Linux Shadow Password HOWTO
Linux Shadow Password HOWTO
Michael H. Jackson, mhjack@tscnet.com
.
v1.3, 3 April 1996
¹ø¿ª: Á¶¿ëÀÏ,
mailto:tolkien@nownuri.nowcom.co.kr
¹ø¿ªÀÏ: 1997³â 2¿ù 1ÀÏ
ÀÌ ¹®¼´Â Linux Passwd Shadow Suite¸¦ ¾î¶»°Ô ¾ò°í, ¼³Ä¡ÇÏ°í, ÃʱâÈÇÏ´Â ¹æ¹ýÀ» ¼³¸íÇÏ°í ÀÖ´Ù. ¶ÇÇÑ user password¸¦ ÇÊ¿ä·Î ÇÏ´Â network daemonÀ̳ª software¸¦ ¾ò°í, À缳ġÇÏ´Â °Íµµ ´Ù·ç°í ÀÖ´Ù. ±×·± software´Â Shadow SuiteÀÇ ÀϺΰ¡ ¾Æ´ÏÁö¸¸, Shadow Suite¸¦ Áö¿øÇϵµ·Ï Àç compileÇÒ ÇÊ¿ä°¡ ÀÖ´Ù.
±ÛÁß¿¡´Â program¿¡ shadow¸¦ Áö¿øÇÏ´Â programming exampleµµ ÀÖ´Ù. ÀÚÁÖ ¹¯´Â Áú¹®µé¿¡ ´ëÇÑ ´äÀÌ ±Û ¸»¹Ì¿¡ ÀÖ´Ù.
ÀÌ°ÍÀº Linux Shadow-Password-HOWTOÀÌ´Ù. ÀÌ ±ÛÀº Linux system¿¡¼ shadow
password°¡ ¿Ö Áö¿øµÆ°í, ¾î¶² ½ÄÀ¸·Î Áö¿øÇÏ´ÂÁö ±â¼úÇÏ°í ÀÖ´Ù. Shadow
SuiteÀÇ ¸î¸î ±â´ÉÀ» ¾î¶»°Ô ¾²´Â°¡¿¡ ´ëÇÑ ¿¹Á¦µéµµ Æ÷ÇÔÇÏ°í ÀÖ´Ù.
Shadow Suite¸¦ ¼³Ä¡ÇÏ°í, ¸¹Àº utilityµéÀ» »ç¿ëÇÒ ¶§, ¹Ýµå½Ã root·Î
loginÇØ¾ß ÇÑ´Ù. Shadow Suite¸¦ ¼³Ä¡ÇÒ ¶§, system software¿¡ º¯È¸¦
ÁÖ¾î¾ß ÇÒ °ÍÀÌ´Ù. ±×¸®°í, Áö½ÃÇÏ´Â ´ë·Î programÀÇ backup º¹»çº»À» ¸¸µé¾î
³õ±â¸¦ °·ÂÈ÷ ±Ç°íÇÑ´Ù.
¶ÇÇÑ, ½ÃÀÛÇϱâ Àü¿¡ ¾È³»¼¸¦ Àаí ÀÌÇØÇϱ⸦ ±ÇÇÑ´Ù.
µ¡ ºÙ¿©Áø °Íµé:
shadow¸¦ ¿Ö ¼³Ä¡ÇÏÁö ¿øÇÏÁö ¾Ê´Â ÀÌÀ¯¿¡ ´ëÇÑ sub-section
xdmÀ» updateÇÏ´Â °Í¿¡ ´ëÇÑ sub-section
ÀÛ¾÷¿¡ Shadow SuiteÀÇ ±â´ÉÀ» Ãß°¡ÇÏ´Â ¹æ¹ý¿¡ ´ëÇÑ section
ÀÚÁÖ ¹¯´Â Áú¹®¿¡ ´ëÇÑ section
¼öÁ¤ ¹× updateµÈ °Íµé:
SunsiteÀÇ html ÂüÁ¶¸¦ Á¤Á¤
Makefile¿¡ -lshadow¸¦ µ¡ºÙÀ̵µ·Ï wu-ftp¿¡ ´ëÇÑ sectionÀÇ Á¤Á¤
öÀÚ¿Í ¼ö´Ù½º·¯¿òÀ» Á¤Á¤
ELF¸¦ Áö¿øÇϵµ·Ï wu-ftpd¿¡ ´ëÇÑ section º¯°æ
¿©·¯°¡Áö login programÀÇ º¸¾È ¹®Á¦¸¦ ¹Ý¿µÇϵµ·Ï update
Marek MichalkiewiczÀÇ Linux Shadow Suite¸¦ ±ÇÇϵµ·Ï update
ÀÌ ¹®¼ÀÇ ÃÖ±ÙÆÇÀº anonymous FTPÀÎ
sunsite.unc.edu
/pub/Linux/docs/HOWTO/Shadow-Password-HOWTO
¶Ç´Â:
/pub/Linux/docs/HOWTO/other-formats/Shadow-Password-HOWTO{-html.tar,ps,dvi}.gz
¿¡ ÀÖÀ¸¸ç, ¶Ç´Â
Linux Documentation Project Web Server¸¦ ÅëÇؼ,
Shadow-Password-HOWTO,
¶Ç´Â ³ª(<mhjack@tscnet.com>
)¿¡°Ô Á÷Á¢ ¾òÀ» ¼ö ÀÖ´Ù.
ÀÌ °ÍÀº newsgroup: comp.os.linux.answers
¿¡ Ç×»ó °Ô½ÃµÈ´Ù.
ÀÌ ¹®¼´Â Shadow-YYDDMM package¿¡ Æ÷ÇԵȴÙ.
³ª(
Michael H. Jackson <mhjack@tscnet.com>)¿¡°Ô ¾î¶² ÀÇ°ß, »õ·Î¿î °Í,
Á¦¾ÈÀ» º¸³»Áֱ⠹ٶõ´Ù. ³»°¡ »¡¸® ±×·¯ÇÑ °ÍµéÀ» ¹ÞÀ»¼ö·Ï, ÀÌ ¹®¼¸¦ »¡¸®
ÃֽŠÁ¤º¸¸¦ ´ã°í, À߸øÀ» ¹Ù·Î ÀâÀ» ¼ö ÀÖ´Ù. ¾î¶² ¹®Á¦°¡ ÀÖÀ» °æ¿ì¿¡´Â
³ª¿¡°Ô Á÷Á¢ ÀüÇØÁֱ⠹ٶõ´Ù. ¿Ö³ÄÇÏ¸é ³»°¡ newsgroup¿¡ ¸ÅÀÏ ¿Ã¶ó°¡Áö ¾Ê±â
¶§¹®ÀÌ´Ù.
±âº»ÀûÀ¸·Î, ´ëºÎºÐÀÇ Linux ¹èÆ÷º»µéÀº ÁغñµÈ Shadow Suite¸¦ Æ÷ÇÔÇÏÁö
¾Ê´Â´Ù. Slackware 2.3, Slackware 3.0, ´Ù¸¥ Àß ¾Ë·ÁÁø ¹èÆ÷º»µéÀÌ ±×·¯ÇÏ´Ù.
ÀÌ·¸°Ô ÇÏ´Â ÀÌÀ¯Áß Çϳª´Â ¿ø·¡ÀÇ Shadow Suite°¡ µ·À» ¹Þ°í Àç¹èÆ÷ÇÒ
°æ¿ì¿¡ ´ëÇÑ ÀúÀÛ±ÇÀÌ ¸íÈ®ÇÏÁö ¾Ê±â ¶§¹®ÀÌ´Ù. Linux´Â »ç¿ëÇϱâ ÆíÇÏ°Ô
Æ÷Àå(CD-ROM ¹èÆ÷ó·³)ÇÑ µÚ, ±×¿¡ ´ëÇÑ ´ñ°¡·Î µ·À» ¹Þ´Â °ÍÀ» Çã¿ëÇÏ´Â GNUÀÇ
ÀúÀÛ±Ç(Copyleft¶ó°í ºÒ¸®¿ì±âµµ ÇÑ´Ù)¸¦ »ç¿ëÇÑ´Ù.
Áö±Ý Shadow Suite¸¦ °ü¸®ÇÏ´Â
Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>¾¾´Â
Àç¹èÆ÷¸¦ Çã¿ëÇÏ´Â BSDÀÇ ÀúÀÛ±ÇÀ» µû¸£´Â ÀúÀڷκÎÅÍ source code¸¦ ¹Þ¾Ò´Ù.
µû¶ó¼, Áö±ÝÀº ÀúÀÛ±Ç ¹®Á¦´Â ÇØ°áµÇ¾î¼, ÀÌÈÄ¿¡ ³ª¿À´Â ¹èÆ÷º»¿¡´Â password¿¡
shadow°¡ ±âº»À¸·Î »ç¿ëµÉ ¼ö ÀÖÀ» °ÍÀÌ´Ù. ±×¶§±îÁö´Â ´ç½Å ½º½º·Î ¼³Ä¡Çؾß
µÈ´Ù.
CD-ROMÀ¸·ÎºÎÅÍ ¹èÆ÷º»À» ¼³Ä¡Çß´Ù¸é, ºñ·Ï ¹èÆ÷º»ÀÌ Shadow Suite¸¦
¼³Ä¡ÇÏÁö ¾Ê¾Ò´õ¶óµµ, CD-ROM¿¡¼ Shadow Suite¸¦ ¿øÇÏ´Â ¸î¸î fileµéÀÌ
ÀÖÀ» °ÍÀÌ´Ù.
¾î·µç, Shadow Suite 3.3.1, 3.3.1-2, shadow-mk´Â login program°ú
suid root¸¦ ¾²´Â program¿¡ º¸¾È ÇãÁ¡ÀÌ ÀÖ°í, ´õ ÀÌ»ó ¾²Áö ¸»¾Æ¾ß
ÇÑ´Ù.
¸ðµç ÇÊ¿äÇÑ fileµéÀº anonymous FTP³ª WWWÀ» ÅëÇؼ ¾òÀ» ¼ö ÀÖ´Ù.
