GPASSWD
å称
大纲
æè¿°
é项
CAVEATS
éç½®æ件
æ件
åè§
å称
gpasswd − 管çå /etc/group å /etc/gshadow
大纲
|
gpasswd [é项] group |
æè¿°
The gpasswd command is used to administer /etc/group, and /etc/gshadow. Every group can have administrators, members and a password.
System administrators can use the −A option to define group administrator(s) and the −M option to define members. They have all rights of group administrators and members.
gpasswd called by a group administrator with a group name only prompts for the new password of the group.
If a password is set the members can still use newgrp(1) without a password, and non−members must supply the password.
请注æç»å¯ç
Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co−operation between different users.
é项
é¤äº −A å −M é项ï¼å¶å®é项ä¸è½èå使ç¨ã
gpasswd å¯ä»¥æ¥åçé项æï¼
−a, −−add user
åå为 group çç»ä¸æ·»å ç¨æ· userã
−d, −−delete user
ä»å为 group çç»ä¸ç§»é¤ç¨æ· userã
−h, −−help
ç°å®å¸®å©ä¿¡æ¯å¹¶éåºã
−Q, −−root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
−r, −−remove−password
Remove the password from the named group. The group password will be empty. Only group members will be allowed to use newgrp to join the named group.
−R, −−restrict
Restrict the access to the named group. The group password is set to “!”. Only group members with a password will be allowed to use newgrp to join the named group.
−A, −−administrators user,…
设置æ管çæéçç¨æ·å表ã
−M, −−members user,…
设置ç»æåå表ã
CAVEATS
This tool only operates on the /etc/group and /etc/gshadow files. Thus you cannot change any NIS or LDAP group. This must be performed on the corresponding server.
éç½®æ件
å¨ /etc/login.defs ä¸æå¦ä¸éç½®åéï¼å¯ä»¥ç¨æ¥æ´æ¹æ¤å·¥å·çè¡ä¸ºï¼
ENCRYPT_METHOD (string)
è¿å®ä¹äºç³»ç»å å¯å¯ç çé»è®¤ç®æ³(å¦æ没æå¨å½ä»¤è¡ä¸æå®ç®æ³)ã
å¯ä»¥ä½¿ç¨å¦ä¸å¼ï¼DES (default), MD5, SHA256, SHA512.
注æï¼æ¤åæ°ä¼è¦ç MD5_CRYPT_ENAB åéã
MAX_MEMBERS_PER_GROUP (number)
æ¯ä¸ªç»æ¡ç®çæ大æåæ°ãè¾¾å°æ大å¼æ¶ï¼å¨ /etc/group å¼å§ä¸ä¸ªæ°æ¡ç®(è¡)(使ç¨åæ ·çå称ï¼åæ ·çå¯ç ï¼åæ ·ç GID)ã
é»è®¤å¼æ¯ 0ï¼æå³çç»ä¸çæåæ°æ²¡æéå¶ã
æ¤åè½(åå²ç»)å许éå¶ç»æ件ä¸çè¡é¿åº¦ãè¿å¯¹äºç¡®ä¿ NIS ç»çè¡æ¯é¿äº 1024 å符ã
å¦æè¦å¼ºå¶è¿ä¸ªéå¶ï¼å¯ä»¥ä½¿ç¨ 25ã
注æï¼åå²ç»å¯è½ä¸åææå·¥å·çæ¯æ(çè³å¨ Shadow å·¥å·éä¸- )ãæ¨ä¸åºè¯¥ä½¿ç¨è¿ä¸ªåéï¼é¤éççéè¦ã
MD5_CRYPT_ENAB (boolean)
表示å¯ç æ¯å¦å¿é¡»ä½¿ç¨åºäº MD5 çç®æ³å å¯ãå¦æ设为 yesï¼æ°å¯ç å°ä½¿ç¨å¯ä»¥åæ°ç FreeBSD å¼å®¹çåºäº MD5 çç®æ³å å¯ãå®æ¯ææ éé¿åº¦çå¯ç 以åæ´é¿ççå- 符串ãå¦ææ¨éè¦å°å å¯çå¯ç å¤å¶å°å¶å®ä¸ç解æ°ç®æ³çç³»ç»ï¼è®¾ç½®ä¸º noãé»è®¤å¼æ¯ noã
This variable is superseded by the ENCRYPT_METHOD variable or by any command line option used to configure the encryption algorithm.
æ¤åéå·²ç»åºå¼ãæ¨åºè¯¥ä½¿ç¨ ENCRYPT_METHODã
SHA_CRYPT_MIN_ROUNDS (number), SHA_CRYPT_MAX_ROUNDS (number)
ENCRYPT_METHOD 设为 SHA256 æ SHA512 æ¶ï¼æ- ¤é¡¹ç¡®å®å å¯ç®æ³é»è®¤ä½¿ç¨ SHA 轮转æ°ç®(å½è½®è½¬æ°æ²¡æéè¿å½ä»¤è¡æå®æ¶)ã
使ç¨å¾å¤è½®è½¬ï¼ä¼è®©æ´åç ´è§£æ´å å°é¾ãä½æ¯éè¦æ³¨æï¼è®¤è¯ç¨æ·æ¶ä¹ä¼éè¦æ´å¤ç CPU èµæºã
å¦æ没ææå®ï¼libc ä¼éæ©é»è®¤ç轮转æ°(5000)ã
å¼å¿é¡»å¨ 1000 − 999,999,999 ä¹é´ã
å¦æåªè®¾ç½®äºä¸ä¸ª SHA_CRYPT_MIN_ROUNDS æ SHA_CRYPT_MAX_ROUNDS å¼ï¼å°±ä¼ä½¿ç¨è¿ä¸ªå¼ã
å¦æ SHA_CRYPT_MIN_ROUNDS > SHA_CRYPT_MAX_ROUNDSï¼å°ä¼ä½¿ç¨å¤§çé£ä¸ªã
æ件
/etc/group
ç»è´¦æ·ä¿¡æ¯ã
/etc/gshadow
å®å¨ç»è´¦æ·ä¿¡æ¯ã
åè§
newgrp(1), groupadd(8), groupdel(8), groupmod(8), grpck(8), group(5), gshadow(5).