User Environments
Chia sẻ bởi Nguyễn Việt Vương |
Ngày 29/04/2019 |
76
Chia sẻ tài liệu: User Environments thuộc Bài giảng khác
Nội dung tài liệu:
User Environments
Objectives
Construct different login profiles and user accounts
Define, and modify user environments
Security issues
Login Shells
Shell
an interface between the user and system (kernel).
reads commands from the user and executes appropriate programs
Shell is not implemented as part of OS kernel. The shells is a user-level program. Administrator can replace the standard shell by another shell.
There are many shells on Linux:
Bourne Again Shell (bash) : A superset of the commands of the origin Bourne shell, also implements features of csh and ksh
tcsh : A superset of the commands of the origin C shell
Public-domain Korn shell (pdksh):
zsh : similar to the ksh with many enhencements
Environment Files
When bash is executed at login time, two initialization files are executed :
/etc/profile : system-wide initialization file
~/.bash_profile or ~/.bash_login or ~/.profile : personal initialization file
These files :
Contains system commands
Provide a common environment for all users
Set a user-customized environment
Contain user commands and definitions
Environment Files
SYSTEMWIDE: /etc/profile /etc/bashrc
USER 1
~/.bash_profile
~/.bash_login
~/.profile
~/.bashrc
~/.bash_logout
~/.inputrc
USER 2
~/.bash_profile
~/.bash_login
~/.profile
~/.bashrc
~/.bash_logout
~/.inputrc
USER 3
~/.bash_profile
~/.bash_login
~/.profile
~/.bashrc
~/.bash_logout
~/.inputrc
Environment Files
login
/etc/profile
~/.bash_profile
~/.bash_profile
~/.bash_login
~/.bash_login
~/.profile
~/.bashrc
~/.bash_logout
/etc/bashrc
yes
yes
no
no
bash start
logout
/etc/profile Script
The /etc/profile do :
Exports environment variables such as LOGNAME for login name
Exports PATH for the default command path
Set some useful aliases
…
User-Specific Initialization Files
The user-specific initialization file(s) are stored in the home directory of the user. These initialization files can perform all or part of the following:
Set the default prompt
Define the default printer
Set default permissions
Tell the shell where to look for new mail (in MAIL=…)
Set noclobber to prevent overwriting of files during redirection
Set the command path to the user’s specification
Set up custom commands
Environment Files
bash will follow a particular sequence to initiate non-login shells ( e.g open a terminal session or sub-shell bash )
bash will look for the environment file ~/. bashrc and execute it
If BASH _ENV has been assigned with an alternative file, that file is executed
Login sequence
Initialization Files Read Process
Environment Definitions
Most users will need to modify some of environmental definitions to suit their requirements:
To see full list of variables, complete with description, look up the man pages for the shell you are using
Environment Definitions
Each user’s environment will be established and customized to reflect their requirements
To see all of your current variable settings (local), execute command set without any options
to see the settings of all of those definitions in your current environment that have been exported (global), use the commands printenv or env.
The umask Command
The umask command is used to define default permissions on newly created files, and is part of the process`s environment
System administrators set a default mask in /etc/profile (usually 022), but many users set their own masks in their .profile
Most common umask values : 000, 022, 033, 027, 077.
Message of the Day (motd)
/etc/motd: print to a user`s terminal after a successful login and before executing the user`s login shell
Keep message short and up to date, otherwise users will stop reading it
# more /etc/motd
Welcome to Acme`s Development System. Access to this system is restricted to authorized users only. Unauthorized access is prohibited and offenders are liable to prosecution
Guest Accounts
Many systems define a login called guest, in which the password is null or set to guest. Disable or remove this account —it is a security risk
System hackers logging in as guest can:
Get a list of login names (/etc/passwd)
Use find command to look for security holes
Find out about networked machines (/etc/hosts)
Access the network via telnet or rlogin
Shared Group Directories
Setting the group ID bit is very useful for shared directories
The SGID on a directory ensures that all files created in the directory have their group field set to that of the directory and not the creating process
Setting the sticky bit prevents users who are not the owner to remove files from a directory, even if they have write access to that directory so they can add files there
Summary
Construct different login profiles and user accounts
Define, explain, and modify user environments
Explain security issues
Objectives
Construct different login profiles and user accounts
Define, and modify user environments
Security issues
Login Shells
Shell
an interface between the user and system (kernel).
reads commands from the user and executes appropriate programs
Shell is not implemented as part of OS kernel. The shells is a user-level program. Administrator can replace the standard shell by another shell.