Shadow Suite¸¦ ±òÁö ¾ÊÀº Linux system¿¡¼´Â, password¸¦ Æ÷ÇÔÇÑ »ç¿ëÀÚ
Á¤º¸´Â /etc/passwd
¿¡ º¸°üµÇ¾î ÀÖ´Ù. password´Â ¾ÏȣȵǾî¼
(encrypted) ÀúÀåµÈ´Ù. ¸¸ÀÏ ¾ÏÈ£ÇÐÀÇ Àü¹®°¡¿¡°Ô ¹¯´Â´Ù¸é, ±×´Â password´Â
encryptµÈ Çü½ÄÀ̶ó±â º¸´Ù´Â encodeµÈ Çü½ÄÀ¸·Î µÇ¾î ÀÖ´Ù.
ÀÌÀ¯´Â crypt(3)À» Àû¿ëÇÒ ¶§, text´Â null·Î ÇÏ°í password¸¦ key·Î »ç¿ëÇϱâ
¶§¹®À̶ó°í ÇÑ´Ù. µû¶ó¼ ÀÌ ¹®¼¿¡¼´Â encodeµÈÀ̶ó´Â ¸»À» ¾µ °ÍÀÌ´Ù.
(¿ªÀÚÁÖ : »çÀü¿¡´Â encode¿Í encrypt¸¦ °°Àº ¶æÀ¸·Î »ç¿ëÇÏ°í ÀÖÀ¾´Ï´Ù.
- ¾ÏÈ£·Î ¹Ù²ã¾²´Ù - ¶ó´Â ¶æÀÔ´Ï´Ù¸¸, ¾ÏÈ£ÇÐÀ» Àü°øÇϽÅ
ºÐµé¿¡°Ô´Â ´µ¾Ó½º°¡ ´Ù¸¦ °Í°°½À´Ï´Ù. ÀÌ¿¡ ´ëÇÑ º¸Ãæ ¹Ù¶ø´Ï´Ù.)
password¸¦ encodeÇÏ´Â µ¥ »ç¿ëµÇ´Â algorithmÀº ±â¼úÀûÀ¸·Î´Â ´Ü¹æÇâ
hash function°ú °°Àº ¹æ¹ýÀ¸·Î °£Áֵǰí ÀÖ´Ù. ÀÌ °ÍÀº ¼ø¹æÇâÀ¸·Î´Â
°è»êÇϱâ ÆíÇÏ°Ô µÇ¾î ÀÖÁö¸¸ ¿ª¹æÇâÀº ¿¬»êÀÌ ¸Å¿ì Èûµé°Ô µÇ¾î ÀÖ´Ù.
»ç¿ëµÈ algorithm¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ¼³¸íÀº section 2.4³ª crypt(3) manual page¿¡
ÀÖ´Ù.
»ç¿ëÀÚ°¡ password¸¦ ¼±ÅÃÇϰųª ÇÒ´ç¹ÞÀ» ¶§, password´Â
salt(¼Ò±Ý?)¶ó°í ºÒ¸®´Â ¹«ÀÛÀ§·Î »ý¼ºµÈ °ª°ú °°ÀÌ encodeµÈ´Ù.
ÀÌ°ÍÀº ¾î¶² passwordµçÁö 4096°¡ÁöÀÇ ´Ù¸¥ ¹æ¹ýÀ¸·Î ÀúÀåµÉ ¼ö ÀÖ´Ù¶ó´Â ¾ê±â´Ù.
salt °ªÀº encodeµÈ password¿Í °°ÀÌ ÀúÀåµÈ´Ù.
»ç¿ëÀÚ°¡ loginÇÏ°í password¸¦ »ç¿ëÇϸé, salt´Â encodeµÇ¾î ÀúÀåµÈ
password¿¡¼ »ÌÇôÁ® ³ª¿Â´Ù. ±×´ÙÀ½ ÀÔ·ÂµÈ password¿Í salt°¡ °°ÀÌ
encodeµÈ´Ù. ±×¸®°í, encodeµÇ¾î ÀúÀåµÈ password¿Í ºñ±³ÇÑ´Ù.
±× °á°ú, ¼·Î °°´Ù¸é »ç¿ëÀÚ´Â ÀÎÁõµÈ´Ù.
¹«Áú¼ÇÏ°Ô encodeµÈ password¸¦ ȹµæÇؼ ¿ø·¡ÀÇ password·Î µÇµ¹¸®´Â
°ÍÀº °è»ê»óÀ¸·Î´Â Èûµé´Ù(±×·¯³ª ºÒ°¡´ÉÇÏÁö´Â ¾Ê´Ù). ±×·¯³ª, ÀûÁö ¾ÊÀº »ç¿ëÀÚ°¡
»ç¿ëÇÏ´Â systemÀ̶ó¸é, Àû¾îµµ ¸î¸î password´Â ÀÏ»ó´Ü¾î·Î ÀÌ·ç¾îÁ® ÀÖ´Ù (¶Ç´Â
°£´ÜÇÑ º¯Á¾ÀÌ´Ù).
system crackerµé´Â ÀÌ·± °ÍÀ» ¾Ë°í, ÀÚÁÖ ¾²ÀÌ´Â passwordµé°ú ´Ü¾îÀÇ »çÀü°ú
°¡´ÉÇÑ 4096°¡Áö salt °ªÀ» »ç¿ëÇؼ encryptÀ» ÇàÇÒ °ÍÀÌ´Ù. ±×´ÙÀ½¿¡
±×µéÀº ±×µéÀÇ database¿¡ ÀÖ´Â ´ç½ÅÀÇ /etc/passwd
fileÀÇ encodeµÈ
password¿Í ºñ±³ÇÒ °ÍÀÌ´Ù. ÀÏ´Ü Çϳª¶óµµ ÀÏÄ¡ÇÑ´Ù¸é ±×µéÀº ¶Ç´Ù¸¥ °èÁ¤ÀÇ
password¸¦ °¡Áö°Ô µÇ´Â ¼ÀÀÌ´Ù. ÀÌ´Â dictionary attack(»çÀü °ø°Ý?)À̶ó
°í ºÒ¸®¿ì°í, system¿¡ Çã°¡µÇÁö ¾ÊÀº Á¢¼ÓÀ» ¾òÀ» ¶§ ¾²´Â °¡Àå º¸ÆíÀûÀÎ ¹æ¹ýÁß
ÇϳªÀÌ´Ù.
»ý°¢Çغ¸¶ó, 8¹®ÀÚµÈ password°¡ 4096 * 13¹®ÀÚ¿·Î encodeµÈ´Ù. ±×¸®°í,
400,000°³ÀÇ ÀÏ¹Ý ´Ü¾î, À̸§, password, ¾à°£ÀÇ º¯Çüµé·Î ÀÌ·ç¾îÁø »çÀüÀº
4G Byte hard¸¦ ½±°Ô ä¿ï °ÍÀÌ´Ù. °ø°ÝÀÚµéÀº ÀÌ·± Á¾·ùÀÇ °ÍÀÌ ÇÊ¿äÇÏ°í,
¸Â´Â Áö °Ë»çÇØ º¼ ÇÊ¿ä°¡ ÀÖ´Ù. ¸¸ÀÏ 10000 ´Þ·¯ÀÌÇÏ·Î ÀÌ·± 4G byteÂ¥¸® hard¸¦
°¡Áú ¼ö ÀÖ´Ù¸é, ´ëºÎºÐÀÇ system crackerµé¿¡°Ô´Â ÃæºÐÇÏ´Ù.
¶ÇÇÑ, cracker°¡ ´ç½ÅÀÇ /etc/passwd
fileÀ» ÀÌ¹Ì °¡Áö°í ÀÖ´Ù¸é, ±×µéÀº
/etc/passwd
file¿¡ Æ÷ÇԵǾî ÀÖ´Â salt
°ª¸¸ °¡Áö°í »çÀüÀ»
encodeÇÏ¸é µÈ´Ù.
ÀÌ ¹æ¹ýÀº 200 MegabyteÀÇ °ø°£°ú 486±Þ computer¸¦ °¡Áö°í ÀÖ´Â º¸Åë û¼Ò³âÀ̸é
ÀÌ¿ëÇÒ ¼ö ÀÖ´Ù.
½ÉÁö¾î ¸¹Àº °ø°£¾øÀÌ, crack(1)°ú °°Àº utilityµéÀº ÃÖ¼ÒÇÑ ÃæºÐÈ÷ ¸¹Àº »ç¿ëÀÚ¸¦
È®º¸ÇÏ°í ÀÖ´Â systemÀÇ password¸¦ 2°³Á¤µµ´Â ±ý ¼ö ÀÖ´Ù (user°¡ ÀÚ±â ÀÚ½ÅÀÇ
password¸¦ °í¸¦ ¼ö ÀÖ´Â systemÀ̶ó°í ÇÑ´Ù¸é).
/etc/passwd
fileÀº user ID¿Í group ID¿Í °°Àº ´ëºÎºÐÀÇ system
program¿¡¼ ¾²´Â Á¤º¸¸¦ °¡Áö°í ÀÖ´Ù. °Ô´Ù°¡ /etc/passwd
fileÀº "¸ðµÎ
Àб⠰¡´É"À¸·Î ³²¾Æ ÀÖ¾î¾ß ÇÑ´Ù. /etc/passwd
fileÀ» ¾Æ¹«µµ
º¸Áö ¸øÇÏ°Ô Çϸé, Á¦ÀÏ ¸ÕÀú ls -l
¸í·ÉÀÌ
ÀÌÁ¦ user À̸§´ë½Å user ID¸¦ Ãâ·ÂÇÏ´Â °ÍÀ» º¸°Ô µÉ °ÍÀÌ´Ù!
Shadow Suite´Â password¸¦ ´Ù¸¥ file(´ë°³ /etc/shadow
)¿¡
À§Ä¡½ÃÅ´À¸·Î½á ÀÌ ¹®Á¦¸¦ ÇØ°áÇÑ´Ù. /etc/shadow
fileÀº ¾î´À ´©±¸µµ º¼
¼ö ¾øµµ·Ï µÇ¾î ÀÖ´Ù. root¸¸ÀÌ /etc/shadow
¸¦ º¼ ¼ö ÀÖ°í, ¾µ
¼ö ÀÖ´Ù. ¾î¶² program (xlock °°Àº)Àº password¸¦ ¹Ù²Ü ¼ö ÀÖ´Â ±Ç¸®¸¦ ¿øÇÏÁö
¾Ê´Â´Ù. password¸¦ È®ÀÎÇÒ ¼ö ÀÖÀ¸¸é µÈ´Ù. ÀÌ·± programµéÀº
suid root·Î ½ÇÇàµÇ°Å³ª, /etc/shadow
¸¦ Àб⸸ ÇÒ ¼ö ÀÖ´Â
shadow·Î groupÀ» ¹Ù²Ù¾î ÁÖ¸é µÈ´Ù.
