The Linux Programming Interface 08 Users And Groups 使用者和組__Linux

來源:互聯網
上載者:User

The Linux Programming Interface

Users And Groups

(01)使用者和組

Every user has a unique login name and an associated numeric user identifier (UID). Users can belong to one or more groups. Each group also has a unique name and a group identifier(GID).

(02) /etc/passwd檔案

放有使用者名稱,登入ID等資訊。

(03) 密碼檔案 /etc/shadow

The shadow password file, /etc/shadow, was devised as a method of preventing such attacks.

(04) /etc/group

組函數檔案夾

(05)擷取使用者和組資訊

#include <pwd.h>

struct passwd *getpwnam(const char *name);

struct passwd *getpwuid(uid_t uid);

Given a login name in name, the getpwnam() function returns a pointer to a structure of the following type, containing the corresponding information from the password record:

struct passwd {    char *pw_name;/* Login name (username) */    char *pw_passwd;/* Encrypted password */    uid_t pw_uid;/* User ID */    gid_t pw_gid;/* Group ID */    char *pw_gecos;/* Comment (user information) */    char *pw_dir;/* Initial working (home) directory */    char *pw_shell;/* Login shell */};

(06) getpwnam, getpwuid, getgrnam, getgrgid舉例

通過uid 得到name, 通過name 得到uid,還有組。

#include <pwd.h>#include <grp.h>#include <ctype.h>#include "ugid_functions.h"/* Declares functions defined here *//* Return name corresponding to 'uid', or NULL on error */char * userNameFromId(uid_t uid) {struct passwd *pwd;pwd = getpwuid(uid);return (pwd == NULL) ? NULL : pwd->pw_name;}/* Return UID corresponding to 'name', or -1 on error */uid_t userIdFromName(const char *name) {struct passwd *pwd;uid_t u;char *endptr;if (name == NULL || *name == '\0')return -1;u = strtol(name, &endptr, 10)if (*endptr == '\0')return u;pwd = getpwnam(name);if (pwd == NULL)return -1;return pwd->pw_uid;}/* Return name corresponding to 'gid', or NULL on error */char *groupNameFromId(git_t gid) {struct group *grp;grp = getgrpid(gid);return (grp == NULL) ? NULL : grp->gr_name;}/* Return GID corresponding to 'name', or -1 on error */gid_t groupIdFromName(const char *name) {struct group *grp;gid_t g;char *endptr;if (name == NULL || *name == '\0')return -1;g = strtol(name, &endptr, 10)if (*endptr == '\0')return g;grp = getgrnam(name);if (grp == NULL)return -1;    return grp->gr_gid;}

(07)得到所有的資訊

#include <pwd.h>#include <stdio.h>int main() {    struct passwd *pwd;    while ((pwd = getpwent()) != NULL)        printf("%-8s %5ld\n", pwd->pw_name, (long) pwd->pw_uid);    return 0;}

輸出:

wang@wang:~/Documents/tlpi-dist/users_groups$ ./getall
root         0
daemon       1
bin          2
sys          3
sync         4
games        5
man          6
lp           7
mail         8
news         9
uucp        10
proxy       13
www-data    33
backup      34
list        38
irc         39
gnats       41
nobody   65534
systemd-timesync   100
systemd-network   101
systemd-resolve   102
systemd-bus-proxy   103
syslog     104
_apt       105
messagebus   106
uuidd      107
lightdm    108
whoopsie   109
avahi-autoipd   110
avahi      111
dnsmasq    112
colord     113
speech-dispatcher   114
hplip      115
kernoops   116
pulse      117
rtkit      118
saned      119
usbmux     120
wang      1000

(08) 組

The getgrent(), setgrent(), and endgrent() functions perform analogous tasks fro the group file.

(09)驗證登入,結果是沒有許可權。

#define _BSD_SOURCE/* Get getpass() declaration from <unisstd.h> */#include <limits.h>#include <pwd.h>#include <shadow.h>#include "tlpi_hdr.h"#define _XOPEN_SOURCE       /* See feature_test_macros(7) */#include <unistd.h>int main(int argc, char *argv[]) {char *username, *password, *encrypted, *p;struct passwd *pwd;struct spwd *spwd;Boolean authOk;size_t len;long lnmax;lnmax = sysconf(_SC_LOGIN_NAME_MAX);if (lnmax == -1)lnmax = 256;username = malloc(lnmax);if (username == NULL)errExit("malloc");printf("Username: ");fflush(stdout);if (fgets(username, lnmax, stdin) == NULL)exit(EXIT_FAILURE);len = strlen(username);if (username[len - 1] == '\n')username[len - 1] = '\0';pwd = getpwnam(username);if (pwd == NULL)fatal("couldn't get password record");spwd = getspnam(username);if (pwd == NULL)fatal("couldn't get password record");spwd = getspnam(username);if (spwd == NULL && errno == EACCES)fatal("no permission to read shadow password file");/* If there is a shadow password record, use the shadow password */if (spwd != NULL)pwd->pw_passwd = spwd->sp_pwdp;password = getpass("Password: ");/* Encrypt password and erase cleartext version immediately */encrypted = crypt(password, pwd->pw_passwd);for (p = password; *p != '\0';)*p++ = '\0';if (encrypted == NULL)errExit("crypt");authOk = strcmp(encrypted, pwd->pw_passwd) == 0;if (!authOk) {printf("Incorrect password\n");exit(EXIT_FAILURE);}printf("Successfully authenticated: UID=%ld\n", (long) pwd->pw_uid);/* Now do authenticated work ... */exit(EXIT_SUCCESS);}
有些悲催的輸出:

wang@wang:~/Documents/tlpi-dist/lib$ ./check_password
Username: wang
ERROR: no permission to read shadow password file

(10)總結

Each user has a unique login name and an associated numeric user ID. Users can belong to one or more groups, each of which also has a unique name and an associated numeric numeric identifier. The primary purpose of these identifiers is to establish ownership of various system resources (e.g., files) and permissions for accessing them.

A user's name and ID are defined in the /etc/passwd file, which also contains others information about the user. A user's group membership are defined by fields in the /etc/passwd/ and /etc/group files. A furher file, /etc/shadow, which can be read only by privileged processes, is used to separate the sensitive password information from the publicly available user information in /etc/passwd. Various library functions are provided for retrieving information from each of these files.

    The crypt() function encrypts a passwd in the same manner as the standard login program, which is useful for program that need to authenticate users.

(11)習題


聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.