Andrew Hudson - Fedora™ Unleashed, 2008 edition

Здесь есть возможность читать онлайн «Andrew Hudson - Fedora™ Unleashed, 2008 edition» весь текст электронной книги совершенно бесплатно (целиком полную версию без сокращений). В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Город: Indianapolis, Год выпуска: 2008, ISBN: 2008, Издательство: Sams Publishing, Жанр: ОС и Сети, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

Fedora™ Unleashed, 2008 edition: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Fedora™ Unleashed, 2008 edition»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

Quick Glance Guide
Finding information you need is not always easy. This short index provides a list of common tasks discussed inside this book. Browse the table of contents or index for detailed listings and consult the specified chapter for in-depth discussions about each subject.
left How Do I…?
See…
How Do I…?
See…
left Back up my system?
Chapter 13
Partition a hard drive?
Appendix B, Chapters 1, 35
left Build a new Linux kernel?
Chapter 36
Play MP3s and other music?
Chapter 7
left Burn a CD?
Chapter 7
Print a file?
Chapter 8
left Change a password?
Chapter 4
Read a text file?
Chapter 4
left Change the date and time?
Chapter 32
Read or send email?
Chapter 21
left Compress a file?
Chapter 13
Read or post to newsgroups?
Chapter 5
left Configure a modem?
Chapter 2
Reboot Fedora?
Chapter 1
left Configure a printer?
Chapter 8
Rescue my system?
Chapter 13
left Configure a scanner?
Chapter 7
Set up a DNS server?
Chapter 23
left Configure a sound card?
Chapter 7
Set up a firewall?
Chapter 14
left Configure my desktop settings?
Chapter 3
Set up a web server?
Chapter 15
left Connect to the Internet?
Chapter 5
Set up an FTP server?
Chapter 20
left Control a network interface?
Chapter 14
Set up Samba with SWAT?
Chapter 19
left Copy files or directories?
Chapters 13, 32
Set up wireless networking?
Chapter 14
left Create a boot disk to boot Fedora?
Chapter 1
Shut down Fedora?
Chapter 1
left Create a database?
Chapter 16
Use a spreadsheet?
Chapter 6
left Create a user?
Chapter 4
Use Instant Messaging?
Chapter 5
left Delete a file or directory?
Chapter 32
Watch television on my computer?
Chapter 7
left Get images from a digital camera?
Chapter 7
Edit a text file?
Chapter 4
left Install Fedora?
Chapter 1
Make Fedora more secure?
Chapter 14
left Log in to Fedora?
Chapter 1
Mount a CD-ROM or hard drive?
Chapter 35

Fedora™ Unleashed, 2008 edition — читать онлайн бесплатно полную книгу (весь текст) целиком

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Fedora™ Unleashed, 2008 edition», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

► The number of days after which the password must be changed. This can be set to force the change of a newly issued password known to the system administrator.

► The number of days before password expiration that the user is warned it will expire.

► The number of days after the password expires that the account is disabled (for security).

► The number of days since January 1, 1970 that the account has been disabled.

► The final field is a "reserved" field and is not currently allocated for any use.

Note that password expiration dates and warnings are disabled by default in Fedora. These features are not used on home systems and usually not used for small offices. It is the sysadmin's responsibility to establish and enforce password expiration policies.

The permissions on the /etc/shadowfile should be set so that it is not writable or read able by regular users: The permissions should be 600.

PAM Explained

Pluggable Authentication Modules (PAM) is a system of libraries that handle the tasks of authentication on your computer. It uses four management groups: account management, authentication management, password management, and session management. This allows the system administrator to choose how individual applications will authenticate users. Fedora has preinstalled and preconfigured all the necessary PAM files for you.

The configuration files in Fedora are found in /etc/pam.d. These files are named for the service they control, and the format is as follows:

type control module-path module-arguments

The typefield is the management group to which the rule corresponds. The controlfield tells PAM what to do if authentication fails. The final two items deal with the PAM module used and any arguments it needs. Programs that use PAM typically come pack aged with appropriate entries for the /etc/pam.ddirectory. To achieve greater security, the system administrator can modify the default entries. Misconfiguration can have unpredictable results, so back up the configuration files before you modify them. The defaults provided by Fedora are adequate for home and small office users.