±×·¯¸é programÀº sgid shadow·Î ½ÇÇà½Ãų ¼ö ÀÖ´Ù.
password¸¦ /etc/shadow
file·Î ¿Å°Ü ÁÜÀ¸·Î½á,
dictionary attack¸¦ Çϱâ À§Çؼ encodeµÈ passwordµé¿¡ Á¢±ÙÇÏ´Â
°ø°ÝÀÚµéÀº È¿°úÀûÀ¸·Î ¹æÇØÇÒ ¼ö ÀÖ´Ù.
Ãß°¡ÀûÀ¸·Î Shadow Suite´Â ¸î°¡Áö ±¦ÂúÀº ±â´ÉÀ» ´õ °¡Áö°í ÀÖ´Ù:
- login ±âº»»çÇ×(
/etc/login.defs
)µéÀÌ ÁغñµÈ configuration file
- user °èÁ¤ ¹× groupÀ» Ãß°¡, ¼öÁ¤, »èÁ¦ÇÏ´Â utilityµé
- passwordÀÇ À¯È¿±â°£ ¼³Á¤°ú °æ°úÈÄ Ãë¼Ò
- °èÁ¤ ¹«È¿¿Í µ¿°á
- group passwordµéÀÇ shadow (¼±ÅûçÇ×)
- 2¹è ±æÀ̸¦ °¡Áö´Â passwrd (16¹®ÀÚ password) (±ÇÇÏÁö ¾ÊÀ½)
- user°¡ password¸¦ °í¸¦ ¶§, ÀûÀýÇÑ ÅëÁ¦
- ÀüÈÁ¢¼Ó¿ë password
- º¸Á¶ ÀÎÁõ program (±ÇÇÏÁö ¾ÊÀ½)
Shadow Suite¸¦ ¼³Ä¡ÇÏ´Â °ÍÀº Á» ´õ º¸¾ÈÀÌ °ÈµÈ systemÀ¸·Î ¸¸µé¾î
ÁØ´Ù. ±×·¯³ª, Linux systemÀÇ º¸¾ÈÀ» °È½ÃÄÑÁÖ´Â ´Ù¸¥ ¸¹Àº °ÍµéÀÌ ÀÖ°í,
µû¶ó¼ ±Ã±ØÀûÀ¸·Î ´Ù¸¥ º¸¾È µµ±¸³ª °ü·ÃµÈ »ç¾ÈÀ» ´Ù·ç´Â Linux Security HOWTO
series°¡ »ý±æ °ÍÀÌ´Ù.
¾Ë·ÁÁø Ãë¾àÁ¡À» Æ÷ÇÔÇÑ Linux º¸¾È ¹®Á¦¿¡ ´ëÇÑ Á¤º¸¸¦ ¾òÀ¸·Á¸é
Linux Security home page¸¦ ¹æ¹®Çϱ⠹ٶõ´Ù.
´ÙÀ½°ú °°Àº ȯ°æµé¿¡¼´Â, Shadow Suite°¡ ÁÁÀº ´ë¾ÈÀÌ µÉ ¼ö
¾ø´Ù:
- systemÀÌ »ç¿ëÀÚ °èÁ¤À» °¡Áö°í ÀÖÁö ¾Ê´Ù.
- ´ç½ÅÀÇ systemÀÌ LANÀ§¿¡¼ ¿î¿µµÇ°í ÀÖ°í, network»óÀÇ ´Ù¸¥ ±â°è¿¡ »ç¿ëÀÚ
À̸§°ú password¸¦ ¾ò±â À§Çؼ NIS(Network Information Services)¸¦ »ç¿ëÇÑ´Ù.
(ÀÌ °Í¸¸À¸·Î Àß ¿î¿µµÇ°í ÀÖ°í, - ±× ÀÌ»óÀº ÀÌ ¹®¼ÀÇ ¹üÀ§¸¦ ³Ñ´Â´Ù - º¸¾ÈÀ»
±×´ÙÁö ¸¹ÀÌ °È½ÃÅ°±â¸¦ ¿øÇÏÁö ¾Ê´Â´Ù.)
- ´ç½ÅÀÇ ±â°è°¡ NFS(Network File System), NIS ¶Ç´Â ´Ù¸¥ ¹æ¹ýÀ» ÅëÇØ
»ç¿ëÀÚ¸¦ È®ÀÎÇϱâ À§ÇÑ terminal server·Î »ç¿ëµÇ°í ÀÖ´Ù.
- »ç¿ëÀÚ¸¦ È®ÀÎÇÏ´Â ´Ù¸¥ software¸¦ »ç¿ëÇÏ°í ÀÖ°í, ¾µ ¼ö ÀÖ´Â shadow
versionÀÌ ¾ø´Ù. ±×¸®°í, source codeµµ °®°í ÀÖÁö ¾Ê´Ù.
shadowÀÇ ¼¼·Ê¸¦ ¹ÞÁö ¾ÊÀº /etc/passwd
fileÀº ´ÙÀ½°ú °°ÀÌ ±¸¼ºµÇ¾î ÀÖ´Ù.
username:passwd:UID:GID:full_name:directory:shell
°¢¿ä¼Ò´Â:
username
-
»ç¿ëÀÚ (login) À̸§
passwd
-
encodeµÈ password
UID
-
¼ýÀÚ·Î µÈ user ID
GID
-
¼ýÀÚ·Î µÈ ±âº» group ID
full_name
-
userÀÇ ½ÇÁ¦ À̸§ - ½ÇÁö·Î ÀÌ field´Â GECOS
(General Electric Comprehensive Operating System: ÀÏ¹Ý ÀüÀÚÀû Á¾ÇÕ ¿î¿µ ü°è?)
field¶ó°í ºÒ¸®¿ì¸ç, ´ÜÁö ½ÇÁ¦ À̸§º¸´Ù´Â ´Ù¸¥ Á¤º¸¸¦ °¡Áú ¼ö ÀÖ´Ù. Shadow
¸í·Éµé°ú manual page´Â ÀÌ field¸¦ comment·Î ´Ù·é´Ù.
directory
-
»ç¿ëÀÚÀÇ home directory (Full pathname)
shell
-
»ç¿ëÀÚÀÇ login shell (Full pathname)
¿¹¸¦ µé¸é:
username:Npge08pfz4wuk:503:100:Full Name:/home/username:/bin/sh
Np
´Â saltÀ̸ç,
ge08pfz4wuk
´Â
encodeµÈ passwordÀÌ´Ù.
encodeµÈ salt/password´Â
kbeMVnZM0oL7I
°¡ µÉ ¼öµµ ÀÖ°í, µÑÀº °°Àº
password¸¦ °¡¸®Å²´Ù. °°Àº password¿¡ ´ëÇؼ 4096°³ÀÇ ´Ù¸¥ encodingÀÌ Á¸ÀçÇÒ
¼ö ÀÖ´Ù. (¿¹¸¦ µç password´Â 'password'À̸ç, »ó´çÈ÷
³ª»Û
passwordÀÌ´Ù).
shadow suite°¡ ¼³Ä¡µÇ¸é, /etc/passwd
fileÀº ´ÙÀ½Ã³·³ ¹Ù²ï´Ù:
username:x:503:100:Full Name:/home/username:/bin/sh
µÎ¹ø° fieldÀÇ
x
´Â ¾Æ¹« °Íµµ ¾Æ´Ï´Ù. (°ø°£¸¸ Â÷ÁöÇÏ°í ÀÖÀ»
»ÓÀÌ´Ù.)
/etc/passwd
fileÀÇ Çü½ÄÀº ÀüÇô ¹Ù²îÁö ¾Ê¾Ò´Ù. ´ÜÁö
encodeµÈ password¸¦ Æ÷ÇÔÇÏÁö ¾ÊÀ» »ÓÀÌ´Ù. ÀÌ´Â
/etc/passwd
fileÀ» Àб⸸ ÇÒ »Ó password¸¦ °Ë»çÇÏÁö ¾ÊÀº programÀº ¾Æ¹« ÀÌ»ó¾øÀÌ µ¹¾Æ°£´Ù´Â
°ÍÀ» ÀǹÌÇÑ´Ù.
ÀÌÁ¦ password°¡ shadow file(´ëºÎºÐ /etc/shadow
file)·Î Àç¹èÄ¡µÈ´Ù.
/etc/shadow
fileÀº ´ÙÀ½°ú °°Àº Á¤º¸¸¦ °®°í ÀÖ´Ù:
username:passwd:last:may:must:warn:expire:disable:reserved
°¢ ¿ä¼Ò´Â:
username
-
»ç¿ëÀÚ À̸§
passwd
-
encodeµÈ password
last
-
ÃÖ±ÙÀÇ password¸¦ ¹Ù²Û ³¯ (1970, 1, 1ÀϺÎÅÍ °è»êÇÑ ³¯¼ö)
may
-
password¸¦ ¹Ù²Û ´ÙÀ½, ¶Ç ¹Ù²Ù±â À§ÇØ ±â´Ù¸®´Â ³¯¼ö (´ÙÀ½ password·ÎÀÇ º¯°æ À¯¿¹±â°£)
must
-
´ÙÀ½ password·Î ¹Ù²Ü¾î¾ß ÇÒ ¶§±îÁöÀÇ ±â°£ (Çö password À¯È¿±â°£)
warn
-
password°¡ ¸¸·áµÇ±â Àü¿¡ user¿¡°Ô ¹Ù²Ü °ÍÀ» °æ°íÇÏ´Â ±â°£
expire
-
password°¡ ¸¸·áµÈ µÚ, user °èÁ¤ »ç¿ëÀÌ ºÒ°¡´ÉÇϱâ±îÁö ±â°£
disable
-
°èÁ¤ÀÌ »ç¿ë ºÒ°¡´ÉÇÏ°Ô µÈ ³¯(1970, 1, 1ÀϺÎÅÍ °è»êÇÑ ³¯¼ö)
reserved
-
³²°ÜµÒ
ÀüÀÇ ¿¹Á¦ °æ¿ì ´ÙÀ½°ú °°´Ù:
username:Npge08pfz4wuk:9479:0:10000::::
crypt(3) manual ÆäÀÌÁö¿¡ ÀÇÇϸé:
"crypt´Â password¸¦ encryptÇÏ´Â ÇÔ¼öÀÌ´Ù. ÀÌ´Â Data
Encryption Standard algorithm¸¦ ±â¹ÝÀ¸·Î, (¹«¾ùº¸´Ù) key¸¦ ã´Â ±â°èÀûÀÎ
¹æ¹ýÀÌ ÀÌ¿ëµÇ±â Èûµéµµ·Ï ¾à°£ÀÇ º¯ÇüÀÌ °¡ÇØÁ® ÀÖ´Ù.
