CHPASSWD
å称
大纲
æè¿°
é项
CAVEATS
éç½®æ件
æ件
åè§
å称
chpasswd − æ¹éæ´æ°å¯ç
大纲
|
chpasswd [é项] |
æè¿°
The chpasswd command reads a list of user name and password pairs from standard input and uses this information to update a group of existing users. Each line is of the format:
user_name:password
é»è®¤å¿é¡»æææä¾å¯ç ï¼ç¶åç± chpasswd å å¯ãå¦æå- å¨å¯ç å¹´é¾ä¿¡æ¯ï¼ä¹ä¼æ´æ°ä¹ã
The default encryption algorithm can be defined for the system with the ENCRYPT_METHOD or MD5_CRYPT_ENAB variables of /etc/login.defs, and can be overwritten with the −e, −m, or −c options.
chpasswd first updates all the passwords in memory, and then commits all the changes to disk if no errors occurred for any user.
æ¤å½ä»¤ä¸è¬ç¨äºéè¦ä¸æ¬¡å建å¾å¤ç¨æ·ç大åç³»ç»ã
é项
chpasswd å¯ä»¥æ¥åçé项æï¼
−c, −−crypt−method METHOD
使ç¨æå®çæ¹æ³å å¯å¯ç ã
å¯ç¨çæ¹æ³æ DES, MD5, NONE, and SHA256 æ SHA512ï¼åææ¯æ¨ç libc æ¯æè¿åæ¹æ³ã
By default (if none of the −c, −m, or −e options are specified), the encryption method is defined by the ENCRYPT_METHOD or MD5_CRYPT_ENAB variables of /etc/login.defs.
−e, −−encrypted
æä¾çå¯ç æ¯å·²ç»å å¯äºç
−h, −−help
ç°å®å¸®å©ä¿¡æ¯å¹¶éåºã
−m, −−md5
å¦ææä¾çå¯ç 没æå å¯ï¼åä½¿ç¨ MD5 å å¯èä¸æ¯ DESã
−R, −−root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
−s, −−sha−rounds ROUNDS
使ç¨æå®æ¬¡æ°ç轮转æ¥å å¯å¯ç ã
å¼ 0 表示让系ç»ä¸ºå å¯æ¹æ³éæ©é»è®¤çè½®è½¬æ¬¡æ° (5000)ã
ä¼å¼ºå¶æå° 1,000ï¼æ大 9,9999,9999
æ¨åªå¯ä»¥å¯¹ SHA256 æ SHA512 使ç¨æ¤é项ã
By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in /etc/login.defs.
CAVEATS
è®°ä½è¦è®¾ç½®æéæèæ©ç æ¥é»æ¢å¶å®ç¨æ·å¯¹æªå å¯æ件ç读åã
éç½®æ件
å¨ /etc/login.defs ä¸æå¦ä¸éç½®åéï¼å¯ä»¥ç¨æ¥æ´æ¹æ¤å·¥å·çè¡ä¸ºï¼
ENCRYPT_METHOD (string)
è¿å®ä¹äºç³»ç»å å¯å¯ç çé»è®¤ç®æ³(å¦æ没æå¨å½ä»¤è¡ä¸æå®ç®æ³)ã
å¯ä»¥ä½¿ç¨å¦ä¸å¼ï¼DES (default), MD5, SHA256, SHA512.
注æï¼æ¤åæ°ä¼è¦ç MD5_CRYPT_ENAB åéã
MD5_CRYPT_ENAB (boolean)
表示å¯ç æ¯å¦å¿é¡»ä½¿ç¨åºäº MD5 çç®æ³å å¯ãå¦æ设为 yesï¼æ°å¯ç å°ä½¿ç¨å¯ä»¥åæ°ç FreeBSD å¼å®¹çåºäº MD5 çç®æ³å å¯ãå®æ¯ææ éé¿åº¦çå¯ç 以åæ´é¿ççå- 符串ãå¦ææ¨éè¦å°å å¯çå¯ç å¤å¶å°å¶å®ä¸ç解æ°ç®æ³çç³»ç»ï¼è®¾ç½®ä¸º noãé»è®¤å¼æ¯ noã
This variable is superseded by the ENCRYPT_METHOD variable or by any command line option used to configure the encryption algorithm.
æ¤åéå·²ç»åºå¼ãæ¨åºè¯¥ä½¿ç¨ ENCRYPT_METHODã
SHA_CRYPT_MIN_ROUNDS (number), SHA_CRYPT_MAX_ROUNDS (number)
ENCRYPT_METHOD 设为 SHA256 æ SHA512 æ¶ï¼æ- ¤é¡¹ç¡®å®å å¯ç®æ³é»è®¤ä½¿ç¨ SHA 轮转æ°ç®(å½è½®è½¬æ°æ²¡æéè¿å½ä»¤è¡æå®æ¶)ã
使ç¨å¾å¤è½®è½¬ï¼ä¼è®©æ´åç ´è§£æ´å å°é¾ãä½æ¯éè¦æ³¨æï¼è®¤è¯ç¨æ·æ¶ä¹ä¼éè¦æ´å¤ç CPU èµæºã
å¦æ没ææå®ï¼libc ä¼éæ©é»è®¤ç轮转æ°(5000)ã
å¼å¿é¡»å¨ 1000 − 999,999,999 ä¹é´ã
å¦æåªè®¾ç½®äºä¸ä¸ª SHA_CRYPT_MIN_ROUNDS æ SHA_CRYPT_MAX_ROUNDS å¼ï¼å°±ä¼ä½¿ç¨è¿ä¸ªå¼ã
å¦æ SHA_CRYPT_MIN_ROUNDS > SHA_CRYPT_MAX_ROUNDSï¼å°ä¼ä½¿ç¨å¤§çé£ä¸ªã
æ件
/etc/passwd
ç¨æ·è´¦æ·ä¿¡æ¯ã
/etc/shadow
å®å¨ç¨æ·è´¦æ·ä¿¡æ¯ã
/etc/login.defs
Shadow å¯ç å¥ä»¶éç½®ã
åè§
passwd(1), newusers(8), login.defs(5),useradd(8).