Ako vyzera AIX5L
Poslednych niekolko mesiacov mavam neprekonatelne nutkanie publikovat. Neviem cim to je a ani sa nebudem pokusat odhalit to (urcite by sa mi ten dovod nepacil... a asi ani nikomu...). Takze zacnem ten moj blog trochu racionalizovat:
Ako vyzera AIX5L, 1. cast:
/etc/passwd:
tento subor vyzera zrejme vsade rovnako :>
username:!/*:UID:GID:Gecos - meno:homedir:shell
/etc/shadow:
[milsnism1xssh01:root:/home/root:] cat /etc/shadow
cat: 0652-050 Cannot open /etc/shadow.
Spravne tento subor na AIX5L neexistuje. Hesla su ulozene v /etc/security/passwd:
username:
password = hash
lastupdate = pocet sekund ubehnutych od 1.1.1970 do poslednej zmeny hesla :>
flags = sem sa zapisuju flagy - napr. ze uzivatel si musi zmenit heslo po dalsom prihlaseni (ADMCHG)
/etc/security/passwd je organizovany do odstavcov, takze pri grepovani usera pouzivame switch -p
Dalsi dolezity subor je /etc/security/user. Je organizovany do odstavcov, presne ako /etc/security/passwd a obsahuje parametre kazdeho usera. Nasleduje uryvok:
default:
admin = false
login = true
su = true
daemon = true
rlogin = true
sugroups = ALL
admgroups =
ttys = ALL
auth1 = SYSTEM
auth2 = NONE
tpath = nosak
umask = 077
expires = 0
SYSTEM = "compat"
logintimes =
pwdwarntime = 0
account_locked = false
loginretries = 5
histexpire = 0
histsize = 4
minage = 0
maxage = 13
maxexpired = -1
minalpha = 1
minother = 1
minlen = 8
mindiff = 1
maxrepeats = 2
dictionlist =
pwdchecks =
root:
admin = true
SYSTEM = "compat"
loginretries = 0
account_locked = false
umask = 22
rlogin = false
registry = files
Na zaciatku suboru su zapisane parametre neexistujuceho usera default. To zneman, ze ked je potrebne zistit parameter nejakeho usera a on ten parameter nema nastaveny, pouzije sa parameter nastaveny userovy default. Mali nedostatok tohoto riesenia je v tom, ze user default neexistuje (nieje uvedeny v /etc/passwd), takze ked chcete upravit defaultne nastavenia, musite editovat subor /etc/security/user a nemozete pouzit prikaz chuser.
[milsnism1xssh01:root:/home/root:] chuser minlen=8 default
3004-687 User "default" does not exist.
A teraz by som Vam chcel ukazat moj najoblubenejsi subor z tejto kategorie. Ziadne PAMky. Proste ... subor /etc/security/limits:
default:
fsize = -1
core = 2097151
cpu = -1
data = 262144
rss = 65536
stack = 65536
nofiles = 2000
root:
fsize = -1
core = -1
cpu = -1
data = -1
rss = -1
stack = -1
nofiles = -1
Znova, pre kazdeho usera na systeme plati nastavenie neexistujuceho usera default, kym ten user nema svoje vlastne nastavenie. Vysvetlivky k parametrom:
* Sizes are in multiples of 512 byte blocks, CPU time is in seconds
*
* fsize - soft file size in blocks
* core - soft core file size in blocks
* cpu - soft per process CPU time limit in seconds
* data - soft data segment size in blocks
* stack - soft stack segment size in blocks
* rss - soft real memory usage in blocks
* nofiles - soft file descriptor limit
* fsize_hard - hard file size in blocks
* core_hard - hard core file size in blocks
* cpu_hard - hard per process CPU time limit in seconds
* data_hard - hard data segment size in blocks
* stack_hard - hard stack segment size in blocks
* rss_hard - hard real memory usage in blocks
* nofiles_hard - hard file descriptor limit
*
* The following table contains the default hard values if the
* hard values are not explicitly defined:
*
* Attribute Value
* ========== ============
* fsize_hard set to fsize
* cpu_hard set to cpu
* core_hard -1
* data_hard -1
* stack_hard -1
* rss_hard -1
* nofiles_hard -1
*
* NOTE: A value of -1 implies "unlimited"
Zmena tychto parametrov neovplyvnuje procesy, ktore uz bezia a ani procesy spustane initom.
Posledny subor, ktory Vam chcem ukazat je /etc/security/lastlog:
root:
time_last_login = 1177338073
tty_last_login = ftp
host_last_login = ::ffff:195.118.230.193
unsuccessful_login_count = 0
time_last_unsuccessful_login = 1177336298
tty_last_unsuccessful_login = ftp
host_last_unsuccessful_login = ::ffff:195.118.230.193
Tu asi nieje potrebny ziaden komentar...
No nieje AIX5L krasny operacny system? :>
Ak mi k tomu pridate nejake commenty, tak druhy diel zalozim na Vasich otazkach.
PS: Dufam, ze to nieje prilis otravne :>