key´Â »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ passwordÀÌ´Ù. [encodeµÇ´Â stringÀ» ÀüºÎ NULLÀÌ´Ù.]
saltÀº [a-zA-Z0-9./]·Î ÀÌ·ç¾îÁø ÁýÇÕÀ¸·ÎºÎÅÍ °í¸¥ µÎ¹®ÀÚ·Î ÀÌ·ç¾îÁø
¹®ÀÚ¿ÀÌ´Ù. ÀÌ ¹®ÀÚ¿Àº 4096°³ °æ¿ìÁßÀÇ Çϳª·Î algorithmÀÌ È¥¶õ½º·´°Ô º¸ÀÌ·Á´Â
¸ñÀûÀ¸·Î ¾²ÀδÙ.
keyÀÇ °¢ ¹®ÀÚÀÇ ÇÏÀ§ 7 bitÀ» ÃëÇÔÀ¸·Î½á, 56-bit key°¡ ÁÖ¾îÁø´Ù. ÀÌ 56-bit
key´Â ÀÏÁ¤ÇÑ ¹®ÀÚ¿À», ¹Ýº¹Çؼ encryptÇÏ´Â µ¥ ¾²ÀδÙ. °á°ú´Â 13°³ ASCII
¹®ÀÚ¿·Î, encryptµÈ password¸¦ °¡¸®Å²´Ù (óÀ½ µÎ°³ ¹®ÀÚ´Â salt ±× ÀÚ½ÅÀÌ´Ù).
°á°ú°ªÀº ¸Å¹ø È£ÃâµÉ ¶§¸¶´Ù ´Ù½Ã ¾²ÀÌ´Â °íÁ¤µÈ data¸¦ °¡¸®Å²´Ù.
°æ°í: key space´Â 2**56, Áï 7.2e16 °¡´ÉÇÑ °ªÀ¸·Î ÀÌ·ç¾îÁ® ÀÖ´Ù. key
space¸¦ »ô»ôÀÌ µÚÁö´Â °ÍÀº °Å´ëÇÑ º´·Ä computer¸¦ »ç¿ëÇÏ¸é °¡´ÉÇÒ
°ÍÀÌ´Ù. crack(1)
¿Í °°Àº, ´ëºÎºÐÀÇ »ç¶÷µéÀÌ password·Î »ï´Â
key spaceÀÇ Æ¯Á¤ ºÎºÐÀ» ã´Â software°¡ ÀÖ´Ù. µû¶ó¼, ÃÖ¼ÒÇÑ password¸¦
¼±ÅÃÇÒ ¶§, ÀÚÁÖ ¾²ÀÌ´Â ´Ü¾î³ª À̸§Àº ÇÇÇϱ⠹ٶõ´Ù. passwd
programÀ»
»ç¿ëÇÏ¿©, ã±â ½¬¿î password¸¦ ¼±ÅÃÇÏ´Â Áö °Ë»çÇϱ⸦ ¹Ù¶õ´Ù.
DES algorithm, ±× ÀÚü´Â °¡²û crypt(3)
interface¸¦ »ç¿ëÇÏ´Â °ÍÀÌ
´Ù¸¥ password ÀÎÁõÀ» À§ÇÑ ¾î¶² °Íº¸´Ù ´õ ³ª»Û ¼±ÅÃÀ¸·Î ¸¸µé¾î ¹ö¸®´Â °æÇâÀÌ
ÀÖ´Ù. º¸¾È °È¸¦ À§Çؼ crypt(3)
¸¦ »ç¿ëÇÏ·Á°í ÇÑ´Ù¸é, DES¸¸ »ç¿ëÇÏÁö
¸¶¶ó: encryption¿¡ ´ëÇÑ ÁÁÀº Ã¥°ú ³Î¸® ¾²ÀÌ´Â DES libraryµéÀ» ±¸Ç϶ó."
(¿ªÀÚÁÖ : ¿ø¹®Àº
The DES algorithm itself has a few quirks which make the use of the
crypt(3)
interface a very poor choice for anything other than
password authentication. If you are planning on using the crypt(3)
interface for a cryptography project, don't do it: get a good book on
encryption and one of the widely available DES libraries." ÀÔ´Ï´Ù.
±×Áß¿¡¼ don't do it: get ...ºÎºÐÀÌ ¸Å¿ì ¾Ö¸ÅÇÕ´Ï´Ù. itÀÌ ¹«¾ó °¡¸®Å°´Â °ÇÁö
¸íÈ®ÇÏÁö ¾Ê½À´Ï´Ù. ÀÏ´Ü, get ...À» ±ÇÀ¯ÇÏ´Â °ÍÀ¸·Î ÃßÃøÇÏ°í ¹ø¿ªÀ» Çß´Â µ¥...)
´ëºÎºÐ Shadow SuiteµéÀº passwordÀÇ ±æÀ̸¦ 16¹®ÀÚ·Î ´ÃÀÌ´Â code¸¦
Æ÷ÇÔÇÑ´Ù. des
ÀÇ Àü¹®°¡µéÀº À̸¦ ±ÇÇÏÁö´Â ¾Ê´Â´Ù. ¿Ö³ÄÇϸé Àü¹ÝºÎ¸¦
encodingÇÑ µÚ, ±ä passwordÀÇ ÈĹݺθ¦ encodingÇÏ´Â ´Ü¼øÇÑ ¹æ¹ýÀ̱⠶§¹®ÀÌ´Ù.
crypt
ÀÇ ¹æ½Ä´ë·Î¶ó¸é, ±ä password¸¦ »ç¿ëÇÏÁö ¾Ê´Â °Íº¸´Ù ´õ
Ãë¾àÇÑ password¸¦ ¸¸µé ¼ö ÀÖ´Ù. ´õ¿ì±â, »ç¿ëÀÚ°¡ 16¹®ÀÚ³ª µÇ´Â password¸¦
±â¾ïÇϱâ Èûµé´Ù´Â Ãø¸éµµ ÀÖ´Ù.
crypt
¹æ¹ý°ú ȣȯ¼ºÀ» Áö´Ï¸é¼, ±ä password¸¦ Áö¿øÇÏ°í
´õ °ÈµÈ ÀÎÁõ(ƯÈ÷, MD5 algorithm)À» ÇÒ ¼ö ÀÖ´Â ¹æ¹ýÀÌ ¿¬±¸ÁßÀÌ´Ù.
encryption¿¡ ´ëÇÑ Ã¥À¸·Î ´ÙÀ½À» ±ÇÇÑ´Ù:
"Applied Cryptography: Protocols, Algorithms, and Source Code in C"
by Bruce Schneier <schneier@chinet.com>
ISBN: 0-471-59756-2
ÀÌ SECTION¿¡¼ ¼Ò°³ÇÏ´Â PACKAGE¸¦ »ç¿ëÇÏÁö ¸»¶ó. ¹®Á¦Á¡ÀÌ ¹ß°ßµÇ¾ú´Ù
ÃÖÃÊ·Î Shadow Suite¸¦ ¸¸µç »ç¶÷Àº John F. Haugh II
ÀÌ´Ù.
Linux system¿¡¼ »ç¿ëµÇ´Â °ÍÀ¸·Î´Â ´ÙÀ½°ú °°Àº °ÍµéÀÌ ÀÖ´Ù.
shadow-mk
package´Â shadow-3.3.1-2 patch
°¡ Àû¿ëµÈ,
John F. Haugh II
¾¾¿¡ ÀÇÇØ ¹èÆ÷µÈ shadow-3.3.1
package¸¦
Æ÷ÇÔÇÏ°í ÀÖ´Ù. °Å±â¿¡ Á» ´õ ¼³Ä¡°¡ ½±°Ô
Mohan Kokal <magnus@texas.net>¾¾²²¼ Á¶±Ý °íÄ¡°í,
Joseph R.M. Zbiciak
¾¾²²¼ /bin/loginÀÇ -f, -h º¸¾È ±¸¸ÛÀ» Á¦°ÅÇÑ
login1.c
(login.secure)°¡ µ¡ ºÙ¿©Áö°í, ¸î¸î ´Ù¸¥ Àâ´ÙÇÑ patch°¡
Àû¿ëµÇ¾î ÀÖ´Ù.
shadow.mk
package´Â ÇöÀç login
program¿¡
º¸¾È»ó ÇãÁ¡°¡ ÀÖ¾î Á¶¸¸°£ ´ëüµÉ °ÍÀÌ´Ù.
Shadow 3.3.1, 3.3.1-2, shadow-mk´Â login
program¿¡
º¸¾È»ó ÇãÁ¡ÀÌ ÀÖ´Ù. ÀÌ login
bug´Â login nameÀÇ ±æÀ̸¦
°Ë»çÇÏÁö ¾Ê´Â °ÍÀ» Æ÷ÇÔÇÏ°í ÀÖ´Ù. ÀÌ °ÍÀº Ãæµ¹ ¶Ç´Â ´õ ³ª»Û °ÍÀ» À¯¹ß½ÃÅ°´Â
buffer overflow¸¦ ¹ß»ý½ÃŲ´Ù. ÀÌ buffer overflow°¡, ÀÌ bug¿Í ÇÔ²² shared
library¸¦ »ç¿ëÇÏ´Â system¿¡¼ ¾î¶² »ç¿ëÀÚ¿¡°Ô root ±ÇÇÑÀ» ÁشٴÂ
¼Ò¹®ÀÌ ÀÖ¾î ¿Ô´Ù. ³ª´Â ¾î¶»°Ô ÀÌ·± ÀÏÀÌ °¡´ÉÇÑÁö ±¸Ã¼ÀûÀ¸·Î °Å·ÐÇÏÁö ¾Ê°Ú´Ù.
