Author: amxku
Source: Amxku ' s blog
= = Maintain password and login control
Pwconv command: Create and upgrade/etc/shadow files using information from/etc/passwd files.
If the/etc/shadow file does not exist in the system, create the/etc/shadow file using the/etc/passwd file information.
If the/etc/shadow file exists in the system, do the following:
Users who exist in the/etc/passwd file but do not exist in the/etc/shadow file will be added to the/etc/shadow file.
Users who exist in the/etc/shadow file but do not exist in the/etc/passwd file will be removed from the/etc/shadow file. Generally we will lock the user by adding *lk* behind the name.
= = Monitor System usage
Display users who are logged on in the system
# Who (Invoke information in/var/adm/utmpx file)
Display details for users who are logged on in the system
# finger Username
# finger Username@remotehostname
-M: just match user name
Displays records of all logon activities in the system
# Last (call the information in the/var/adm/wtmpx file)
# last Username
# last Reboot
Displaying users logged on to a remote system
# rusers-l
= = Change file permissions
Chown command: Used to change the owner of a file
Command format: chown [option (s)] user_name filename (s)
chown [option (s)] UID filename (s)
For example:
# chown User2 File7
# chown-r User2 DIR4
# chown User3:class file2
# chown-r User3:class dir1 chgrp command: array for changing files
Command format: chgrp groupname filename (s)
CHGRP GID filename (s)
For example:
# CHGRP class file4 ==root User Login
Log in directly using the root username, and enter the root user's password.
Log on with a normal user, and then call the SU command to the root user.
SU command: Allows a user to change to another user without logging in.
Command format: su [-] [username]
The root user can use the SU command without a password to convert to any other user.
In addition to the root user, any user who transforms using the SU command must first know the converted user's password.
-: Perform a full login. Changes the user's working environment based on the profile created when the user is creating.
Manage user access
/etc/default/su
/etc/default/login
/ETC/DEFAULT/PASSWD # more Su
#ident @ (#) SU.DFL 1.6 93/08/14 SMI "/* SVr4.0 1.2 * *
# Sulog determines the location of the file used to log all SU attempts
Sulog=/var/adm/sulog
# CONSOLE Determines whether attempts to Su-root should be logged
# to the named device
#CONSOLE =/dev/console
# path Sets the initial shell path variable
#PATH =/usr/bin:
# Supath Sets the initial shell PATH variable for root
#SUPATH =/usr/sbin:/usr/bin
# syslog Determines whether the syslog (3) Log_auth facility should be used
# to log all SU attempts. Log_notice messages are generated for SU's to
# root, log_info messages are generated for SU's to other users, and Log_crit
# messages are generated for failed SU attempts.
Syslog=yes # More Login
#ident @ (#) LOGIN.DFL 1.10 99/08/04 SMI "* SVr4.0 1.1.1.1 * *
# Set The TZ environment variable of the shell.
#
#TIMEZONE =est5edt
# ULIMIT Sets the file size limit for the login. Units are disk blocks.
# The default of zero means no limit.
#
#ULIMIT =0
# If CONSOLE is set, root can ' login on ' that device.
# Comment This line out to allow remote login by root.
#
Console=/dev/console Limit root Access
Console=/dev/console
The root user can only log on at the console port, and any other root login will have an error.
# Console=/dev/console
Root user can log on from any device, including network, Modem, other terminals, etc.
console=
Root user cannot log on from anywhere. There is only one way to be a root user, first by using a normal user login, and then by using the SU command to convert to the root user. Remember to make sure that there are other users in the system that can log on before disabling root remote logins. Otherwise there will be a thrilling Solaris hardening process [http://www.amxku.net/archives/reinforcement-solaris/].
User Password Policy
# more passwd
#ident "@ (#) PASSWD.DFL 1.3 92/07/14 SMI"
Maxweeks=27 #密码最长存活周期
Minweeks=1 #密码最短存活周期
Passlength=8 #密码长度最小值
minalpha=2; Minnonalpha=1 #至少包括两个字母和一个非字母
# Note: The time priority set in the/etc/shadow file is higher than the time set in the/etc/default/passwd file
Amxku_at_msn.com
A document that is written when a user is trained. Personal humble opinion, there is the wrong place also hope treatise.
Amxku_at_msn.com
A document that is written when a user is trained. Personal humble opinion, there is the wrong place also hope treatise.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
