, in order, the following:

► The user's login name.

► The encrypted password for the user.

► When the password was last changed, measured in the number of days since January 1, 1970. This date is known in UNIX circles as the epoch. Just so you know, the billionth second since the epoch occurred was in September 2001; that was the UNIX version of Y2K — not much happened because of it.

► The number of days before the password can be changed (prevents changing a password and then changing it back to the old password right away — a dangerous security practice).

Читать дальше
Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

Похожие книги на «Fedora™ Unleashed, 2008 edition»

Представляем Вашему вниманию похожие книги на «Fedora™ Unleashed, 2008 edition» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.


Отзывы о книге «Fedora™ Unleashed, 2008 edition»

Обсуждение, отзывы о книге «Fedora™ Unleashed, 2008 edition» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.

x