±× ÀÌÀ¯´Â ÀÌ·± (bug°¡ ÀÖ´Â) Shadow Suite¸¦ ¼³Ä¡Çؼ ÇÇÇظ¦ ÀÔÀ» ¼ö
ÀÖ´Â Linux systemÀÌ ¸¹°í, Shadow SuiteÀÌ ¾ø´Â ELF-ÀÌÀü
¹èÆ÷ÆÇ¿¡°Ôµµ À§ÇèÇϱ⠶§¹®ÀÌ´Ù.
ÀÌ ¹®Á¦¿Í ´Ù¸¥ Linux º¸¾È°ü·Ã ¹®Á¦¿¡ ´ëÇØ ´õ ÀÚ¼¼È÷ ¾Ë°í ½Í´Ù¸é,
Linux Security home page (Shared Libraries and login Program Vulnerability)¸¦ ÂüÁ¶Ç϶ó.
±ÇÇÒ¸¸ÇÑ Shadow SuiteÀº ¾ÆÁ÷ BETA testingÁßÀÌ´Ù. ¾î·µç ÃÖ±Ù versionÀÌ
¾ÈÀüÇϸç, Ãë¾àÇÑ login
programÀ» Æ÷ÇÔÇÏÁö ¾Ê´Â´Ù.
package´Â ´ÙÀ½°ú °°Àº ¸í¸í±ÔÄ¢À» °®´Â´Ù:
shadow-YYMMDD.tar.gz
YYMMDD
´Â Suite°¡ ¹ßÇ¥µÈ ³¯Â¥ÀÌ´Ù.
ÀÌ versionÀº Beta testingÀÌ ³¡³ª¸é, °á±¹ Version 3.3.3ÀÌ µÉ°ÍÀÌ°í,
Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>¿¡ ÀÇÇؼ À¯Áöº¸¼ö µÇ°í ÀÖ´Ù.
shadow-current.tar.gz¿¡¼ ¾òÀ» ¼ö ÀÖ´Ù.
¶ÇÇÑ, ´ÙÀ½¿¡ ³ª¿À´Â mirror siteµé¿¡¼ ¾òÀ» ¼ö ÀÖ´Ù:
ÇöÀç ³ª¿ÍÀÖ´Â versionÀ» »ç¿ëÇϱ⠹ٶõ´Ù.
shadow-960129
º¸´Ù ÀÌÀü¿¡ ³ª¿Â versionÀ» ¾²Áö ¸»±â ¹Ù¶õ´Ù:
¾Õ¿¡¼ ³íÀÇÇÑ login
º¸¾È ÇãÁ¡ÀÌ ÀÖ´Ù.
ÀÌ ¹®¼¿¡¼ Shadow Suite¶ó°í ¸»ÇÏ´Â °ÍÀº ÀÌ versionÀ» °¡¸®Å²´Ù. ¶ÇÇÑ,
´ç½ÅÀÌ »ç¿ëÇÏ°í ÀÖ´Â package¶ó°í °¡Á¤ÇÑ´Ù.
Âü°íÀûÀ¸·Î, ¼³Ä¡ ¾È³»¼¸¦ ÀÛ¼ºÇÏ´Â µ¥, shadow-960129
¸¦ »ç¿ëÇß´Ù.
ÀÌÀü¿¡ shadow-mk
¸¦ »ç¿ëÇß´Ù¸é, ÀÌ versionÀ¸·Î upgrade¸¦ ÇÏ°í, ÀÌÀü¿¡
compileÇß´ø °ÍÀ» ´Ù½Ã Çϱ⠹ٶõ´Ù.
Shadow Suite´Â ´ÙÀ½ programÀÇ ´ëüǰÀ» °¡Áö°í ÀÖ´Ù:
su, login, passwd, newgrp, chfn, chsh, id
¶ÇÇÑ, »õ·Î¿î programµéµµ ÀÖ´Ù:
chage, newusers, dpasswd, gpasswd, useradd, userdel, usermod, groupadd,
groupdel, groupmod, groups, pwck, grpck, lastlog, pwconv, pwunconv
µ¡ºÙ¿©, library: libshadow.a
°¡ »ç¿ëÀÚ password¿¡ Á¢±ÙÇÏ´Â programÀ»
ÀÛ¼ºÇϰųª compileÇϱâ À§ÇØ Æ÷ÇԵǾî ÀÖ´Ù.
¶ÇÇÑ, programµéÀ» À§ÇÑ manual pageµµ ÀÖ´Ù.
/etc/login.defs
·Î ¼³Ä¡µÇ´Â login programÀÇ ¼³Á¤ fileµµ ÀÖ´Ù.
package¸¦ ¹ÞÀ» µÚ óÀ½ ÇÒ ÀÏÀº Ç®¾î Á¦Ä¡´Â °ÍÀÌ´Ù. package´Â gzipÀ¸·Î ¾ÕÃàµÈ
tar (tape archive) Çü½ÄÀ¸·Î µÇ¾î ÀÖÀ¸¹Ç·Î, /usr/src
·Î ¿Å±ä µÚ:
tar -xzvf shadow-current.tar.gz
±×·¯¸é, /usr/src/shadown-YYMMDD
¶ó´Â directory¿¡ Ç®¸± °ÍÀÌ´Ù.
ù°, Makefile
°ú config.h
¸¦ º¹»çÇÑ´Ù:
cd /usr/src/shadow-YYMMDD
cp Makefile.linux Makefile
cp config.h.linux config.h
±×¸®°í config.h
¸¦ º¸¶ó. ÀÌ fileÀº ¸î¸î ¼³Á¤ »çÇ׿¡ ´ëÇÑ Á¤ÀǸ¦ ´ã°í
ÀÖ´Ù. ¸¸ÀÏ ±Ç°íÇÑ package¸¦ °¡Áö°í ÀÖ´Ù¸é, ÀÏ´Ü group shadow Áö¿øÀ»
»ç¿ëÇÏÁö ¾Êµµ·Ï Çϱ⸦ ±ÇÇÑ´Ù.
±âº»À¸·Î, shadowµÈ group passwordµéÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. À̸¦ ¹Ù²Ù±â À§Çؼ
config.h
ÀÇ #define SHADOWGRP
¸¦ #undef SHADOWGRP
·Î
¹Ù²Û´Ù. ³ª´Â ±×µéÀ» »ç¿ëÇÏÁö ¾Ê°í ½ÃÀÛÇÒ °ÍÀ» ¿øÇÑ´Ù. ³ªÁß¿¡ Àý½ÇÈ÷ group
password¿Í group °ü¸®ÀÚ¸¦ ¿øÇÑ´Ù¸é, ´Ù½Ã »ç¿ë°¡´ÉÇϵµ·Ï ÇÑ µÚ ÀçcompileÇϸé
µÈ´Ù. ¸¸ÀÏ »ç¿ë°¡´ÉÀ¸·Î ³²°ÜµÐ´Ù¸é, ¹Ýµå½Ã /etc/gshadow
fileÀ» ¸¸µé¾î¾ß ÇÑ´Ù.
±ä password »ç¿ëÀ» ÇÏ´Â °ÍÀº ¾Õ¿¡¼ ¾ê±âÇÑ´ë·Î ±ÇÇÏÁö ¾Ê´Â´Ù.
#undef AUTOSHADOW
¶ó°í ÇÑ °ÍÀ» ¹Ù²ÙÁö ¸»¶ó.
AUTOSHADOW
¼±ÅûçÇ×Àº shadow¸¦ ¹«½ÃÇÏ´Â programµéÀÌ °è¼Ó ÀÛµ¿Çϵµ·Ï
ÇÏ·Á´Â ¸ñÀûÀ¸·Î ÁغñµÈ °ÍÀ̾ú´Ù. ÀÌ À̾߱â´Â À̷лóÀ¸·Î´Â ±¦ÂúÁö¸¸, Á¦´ë·Î
±â´ÉÇÏÁö ¾Ê´Â´Ù. ÀÌ optionÀ» Çã¿ëÇÏ°í root·Î½á programÀ» ½ÇÇà½ÃÅ°¸é, ±× ³ðÀº
getpwnam()
¸¦ root±ÇÇÑÀ¸·Î ºÎ¸£°í, ÈÄ¿¡ /etc/passwd
file¿¡
¼öÁ¤µÈ ³»¿ëÀ» ´Ù½Ã ¾²°Ô µÈ´Ù (´õÀÌ»ó shadowµÇÁö ¾ÊÀº ä·Î). ±×·±
program¿¡´Â chfn°ú chsh°¡ ÀÖ´Ù. (getpwnam()
¸¦ È£ÃâÇϱâ Àü¿¡,
½ÇÁ¦ uid¿Í À¯È¿ uid¸¦ ¹Ù²Û´ÙÇصµ À̸¦ ȸÇÇÇÒ ¼ö ¾ø´Ù. ¿Ö³ÄÇϸé rootµµ
chfn°ú chsh¸¦ »ç¿ëÇÒ °ÍÀ̱⶧¹®ÀÌ´Ù. (¿ªÀÚÁÖ: ¸ðÈ£Çϳ׿ä. system programming¿¡
°üÇÑ ³»¿ë°°´Â µ¥... ¾Æ½Ã´Â ºÐÀÇ ¼³¸í ¹Ù¶ø´Ï´Ù.))
libc¸¦ ¸¸µé ¶§µµ °°Àº °æ¿ì°¡ ÀÖ´Ù. SHADOW_COMPAT
optionÀÌ ±× °ÍÀÌ´Ù.
±× °ÍÀº ¾²¸é ¾È µÈ´Ù! /etc/passwd
·ÎºÎÅÍ encodeµÈ password¸¦
¾ò±â ½ÃÀÛÇÑ´Ù´Â °ÍÀÌ ¹®Á¦´Ù.
Áö±Ý »ç¿ëÇÏ°í ÀÖ´Â libc
versionÀÌ 4.6.27ÀÌÀüÀ̶ó¸é, config.h
¿Í
Makefile
À» °íÄ¥ °ÍÀÌ ´õ ÀÖ´Ù.
config.h
¿¡¼ ¹Ù²Ü °ÍÀº:
#define HAVE_BASENAME
À»
#undef HAVE_BASENAME
À¸·Î.
