SUSE Linux 10 for dummies phần 10

Tham khảo tài liệu suse linux 10 for dummies phần 10, công nghệ thông tin, hệ điều hành phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả
Nội dung trích xuất từ tài liệu:
SUSE Linux 10 for dummies phần 10298 Part IV: Becoming a SUSE Wizard If you want to ensure that the user is forced to change a password every 90 days, you can use the -M option to set the maximum number of days that a password stays valid. For example, to make sure that user naba is prompted to change the password in 90 days, I log in as root and type the following command: chage -M 90 naba You can use the command for each user account to ensure that all passwords expire when appropriate, and that all users must pick new passwords. Protecting files and directories One important aspect of securing the host is to protect important system files — and the directories that contain these files. You can protect the files through the file ownership and through the permission settings that control who can read, write, or (in case of executable programs) execute the files. The default Linux file security is controlled through the following settings for each file or directory: User ownership Group ownership Read, write, execute permissions for the owner Read, write, execute permissions for the group Read, write, execute permissions for others (everyone else) Viewing ownerships and permissions You can see these settings for a file when you look at the detailed listing with the ls -l command. For example, type the following command to see the detailed listing of the /etc/inittab file: ls -l /etc/inittab The resulting listing looks something like this: -rw-r--r-- 1 root root 2926 Nov 12 20:11 /etc/inittab In Chapter 6, I explain how to interpret the first ten characters on that line. For now, you should know that the set of nine characters, starting with the second one, describes the file permissions for user, group, and others. The third and fourth fields show the user and group that own this file. In this case, both user and group names are the same: root. 299 Chapter 19: Securing SUSE LinuxChanging file ownershipsYou can set the user and group ownerships with the chown command. Forexample, if the file /dev/hda should be owned by the user root and thegroup disk, type the following command as root to set up this ownership: chown root.disk /dev/hdaTo change the group ownership alone, use the chgrp command. For exam-ple, here’s how you can change the group ownership of the file ledger.outfrom whatever it was earlier to the group named accounting: chgrp accounting ledger.outChanging file permissionsYou may need to change a file’s permission settings to protect it from others.Use the chmod command to change the permission settings of a file or adirectory.To use chmod effectively, you have to specify the permission settings. A goodway is to concatenate one or more letters from each column of Table 19-2, inthe order shown (Who/Action/Permission). Table 19-2 File Permission Codes Who Action Permission u user + add r read g group - remove w write o others = assign x execute a all s set user IDFor example, to give everyone read access to all files in a directory, pick a(for all) from the first column, + (for add) from the second column, and r (forread) from the third column to come up with the permission setting a+r.Then use the whole set of options with chmod, like this: chmod a+r *On the other hand, to permit everyone to read and execute one specific file,type chmod a+rx filename300 Part IV: Becoming a SUSE Wizard Suppose you have a file named mystuff that you want to protect. You can make it accessible to no one but you if you type the following commands, in this order: chmod a-rwx mystuff chmod u+rw mystuff The first command turns off all permissions for everyone, and the second command turns on the read and write permissions for the owner (you). Type ls -l to verify that the change took place. (You see a permission setting of -rw-------.) Another way to specify a permission setting is to use a three-digit sequence of numbers. In a detailed listing, the read, ...