There are many shells on Linux:
Bourne Again Shell (bash) : A superset of the commands of the origin Bourne shell, also implements features of csh and ksh
tcsh : A superset of the commands of the origin C shell
Public-domain Korn shell (pdksh):
zsh : similar to the ksh with many enhencements
Environment Files
When bash is executed at login time, two initialization files are executed :
/etc/profile : system-wide initialization file
~/.bash_profile or ~/.bash_login or ~/.profile : personal initialization file
These files :
Contains system commands
Provide a common environment for all users
Set a user-customized environment
Contain user commands and definitions
Environment Files
SYSTEMWIDE: /etc/profile /etc/bashrc
USER 1
~/.bash_profile
~/.bash_login
~/.profile
~/.bashrc
~/.bash_logout
~/.inputrc
USER 2
~/.bash_profile
~/.bash_login
~/.profile
~/.bashrc
~/.bash_logout
~/.inputrc
USER 3
~/.bash_profile
~/.bash_login
~/.profile
~/.bashrc
~/.bash_logout
~/.inputrc
Environment Files
login
/etc/profile
~/.bash_profile
~/.bash_profile
~/.bash_login
~/.bash_login
~/.profile
~/.bashrc
~/.bash_logout
/etc/bashrc
yes
yes
no
no
bash start
logout
/etc/profile Script
The /etc/profile do :
Exports environment variables such as LOGNAME for login name
Exports PATH for the default command path
Set some useful aliases
…
User-Specific Initialization Files
The user-specific initialization file(s) are stored in the home directory of the user. These initialization files can perform all or part of the following:
Set the default prompt
Define the default printer
Set default permissions
Tell the shell where to look for new mail (in MAIL=…)
Set noclobber to prevent overwriting of files during redirection
Set the command path to the user’s specification
Set up custom commands
Environment Files
bash will follow a particular sequence to initiate non-login shells ( e.g open a terminal session or sub-shell bash )
bash will look for the environment file ~/. bashrc and execute it
If BASH _ENV has been assigned with an alternative file, that file is executed
Login sequence
Initialization Files Read Process
Environment Definitions
Most users will need to modify some of environmental definitions to suit their requirements:
To see full list of variables, complete with description, look up the man pages for the shell you are using
Environment Definitions
Each user’s environment will be established and customized to reflect their requirements
To see all of your current variable settings (local), execute command set without any options
to see the settings of all of those definitions in your current environment that have been exported (global), use the commands printenv or env.
The umask Command
The umask command is used to define default permissions on newly created files, and is part of the process`s environment
System administrators set a default mask in /etc/profile (usually 022), but many users set their own masks in their .profile
Most common umask values : 000, 022, 033, 027, 077.
Message of the Day (motd)
/etc/motd: print to a user`s terminal after a successful login and before executing the user`s login shell
Keep message short and up to date, otherwise users will stop reading it
# more /etc/motd
Welcome to Acme`s Development System. Access to this system is restricted to authorized users only. Unauthorized access is prohibited and offenders are liable to prosecution
Guest Accounts
Many systems define a login called guest, in which the password is null or set to guest. Disable or remove this account —it is a security risk
System hackers logging in as guest can:
Get a list of login names (/etc/passwd)
Use find command to look for security holes
Find out about networked machines (/etc/hosts)
Access the network via telnet or rlogin
Shared Group Directories
Setting the group ID bit is very useful for shared directories
The SGID on a directory ensures that all files created in the directory have their group field set to that of the directory and not the creating process
Setting the sticky bit prevents users who are not the owner to remove files from a directory, even if they have write access to that directory so they can add files there
Summary
Construct different login profiles and user accounts
Define, explain, and modify user environments
Explain security issues
* Một số tài liệu cũ có thể bị lỗi font khi hiển thị do dùng bộ mã không phải Unikey ...
Người chia sẻ: Nguyễn Việt Vương
Dung lượng: |
Lượt tài: 5
Loại file:
Nguồn : Chưa rõ
(Tài liệu chưa được thẩm định)