±×¸®°í
Makefile
¿¡¼´Â:
SOBJS = smain.o env.o entry.o susetup.o shell.o \
sub.o mail.o motd.o sulog.o age.o tz.o hushed.o
SSRCS = smain.c env.c entry.c setup.c shell.c \
pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \
tz.c hushed.c
À»
SOBJS = smain.o env.o entry.o susetup.o shell.o \
sub.o mail.o motd.o sulog.o age.o tz.o hushed.o basename.o
SSRCS = smain.c env.c entry.c setup.c shell.c \
pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \
tz.c hushed.c basename.c
À¸·Î.
ÀÌ °íħÀº
libc 4.6.27
À̳ª ±× ÀÌÈÄ¿¡ Æ÷ÇÔµÈ
basename.c
¿¡ ÀÖ´Â
code¸¦ µ¡ºÙÀδÙ.
shadow suite°¡ ´ëü½Ãų programµéÀ» ÃßÀûÇؼ backupÀ» ¸¸µå´Â °Íµµ ÁÁÀº
»ý°¢ÀÌ´Ù. Slackware 3.0¿¡´Â ´ÙÀ½°ú °°´Ù:
- /bin/su
- /bin/login
- /usr/bin/passwd
- /usr/bin/newgrp
- /usr/bin/chfn
- /usr/bin/chsh
- /usr/bin/id
BETA package´Â Makefile¿¡ backupÀ» ¸¸µé ¸ñ·ÏÀÌ ÀÖÁö¸¸, ´Ù¸¥ ¹èÆ÷ÆÇ¿¡¼
´Ù¸¥ À§Ä¡¿¡ ³õ¿© ÀÖÀ» ¼ö Àֱ⿡ ¼³¸íÀ¸·Î 󸮵Ǿî ÀÖ´Ù.
¶ÇÇÑ /etc/passwd
fileÀ» backup¹Þ±â¸¦ ¹Ù¶õ´Ù. ±×·¯³ª, °°Àº directory¿¡
¸¸µé ¶§, passwd
¸í·ÉÀ¸·Î µ¤¾î ¾²Áö ¸øÇϵµ·Ï, À̸§À» Á¤ÇÒ ¶§ Á¶½ÉÇضó.
°ÅÀÇ ´ëºÎºÐÀÇ ¼³Ä¡°úÁ¤¿¡¼ ´ç½ÅÀÌ root ±ÇÇÑÀ» Áö´Ò ÇÊ¿ä°¡ ÀÖ´Ù.
package¸¦ compileÇϱâ À§ÇØ makeÀ» ½ÇÇà½ÃŲ´Ù:
make all
´ÙÀ½°ú °°Àº °æ°í¹®°¡ ³ª¿À´Â °æ¿ì°¡ ÀÖ´Ù: rcsid defined but not used (rcsid°¡ Á¤ÀǵǾî ÀÖÁö¸¸ »ç¿ëµÇÁö ¾Ê½À´Ï´Ù)
. ±¦Âú´Ù, ÀÌ °Ç ÀúÀÚ°¡ version
control package¸¦ »ç¿ëÇϱ⿡ ³ª¿À´Â °ÍÀÌ´Ù.
¹º°¡ À߸øµÇ¾î °£´Ù¸é, boot disk¸¦ ÁغñÇØ¾ß µÉ °ÍÀÌ´Ù. ¼³Ä¡½Ã boot/root disk¸¦
»ç¿ëÇß´Ù¸é, ±× °É·Î ÃæºÐÇÏ´Ù. ±×·¸Áö ¾Ê´Ù¸é,
Bootdisk-HOWTO¿¡ booting°¡´ÉÇÑ disk¸¦ ¸¸µå´Â ¹ýÀÌ ÀûÇôÀÖÀ¸´Ï ÂüÁ¶Ç϶ó.
¶ÇÇÑ, ´ëüµÉ manual pageµéÀ» ¿Å±â±æ ¹Ù¶õ´Ù. ½ÉÁö¾î backup¾øÀÌ Shadow Suite¸¦
¼³Ä¡ÇÒ Á¤µµ·Î ¹«¸ðÇÒÁö´õ¶óµµ, ¿©ÀüÈ÷ ¿¾ manual pageµéÀº Á¦°ÅÇϱ⸦ ¿øÇÒ °ÍÀÌ´Ù.
´ë°³ ¿¾ manual page°¡ ¾ÐÃàµÇ¾î º¸°üµÇ¾î ÀÖÀ¸¹Ç·Î, »õ °ÍµéÀº ÀÌÀü °Í¿¡ µ¤¾î¾²Áö
¸øÇÒ ¼ö ÀÖ´Ù.
Á¦°Å ¶Ç´Â ¿Å±æ ÇÊ¿ä°¡ ÀÖ´Â manual page¸¦ ã±â À§ÇØ man -aW command
³ª
locate command
¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù. make install
À» ½ÇÇà½ÃÅ°±â
Àü¿¡ ±×·± ½ÄÀ¸·Î ¿¾ pageµéÀ» ã´Â °ÍÀÌ ÀϹÝÀûÀ¸·Î ´õ ½±´Ù.
Slackware 3.0 ¹èÆ÷ÆÇÀ» »ç¿ëÇÑ´Ù¸é, Á¦°ÅÇØ¾ß ÇÒ man pageµéÀº:
- /usr/man/man1/chfn.1.gz
- /usr/man/man1/chsh.1.gz
- /usr/man/man1/id.1.gz
- /usr/man/man1/login.1.gz
- /usr/man/man1/passwd.1.gz
- /usr/man/man1/su.1.gz
- /usr/man/man5/passwd.5.gz
¶Ç, /var/man/cat[1-9]
ÀÇ subdirectory¿¡ »èÁ¦ÇØ¾ß ÇÒ °Í°ú °°Àº À̸§À»
Áö´Ñ ³ðµéÀÌ ÀÖ´Ù.
ÀÌÁ¦ Áغñ°¡ ³¡³µ´Ù: (root·Î¼ ÀÌ ÀÏÀ» ÇսôÙ)
make install
ÀÌ ÀÏÀº »õ °ÍÀ» ±ò°Å³ª, ¿¾ °Í°ú ´ëüÇϸç file permissionÀ» °íÄ£´Ù. ¶Ç,
man pageµµ ¼³Ä¡ÇÑ´Ù.
±×¸®°í, /usr/include/shadow
¿¡ Shadow Suite¿¡ ÀÖ´Â include fileÀ»
¼³Ä¡ÇØÁØ´Ù.
BETA package¸¦ ¾´´Ù¸é, Á÷Á¢ login.defs
¸¦ /etc
¿¡ º¹»çÇÏ°í,
root¸¸ÀÌ À̸¦ ¹Ù²Ü ¼ö ÀÖµµ·Ï ÇØÁÖ¾î¾ß ÇÑ´Ù.
cp login.defs /etc
chmod 700 /etc/login.defs
ÀÌ fileÀº login programÀÇ ¼³Á¤ fileÀÌ´Ù. ³»¿ëÀ» ´Ù½Ã º¸°í, ´ç½ÅÀÇ
system¿¡ ¸Â°Ô °íÄ¡±â ¹Ù¶õ´Ù. ÀÌ°ÍÀº root·Î loginÇÒ ¼ö ÀÖ´Â tty¸¦ °áÁ¤ÇÏ°í,
´Ù¸¥ º¸¾È °ü·Ã settingÀ» °áÁ¤ÇÑ´Ù(password Ãë¼Ò¿¡ ´ëÇÑ ±âº»°ª°°Àº).
´ÙÀ½ ÀÏÀº pwconv
¸¦ ½ÇÇà½ÃÅ°´Â °ÍÀÌ´Ù. ¹Ýµå½Ã root·Î¼ ÀÌ ÀÏÀ»
ÇØ¾ß µÉ »Ó¸¸ ¾Æ´Ï¶ó, /etc
directory¿¡¼ ÇÏ¸é ±Ý»ó÷ȴÙ:
cd /etc
/usr/sbin/pwconv
pwconv
´Â /etc/passwd
¿Í ±× ¾È¿¡¼ ¸î¸î fieldÀ» °¡Á®¿Í ´ÙÀ½
µÎ fileÀ» ¸¸µç´Ù: /etc/npasswd
¿Í /etc/nshadow
.
pwunconv
program˼ /etc/passwd
¿Í /etc/shadow
·ÎºÎÅÍ
Æò¹üÇÑ /etc/passwd
fileÀ» ¸¸µé °æ¿ì¿¡ ´ëºñÇØ ÁÖ¾îÁø´Ù.
ÀÌÁ¦ pwconv
¸¦ ½ÇÇà½ÃÄѼ /etc/npasswd
¿Í /etc/nshadow
¸¦
¾ò¾ú´Ù. ÀÌ °ÍµéÀ» /etc/passwd
¿Í /etc/shadow
·Î µ¤¾î¾µ ÇÊ¿ä°¡
ÀÖ´Ù. ¿ì¸®´Â ¿ø /etc/passwd
¸¦ backupÀ» ¹Þ±â¸¦ ¿øÇÏ°í, root¸¸ ÀÐÀ» ¼ö
ÀÖ°Ô ÇÑ´Ù. ±×¸®°í backupÀ» rootÀÇ home directory·Î ¿Å±ä´Ù:
cd /etc
cp passwd ~passwd
chmod 600 ~passwd
mv npasswd passwd
mv nshadow shadow
fileÀÇ ¼ÒÀ¯¿Í permission¿¡ °üÇÑ °ÍÀ» Á¤È®ÇÏ°Ô Çضó. X-Windows¸¦ ¾µ
»ý°¢À̶ó¸é, xlock
¿Í xdm
program˼ shadow
fileÀ»
ÀÐÀ» ¼ö ÀÖ°Ô ÇÑ´Ù (¾²´Â °ÍÀº ¸»°í).
ÀÌ ÀÏÀ» °¡´ÉÇÏ°Ô ÇÏ´Â ¹æ¹ýÀº µÎ°¡Áö´Ù. xlock
¿¡ suid root¸¦ ¼³Á¤ÇØ ÁÙ
¼ö ÀÖ´Ù(xdm
°¡ rootÀÇ ±ÇÇÑÀ¸·Î ½ÇÇàµÉ ¼ö ÀÖ´Ù). ¶Ç´Â shadow
fileÀ» shadow
groupÀÇ root
°¡ ¼ÒÀ¯ÇÑ °ÍÀ¸·Î ¸¸µå´Â °ÍÀÌ´Ù.
