# # Security °ü·Ã È­ÀÏ »ç¿ë¹ý # 1. The /etc/passwd file format username:password:uid:gid:comment:home-dir:login-shell username: login name ÀÌ ±â·ÏµÇ´Â °÷ password: ½ÇÁ¦·Î empty field À̸ç password data ´Â /etc/shadow ¿¡ ±â·ÏµÊ. uid : »ç¿ëÀÚÀÇ °íÀ¯ ¹øÈ£ gid : »ç¿ëÀÚÀÇ ¼Ò¼Ó ±¸·ì ¹øÈ£ comment : ÁÖ¼® home-dir: login ½Ã µé¾î°¡´Â »ç¿ëÀÚÀÇ È¨ µð·ºÅ丮 login-shell: login ½Ã ½ÇÇàµÇ´Â »ç¿ëÀÚÀÇ shell ȯ°æ 2. The /etc/shadow file format username:password:lastchg:min:max:warn:inactive:expire:flag username: login name ÀÌ ±â·ÏµÇ´Â °÷ password: 13ÀÚ·Î ±¸¼ºµÈ encrypt µÈ password data °¡ µé¾î°¨ lastchg : 1970³â 1¿ù1ÀÏÀ» ±âÁØÀ¸·Î password °¡ ¸¶Áö¸·À¸·Î º¯°æµÈ ³¯ÀÚ°¡ µé¾î°¨ min : password ¸¦ »ç¿ëÇÏ°íÀÚ ÇÏ´Â ÃÖ¼ÒÇÑÀÇ ³¯ÀÚ°¡ ±â·ÏµÊ. max : password ¸¦ »ç¿ëÇÏ°íÀÚ ÇÏ´Â ÃÖ´ëÇÑ ³¯ÀÚ°¡ ±â·ÏµÊ. warn : password ¸¸±âÀü¿¡ warning À» º¸³»µµ·ÏÇÏ´Â ³¯ÀÚ°¡ ±â·ÏµÊ. inactive: password¸¦ »ç¿ëÇÏÁö ¾Ê°í ÀÏÁ¤±â°£À» Áö³¯°æ¿ì »ç¿ëÀÚ°¡ locking µÇµµ·ÏÇÔ exxpire : login passwd °¡ ´õÀÌ»ó À¯È£ÇÏÁö ¾ÊÀº ³¯ÀÚ°¡ ±â·ÏµÊ flag : »ç¿ëÇÏÁö ¾Ê´Â option ÀÓ. 3. ¸í·É¾î »óÅ¿¡¼­ÀÇ passwd file Á¶ÀÛ ¹æ¹ý # passwd [ -l -d -n min -x max -w warn -x -a ] username l : passwd entry ¿¡ lock À» °É½Ã »ç¿ë d : user ÀÇ passwd ¸¦ »èÁ¦Çϴµ¥ »ç¿ë f : ´Ù½Ã login ÇÒ °æ¿ì passwd ±³Ã¼¸¦ ¿øÇÒ °æ¿ì¿¡ »ç¿ë n min: passwd change ÀÇ ÃÖ¼ÒÇÑÀÇ ³¯ÀÚ¸¦ ±â·Ï x max: passwd °¡ À¯È¿ÇÑ ÃÖ´ëÇÑÀÇ ³¯ÀÚ¸¦ ±â·Ï s : user ÀÇ passwd Ç׸ñÀ» º¸¿©ÁØ´Ù. a : ¸ðµç »ç¿ëÀÚÀÇ Á¤º¸¸¦ º¸¿©ÁØ´Ù. ( ¹Ýµå½Ã -s option °ú °°ÀÌ »ç¿ë ) 4. ¸í·É¾î »óÅ¿¡¼­ÀÇ user account µî·Ï ¹æ¹ý ------------------------------------------------------------------ # vi /etc/passwd user1:x:100:200: user1's home:/back1/user1:/bin/csh :wq # pwconv --> passwd fileÀÇ º¯µ¿³»¿ëÀÌ /etc/shadow ¿¡ Àû¿ëµÇµµ·ÏÇÔ # mkdir /back1/user1 # chown user1 /back1/user1 # grep 300 /etc/group user::300: # chgrp user /back1/user1 # su - user1 Sun Microsystems Inc. SunOS 5.5 Generic November 1995 % cp /etc/skel/local.cshrc .cshrc % cp /etc/skel/local.login .login % exit # passwd user1 New password: xxx Re-enter new password: xxx