An example of a PAM configuration file with the formatted entries as described previously is shown next. Here are the contents of /etc/pam.d/system-config-users:

#%PAM-1.0

auth include config-util

account include config-util

session include config-util

Amusingly, even the PAM documents state that you do not really need (or want) to know a lot about PAM to use it effectively.

You will likely need only the PAM system administrator's guide. Look under the /usr/share/doc/pam*directory for additional documents in PostScript, text, and HTML formats.

Managing Password Security for Users

Selecting appropriate user passwords is always an exercise in trade-offs. A password such as password (don't laugh, it has been used too often before in the real world) is just too easy to guess by an intruder, as are simple words or number combinations (a street address, for example). A security auditor for one of my former employers used to take the cover sheet from an employee's personnel file (which contained the usual personal information of name, address, birth date, and so on) and then attempt to log on to a terminal with passwords constructed from that information—and often succeeded in logging on.

On the other hand, a password such as 2a56u'"F($84u*Hiu44Ik%$([#EJDis sure to present great difficulty to an intruder (or an auditor). However, that password is so difficult to remember that it would be likely that the password owner would write that password down and tape it next to her keyboard. I worked for a business in which the safe combination was written on the ceiling tile over the safe; the manager could not remember it and was told he should not keep it on a piece of paper in his wallet. This is but one of many examples of poor security in the field.

The sysadmin has control, with settings in the /etc/shadowfile, over how often the pass word must be changed. The settings can be changed with a text editor, the change command, or a configuration tool such as Fedora's User Manager, as shown in Figure 10.1. Click the Password Info tab under that particular user's Properties to set individual password policies.

Changing Passwords in a Batch

On a large system, there might be times when a large number of users and their pass words need some attention. The super user can change passwords in a batch by using the chpasswdcommand, which accepts input as a name/password pair per line in the following form:

# chpasswd username : password

You can change passwords en masse by redirecting a list of name and password pairs to the command. An appropriate shell script can be constructed with the information gleaned from this chapter.

However, Fedora also provides the newuserscommand to add users in a batch from a text file. This command also allows a user to be added to a group, and a new directory can be added for the user, too.

Granting System Administrator Privileges to Regular Users

It may be necessary for regular users to run a command as if they were the root user. They usually do not need these powers, but they might on occasion — for example, to temporarily access certain devices or run a command for testing purposes.

There are two ways to run commands with root privileges: The first is useful if you are the super user and the user; the second if you are not the regular user (as on a large, multiuser network).

Temporarily Changing User Identity with the suCommand

What if you are also root, but are logged on as a regular user because you are performing nonadministrative tasks and you need to do something that only the super user can do? The sucommand is available for this purpose.

NOTE

A popular misconception is that the sucommand is short for super user ; it just means substitute user . An important but often overlooked distinction is that between suand su -. In the former instance, you become that user but keep your own environmental variables (such as paths). In the latter, you inherit the environment of that user. This is most noticeable when you use suto become the super user, root. Without appending the -, you do not inherit the path variable that includes /binor /sbin, so you must always enter the full path to those commands when you just suto root.

Because almost all Linux file system security revolves around file permissions, it can be useful to occasionally become a different user with permission to access files belonging to other users or groups or to access special files (such as the communications port /dev/ttyS0when using a modem, or the sound device /dev/audiowhen playing a game). You can use the sucommand to temporarily switch to another user identity, and then switch back.

TIP

It is never a good idea to use an Internet Relay Chat (IRC) client as the root user, and you might not want to run it using your regular user account. Just create a special new user just for IRC and suto that user in a terminal widow to launch your IRC client.

The sucommand spawns a new shell, changing both the UID and GID of the existing user and automatically changes the environmental variables associated with that user. This behavior is known as inheriting the environment. See Chapter 4, "Command-Line Quick Start," for more information on environmental variables.

Читать дальше
Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

Похожие книги на «Fedora™ Unleashed, 2008 edition»

Представляем Вашему вниманию похожие книги на «Fedora™ Unleashed, 2008 edition» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.


Отзывы о книге «Fedora™ Unleashed, 2008 edition»

Обсуждение, отзывы о книге «Fedora™ Unleashed, 2008 edition» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.

x