±×·¯³ª µÎ ¹ø° Á¦¾ÈÀ» Çϱâ Àü¿¡ shadow group(/etc/group
¸¦ º¸¶ó)ÀÌ ÀÖ´Â
Áö È®½ÇÈ÷ Çضó. ÇöÀç systemÀÇ ¾î¶² »ç¿ëÀÚµµ shadow group¿¡ ¼ÓÇØÀÖÀ¸¸é ¾ÈµÈ´Ù.
chown root.root passwd
chown root.shadow shadow
chmod 0644 passwd
chmod 0640 shadow
ÀÌÁ¦ systemÀ» shadowµÈ password fileÀ» °¡Áö°Ô µÇ¾ú´Ù. ´Ù¸¥ °¡»ó terminalÀ»
¶ç¿ì°í, loginÇÒ ¼ö ÀÖ´Â Áö Á¡°ËÇÏ´Â °ÍÀÌ ÁÁÀ» °ÍÀÌ´Ù.
Áö±Ý Çضó!
¾È µÅ¸é, ¹º°¡ À߸øµÈ°Å´Ù! shadowµÇÁö ¾ÊÀº »óÅ·Πµ¹¾Æ°¡±â À§Çؼ ´ÙÀ½Ã³·³ ÇÑ´Ù:
cd /etc
cp ~passwd passwd
chmod 644 passwd
±×¸®°í ³ª¼, ÀÌÀü¿¡ ÀÖ´ø Àå¼Ò·Î ¸ðµç fileÀ» µÇµ¹·Á ³õ¾Æ¾ß ÇÒ °ÍÀÌ´Ù.
password·Î Á¢±ÙÀ» ÇÊ¿ä·Î ÇÏ´Â ´ëºÎºÐ programµéÀÇ ´ëÄ¡Ç°ÀÌ shadow suite¿¡
Æ÷ÇԵǾî ÀÖ´Ù°í Çصµ, ´ëºÎºÐ system¿¡¼ password Á¢±ÙÀ» ÇÊ¿ä·Î ÇÏ´Â ´Ù¸¥
programµéÀÌ ÀÖ´Ù.
Debian ¹èÆ÷ÆÇÀ» ¾²°í ÀÖ´Ù¸é (¶Ç´Â ¾²°í ÀÖÁö ¾Ê´õ¶óµµ),
ftp://ftp.debian.org/debian/stable/source/·ÎºÎÅÍ ´Ù½Ã ¸¸µé¾î¾ß µÉ programµéÀÇ
Debian source¸¦ ¾òÀ» ¼ö ÀÖ´Ù.
ÀÌ sectionÀÇ ³ª¸ÓÁö ºÎºÐÀº adduser
, wu_ftpd
, ftpd
,
pop3d
, xlock
, xdm
, sudo
°°Àº programµéÀÌ
shadow suite¸¦ Áö¿øÇϵµ·Ï upgradeÇÏ´Â ¹ý¿¡ ´ëÇØ ´Ù·ç°í ÀÖ´Ù.
shadow suite¿¡ ´ëÇÑ Áö¿øÀ» ¾î¶»°Ô program¿¡ ³Ö´Â°¡ÇÏ´Â ¹®Á¦´Â section
C program¿¡ Shadow¸¦ Áö¿øÇϵµ·Ï µ¡ºÙÀ̱⸦ º¸¶ó
(±×¸®°í³ª¼ programÀÌ shadow fileÀ» Á¢±ÙÇÒ ¼ö ÀÖµµ·Ï SUID root³ª SGID shadow·Î
½ÇÇàÇØ¾ß µÇÁö¸¸)
Slackware ¹èÆ÷ÆÇ( ´Ù¸¥ °ÍµéÁß¿¡¼µµ)Àº /sbin/adduser
¶ó°í ºÒ¸®¿ì´Â
»ç¿ëÀÚ¸¦ Ãß°¡ÇÒ ¶§ ¾²´Â ´ëÈ½Ä programÀ» Æ÷ÇÔÇÏ°í ÀÖ´Ù. ÀÌ programÀÇ shadow
version˼
ftp://sunsite.unc.edu/pub/Linux/system/Admin/accounts/adduser.shadow-1.4.tar.gz¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Ù.
³ª´Â slackwareÀÇ adduser
´ë½Å¿¡ Shadow Suite¿¡ ÀÖ´Â programµé
(useradd
, usermod
, userdel
)À» »ç¿ëÇÒ °ÍÀ» ±ÇÇÑ´Ù.
±×µéÀ» ÀÍÈ÷´Â µ¥ ´Ù¼Ò ½Ã°£ÀÌ °É¸®Áö¸¸, ±×¸¸ÇÑ °ª¾îÄ¡¸¦ ÇÑ´Ù. ¿Ö³ÄÇÏ¸é ´ç½ÅÀº
Á»´õ ÀÚ¼¼È÷ controlÇÒ ¼ö ÀÖ°í, /etc/passwd
¿Í /etc/shadow
¿¡
¾Ë¸ÂÀº file lockingÀ» ÇàÇØÁֱ⠶§¹®ÀÌ´Ù (adduser
´Â ¾Æ´Ï´Ù).
Á¾ ´õ ÀÚ¼¼ÇÑ °É ¾Ë°í ½ÍÀ¸¸é
Shadow Suite »ç¿ëÇϱ⸦
ÂüÁ¶Çϵµ·Ï.
ÇÏÁö¸¸, °¡Áö°í ÀÖ´Ù¸é ´ÙÀ½Ã³·³ Çضó:
tar -xzvf adduser.shadow-1.4.tar.gz
cd adduser
make clean
make adduser
chmod 700 adduser
cp adduser /sbin
´ëºÎºÐ Linux systemÀº wu_ftpd
server¸¦ ¾²°í ÀÖ´Ù. ¹èÆ÷ÆÇÀ¸·ÎºÎÅÍ
shadow¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é, ´ç½ÅÀÇ wu_ftpd
´Â shadow Áö¿øÀ» Çϵµ·Ï
compileµÇÁö ¾Ê¾Ò´Ù. wu_ftpd
´Â root process·Î½á ½ÇÇàµÇ´Â
inetd/tcpd
·ÎºÎÅÍ ½ÃÀ۵ȴÙ. ¾ÆÁ÷µµ ³°Àº wu_ftpd
deamonÀ» ¾²°í
ÀÖ´Ù¸é, ±× ³ðÀº root °èÁ¤À» À§ÅÂ·Ó°Ô ÇÏ´Â bug¸¦ Áö´Ï°í Àֱ⿡ ¹«Á¶°Ç
upgrade¸¦ ÇØ¾ß µÈ´Ù (
Linux security home page¸¦ ÂüÁ¶).
´ÙÇàÈ÷ source code¸¦ °¡Á®¿Í shadow°¡ °¡´ÉÇϵµ·Ï ÀçcompileÇϱ⸸ ÇÏ¸é µÈ´Ù.
¾²°í ÀÖ´Â °ÍÀÌ ELF systemÀÌ ¾Æ´Ï¶ó¸é, wu_ftp
server´Â sunsiteÀÇ
wu-ftp-2.4-fixed.tar.gz¸¦ ¾²¸é µÈ´Ù.
ÀÏ´Ü °¡Á®¿Í¼ /usr/src
¿¡ ³õÀº µÚ:
cd /usr/src
tar -xzvf wu-ftpd-2.4-fixed.tar.gz
cd wu-ftpd-2.4-fixed
cp ./src/config/config.lnx.shadow ./src/config/config.lnx
±×·±´ÙÀ½ ./src/makefiles/Makefile.lnx
À» ¼öÁ¤ÇÑ´Ù:
LIBES = -lbsd -support
¸¦:
LIBES = -lbsd -support -lshadow
À¸·Î.
ÀÌÁ¦ script¸¦ ¸¸µé°í ¼³Ä¡Çϱâ À§ÇÑ Áغñ°¡ ³¡³µ´Ù:
cd /usr/src/wu-ftpd-2.4-fixed
/usr/src/wu-ftp-2.4.fixed/build lnx
cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old
cp ./bin/ftpd /usr/sbin/wu.ftpd
ÀÌ´Â Linux shadow ¼³Á¤ fileÀ» »ç¿ëÇؼ compileÇÏ°í server¸¦ ¼³Ä¡ÇÑ´Ù.
³» Slackware 2.3 system¿¡¼´Â build
¸¦ ½ÇÇà½ÃÅ°±â Àü¿¡ ´ÙÀ½°ú °°Àº
ÀÏÀ» ÇØ¾ß Çß´Ù:
cd /usr/include/netinet
ln -s in_systm.h in_system.h
cd -
ELF system¿¡¼ ÀÌ package¸¦ compileÇÏ´Â µ¥ ¸î°¡Áö ¹®Á¦Á¡µéÀÌ º¸°í µÇ¾úÁö¸¸,
´ÙÀ½ releaseÀÇ Beta version¿¡¼´Â Àß µÈ´Ù. ±×°ÍÀº
wu-ftp-2.4.2-beta-10.tar.gzÀÌ´Ù.
ÀÏ´Ü °¡Á®¿Í¼ /usr/src
¿¡ ³õÀº µÚ:
cd /usr/src
tar -xzvf wu-ftpd-2.4.2-beta-9.tar.gz
cd wu-ftpd-beta-9
cd ./src/config
±×·± µÚ config.lnx
¸¦ ¼öÁ¤ÇÑ´Ù:
#undef SHADOW.PASSWORD
À»:
#define SHADOW.PASSWORD
À¸·Î.
±×¸®°í
cd ../Makefiles
Makefile.lnx
¸¦ ¼öÁ¤ÇÑ´Ù:
LIBES = -lsupport -lbsd # -lshadow
¸¦:
LIBES = -lsupport -lbsd -lshadow
À¸·Î.
