{"id":2332,"date":"2017-06-17T15:22:27","date_gmt":"2017-06-17T07:22:27","guid":{"rendered":"http:\/\/cn.hostease.com\/xueyuan\/?p=2332"},"modified":"2017-06-17T15:22:27","modified_gmt":"2017-06-17T07:22:27","slug":"linux-%e8%b4%a6%e5%8f%b7%e7%ae%a1%e7%90%86%e4%b8%8e-acl-%e6%9d%83%e9%99%90%e9%85%8d%e7%bd%ae","status":"publish","type":"post","link":"https:\/\/cn.hostease.com\/xueyuan\/jishu\/fuwuqi\/linux-%e8%b4%a6%e5%8f%b7%e7%ae%a1%e7%90%86%e4%b8%8e-acl-%e6%9d%83%e9%99%90%e9%85%8d%e7%bd%ae\/","title":{"rendered":"Linux \u8d26\u53f7\u7ba1\u7406\u4e0e ACL \u6743\u9650\u914d\u7f6e"},"content":{"rendered":"

1.\u00a0Linux \u7684\u8d26\u53f7\u4e0e\u7fa4\u7ec4
\n\u3000\u30001.1\u00a0\u4f7f\u7528\u8005\u6807\u8bc6\u7b26\uff1a UID \u4e0e GID
\n1.2\u00a0\u4f7f\u7528\u8005\u8d26\u53f7\uff1a\/etc\/passwd \u6587\u4ef6\u7ed3\u6784,\u00a0\/etc\/shadow \u6587\u4ef6\u7ed3\u6784
\n1.3\u00a0\u5173\u4e8e\u7fa4\u7ec4\uff1a\u00a0\/etc\/group \u6587\u4ef6\u7ed3\u6784,\u00a0\u6709\u6548\u4e0e\u521d\u59cb\u7fa4\u7ec4,\u00a0groups,\u00a0newgrp,\u00a0\/etc\/gshadow
\n2.\u00a0\u8d26\u53f7\u7ba1\u7406
\n\u3000\u30002.1\u00a0\u65b0\u589e\u4e0e\u79fb\u9664\u4f7f\u7528\u8005\uff1a\u00a0useradd,\u00a0useradd \u53c2\u8003\u6863,\u00a0passwd,\u00a0chage,\u00a0usermod,\u00a0userdel
\n2.2\u00a0\u7528\u6237\u529f\u80fd\uff1afinger,\u00a0chfn,\u00a0chsh,\u00a0id
\n2.3\u00a0\u65b0\u589e\u4e0e\u79fb\u9664\u7fa4\u7ec4\uff1agroupadd,\u00a0groupmod,\u00a0groupdel,\u00a0gpasswd \u7fa4\u7ec4\u7ba1\u7406\u5458
\n2.4\u00a0\u8d26\u53f7\u7ba1\u7406\u5b9e\u4f8b
\n3.\u00a0\u4e3b\u673a\u7684\u7ec6\u90e8\u6743\u9650\u89c4\u5212\uff1aACL \u7684\u4f7f\u7528
\n\u3000\u30003.1\u00a0\u4ec0\u4e48\u662f ACL
\n3.2\u00a0\u5982\u4f55\u542f\u52a8 ACL
\n3.3\u00a0ACL \u7684\u914d\u7f6e\u6280\u5de7\uff1a\u00a0setfacl,\u00a0getfacl, ACL \u7684\u914d\u7f6e(user,\u00a0group\u00a0mask,\u00a0default)
\n4.\u00a0\u4f7f\u7528\u8005\u8eab\u4efd\u5207\u6362
\n\u3000\u30004.1\u00a0su
\n4.2\u00a0sudo\uff1a\u00a0sudo \u547d\u4ee4,\u00a0visudo (\/etc\/sudoers)\u00a0(\u00a0\u8d26\u53f7,\u00a0\u7fa4\u7ec4,\u00a0\u9650\u5236\u547d\u4ee4,\u00a0\u522b\u540d,\u00a0\u65f6\u95f4\u95f4\u9694,\u00a0\u914d\u5408 su <\/span><\/span><\/span><\/span><\/span>)
\n5.\u00a0\u4f7f\u7528\u8005\u7684\u7279\u6b8a shell \u4e0e PAM \u6a21\u5757
\n\u3000\u30005.1\u00a0\u7279\u6b8a\u7684 shell :\/sbin\/nologin,\u00a0nologin.txt
\n5.2\u00a0PAM \u6a21\u5757\u7b80\u4ecb
\n5.3\u00a0PAM \u6a21\u5757\u914d\u7f6e\u8bed\u6cd5\uff1a\u9a8c\u8bc1\u7c7b\u522b(type)\u3001\u63a7\u5236\u6807\u51c6(flag)\u3001\u6a21\u5757\u4e0e\u53c2\u6570
\n5.4\u00a0\u5e38\u7528\u6a21\u5757\u7b80\u4ecb\uff1a\u00a0securetty,\u00a0nologin,\u00a0pam_cracklib,\u00a0login\u6d41\u7a0b
\n5.5\u00a0\u5176\u4ed6\u76f8\u5173\u6587\u4ef6\uff1a\u00a0limits.conf,
\n6.\u00a0Linux \u4e3b\u673a\u4e0a\u7684\u7528\u6237\u4fe1\u606f\u4f20\u9012
\n\u3000\u30006.1\u00a0\u67e5\u8be2\u4f7f\u7528\u8005\uff1a w, who, last, lastlog
\n6.2\u00a0\u4f7f\u7528\u8005\u5bf9\u8c08\uff1a write, mesg, wall
\n6.3\u00a0\u4f7f\u7528\u8005\u90ae\u4ef6\u4fe1\u7bb1\uff1a mail
\n7.\u00a0\u624b\u52a8\u65b0\u589e\u4f7f\u7528\u8005
\n\u3000\u30007.1\u00a0\u4e00\u4e9b\u68c0\u67e5\u5de5\u5177\uff1apwck,\u00a0pwconv,\u00a0pwunconv,\u00a0chpasswd
\n7.2\u00a0\u7279\u6b8a\u8d26\u53f7\uff0c\u5982\u7eaf\u6570\u5b57\u8d26\u53f7\u7684\u624b\u5de5\u521b\u5efa
\n7.3\u00a0\u5927\u91cf\u5efa\u7f6e\u8d26\u53f7\u6a21\u677f(\u9002\u7528 passwd –stdin \u9009\u9879)
\n7.4\u00a0\u5927\u91cf\u5efa\u7f6e\u8d26\u53f7\u7684\u8303\u4f8b(\u9002\u7528\u4e8e\u8fde\u7eed\u6570\u5b57\uff0c\u5982\u5b66\u53f7)<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

1.\u00a0Linux \u7684\u8d26\u53f7\u4e0e\u7fa4\u7ec4 \u3000\u30001.1\u00a0\u4f7f\u7528\u8005\u6807\u8bc6\u7b26\uff1a UID \u4e0e GID 1.2\u00a0\u4f7f\u7528\u8005\u8d26\u53f7\uff1a\/etc\/ … \u9605\u8bfb\u66f4\u591a<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[49,9,21],"tags":[],"class_list":["post-2332","post","type-post","status-publish","format-standard","hentry","category-linux","category-fuwuqi","category-yidong"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/2332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/comments?post=2332"}],"version-history":[{"count":1,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/2332\/revisions"}],"predecessor-version":[{"id":2333,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/2332\/revisions\/2333"}],"wp:attachment":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/media?parent=2332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/categories?post=2332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/tags?post=2332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}