¸¶Áö¸·À¸·Î ¸¸µé°í ¼³Ä¡:
cd ..
build lnx
cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old
cp ./bin/ftpd /usr/sbin/wu.ftpd
´ç½ÅÀÇ wu.ftpd server°¡ ½ÇÁ¦·Î ¾îµð ÀÖ´Â Áö È®ÀÎÇϱâ À§ÇØ
/etc/inetd.conf
¸¦ Á¡°ËÇØ º¸¶ó. ¾î¶² ¹èÆ÷ÆÇ¿¡¼´Â server deamonÀ» ´Ù¸¥
Àå¼Ò¿¡ µÎ°í, ƯÈ÷ wu.ftpd´Â ´Ù¸¥ À̸§À» ÇÏ°í ÀÖ´Ù´Â ¸»ÀÌ ÀÖ´Ù.
Ç¥ÁØ ftpd
server¸¦ ¾²°í ÀÖ´Ù¸é wu_ftpd
server¸¦ ¾²µµ·Ï
±ÇÇÑ´Ù. À§¿¡¼ ¾ê±âÇÑ bug¿Ü¿¡´Â ÀϹÝÀûÀ¸·Î ´õ ¾ÈÀüÇÑ °ÍÀ¸·Î ¾Ë·ÁÁ® ÀÖ´Ù.
Ç¥ÁØÀ» °è¼Ó °í¼öÇϰųª NISÀ» Áö¿øÇÒ ÇÊ¿ä°¡ ÀÖ´Ù¸é, Sunsite¿¡
ftpd-shadow-nis.tgz°¡ ÀÖ´Ù.
POP3°¡ ÇÊ¿äÇϸé, pop3d
programÀ» ÀçcompileÇØ¾ß ÇÑ´Ù.
pop3d
´Â root
±ÇÇÑÀ¸·Î inetd/tcpd
¿¡ ÀÇÇØ ½ÇÇàµÈ´Ù.
Sunsite¿¡ µÎ°¡Áö versionÀÌ ÀÖ´Ù:
pop3d-1.00.4.linux.shadow.tar.gz
¿Í
pop3d+shadow+elf.tar.gz
µÑ ´Ù ¼³Ä¡±îÁö ¼ö¿ùÇÏ°Ô ÁøÇàµÈ´Ù.
shadow suite¸¦ ¼³Ä¡ÇÏ°í, X Windows System°ú upgradeÇÏÁö ¾Ê°í
xlock
À¸·Î screen¿¡ lockÀ» °Ç´Ù¸é, Ctrl-Atl-Fx
¸¦ ´·¯ ´Ù¸¥
tty·Î loginÇÑ µÚ xlock
process¸¦ Á׿© ÇÒ °ÍÀÌ Æ²¸²¾ø´Ù
(¶Ç´Â Ctrl-Alt-BS
·Î X server¸¦ Á×ÀÌ´ø°¡). ´ÙÇàÈ÷ xlock
programÀ» upgradeÇÏ´Â °ÍÀº ½±´Ù.
XFree86 3.x.x¸¦ ¾²°í ÀÖ´Ù¸é, ¾Æ¸¶µµ xlockmore
(lock±â´É¿¡ ÈǸ¢ÇÑ
screen-saver±îÁö ÀÖ´Â)¸¦ ¾²°í ÀÖÀ» °ÍÀÌ´Ù. ÀÌ package´Â shadow¿Í ÇÔ²²
ÀçcompileÇÒ ¼ö ÀÖµµ·Ï µÇ¾î ÀÖ´Ù. ³°Àº xlock
¸¦ ¾²°í ÀÖ´Ù¸é, ÀÌ °É·Î
upgradeÇϵµ·Ï ±ÇÇÑ´Ù.
xlockmore-3.7.tgz
´Â
ftp://sunsite.unc.edu/pub/Linux/X11/xutils/screensavers/xlockmore-3.7.tgz
¿¡ ÀÖ´Ù.
´ë°³, ÀÌ°Ô ±¸¹Ì¿¡ µü ¸ÂÀ» °ÍÀÌ´Ù.
xlockmore-3.7.tgz
À» ±¸ÇÑ ´ÙÀ½, /usr/src
¿¡ Ǭ´Ù:
tar -xzvf xlockmore-3.7.tgz
/usr/X11R6/lib/X11/config/linux.cf
fileÀÇ ´ÙÀ½ lineÀ» ¹Ù²Ù¸é µÈ´Ù:
#define HasShadowPasswd NO
¸¦ ´ÙÀ½Ã³·³
#define HasShadowPasswd YES
±×¸®°í ³ª¼ ½ÇÇà fileÀ» ¸¸µéÀÚ:
cd /usr/src/xlockmore
xmkmf
make depend
make
¸¶Áö¸·À¸·Î ¸ðµÎ Á¦ÀÚ¸®¿¡, ¹Ù¸¥ permissionÀ» Áö´Ï°Ô ÇÏ¸é ³¡ÀÌ´Ù:
cp xlock /usr/X11R6/bin/
cp XLock /var/X11R6/lib/app-defaults/
chown root.shadow /usr/X11R6/bin/xlock
chmod 2755 /usr/X11R6/bin/xlock
chown root.shadow /etc/shadow
chmod 640 /etc/shadow
ÀÌÁ¦ xlockÀº Àß µ¹¾Æ°¥ °ÍÀÌ´Ù.
xdm
´Â X-Windows»ó¿¡¼ÀÇ login screenÀ» º¸¿©ÁØ´Ù. ¾î¶² systemÀº
ƯÁ¤ level·Î °¡µµ·Ï ÁöÁ¤Çϸé xdm
À» ½Ãµ¿½ÃŲ´Ù(/etc/inittab
¸¦
º¸µµ·Ï).
Shadow Suite°¡ ¼³Ä¡µÇ¸é xdm
µµ updateµÉ ÇÊ¿ä°¡ ÀÖ´Ù.
ÀÌ´Â ¸Å¿ì ½±´Ù.
xdm.tar.gz
´Â
ftp://sunsite.unc.edu/pub/Linux/X11/xutils/xdm.tar.gz¿¡ ÀÖ´Ù.
xdm.tar.gz
¸¦ ±¸ÇÑ ´ÙÀ½, /usr/src
¿¡¼ Ǭ´Ù:
tar -xzvf xdm.tar.gz
/usr/X11R6/lib/X11/config/linux.cf
¿¡¼ ´ÙÀ½ lineÀ» °íÄ£´Ù:
#define HasShadowPasswd NO
¸¦ ´ÙÀ½Ã³·³
#define HasShadowPasswd YES
±×¸®°í ³ª¼ ½ÇÇà fileÀ» ¸¸µéÀÚ:
cd /usr/src/xdm
xmkmf
make depend
make
¸ðµç °É Á¦ÀÚ¸®·Î...:
cp xdm /usr/X11R6/bin/
xdm
Àº root ±ÇÇÑÀ¸·Î ½ÇÇàµÇ±â¿¡ permissionÀ» ¹Ù²Ü ÇÊ¿ä´Â ¾ø´Ù.
sudo
´Â ½Ã½ºÅÛ °ü¸®ÀÚ°¡ »ç¿ëÀÚ·Î ÇÏ¿©±Ý Á¤»óÀûÀ¸·Î root ±ÇÇÑÀ» °¡Áö°í
programµéÀ» ½ÇÇàÇÒ ¼ö ÀÖ°Ô Çϵµ·Ï Çã¿ëÇØÁØ´Ù. ÀÌ °ÍÀº drive¸¦ mountÇÏ´Â °Í°ú
°°Àº ÀÏÀ» »ç¿ëÀÚ°¡ ÇÒ ¼ö ÀÖµµ·Ï Çã¿ëÇÔÀ¸·Î½á, system °ü¸®ÀÚ°¡ root °èÁ¤À¸·Î
Á¢¼ÓÇÒ Çʿ並 ¾ïÁ¦ÇÒ ¼ö ÀÖ´Ù´Â ¸é¿¡¼ °£ÆíÇÏ´Ù.
sudo
´Â ½ÇÇàµÉ ¶§ »ç¿ëÀÚ password¸¦ È®ÀÎÇϱ⠶§¹®¿¡ password¸¦ ÀÐÀ»
ÇÊ¿ä°¡ ÀÖ´Ù. sudo
´Â ÀÌ¹Ì SUID root»óÅ·Πµ¿À۵DZ⿡
/etc/shadow
file¿¡ Á¢±ÙÇÏ´Â µ¥ ¹®Á¦´Â ¾ø´Ù.
shadow suite¿¡ ¸Â´Â sudo
´Â
ftp://sunsite.unc.edu/pub/Linux/system/Admin/sudo-1.2-shadow.tgz¿¡
ÀÖ´Ù.
°æ°í: sudo
¸¦ ¼³Ä¡ÇÒ ¶§, ±âÁ¸ÀÇ /etc/sudoers
´Â
±âº» ¼³Á¤À¸·Î ´ëüµÈ´Ù. ±×·¯¹Ç·Î ±âº» ¼³Á¤ÀÌ¿ÜÀÇ °ÍÀ» ¾²°í ÀÖ´Ù¸é backupÀ»
Çϱ⠹ٶõ´Ù (¶Ç´Â, Makefile¿¡¼ ±âº» ¼³Á¤ fileÀ» /etc
·Î º¹»çÇϵµ·Ï
Áö½ÃÇÏ´Â lineÀ» Á¦°ÅÇÏ¸é µÈ´Ù).
ÀÌ package´Â ÀÌ¹Ì shadow¸¦ ¾µ ¼ö ÀÖ°Ô ¼³Á¤µÇ¾î ÀÖÀ¸¹Ç·Î, ÀçcompileÇϱ⸸ Çϸé
µÈ´Ù (/usr/src
¿¡ ³Ö°í):
cd /usr/src
tar -xzvf sudo-1.2-shadow.tgz
cd sudo-1.2-shadow
make all
make install
pppd server´Â ¿©·¯°¡Áö ¹æ½ÄÀ¸·Î ÀÎÁõÇÒ ¼ö ÀÖ°Ô ¼³Á¤ÇÒ ¼ö ÀÖ´Ù:
Password Authentication Protocol (PAP)¿Í Cryptographic Handshake
Authentication Protocol (CHAP). ´ë°³ pppd server´Â
/etc/ppp/chap-secrets
¿Í/¶Ç´Â /etc/ppp/pap-secrets
¿¡ ÀÖ´Â
password¸¦ Àд´Ù. ÀÌ·± ½ÄÀ¸·Î pppd¸¦ ¾´´Ù¸é, pppd¸¦ ´Ù½Ã ¼³Ä¡ÇÒ ÇÊ¿ä°¡ ¾ø´Ù.
(¿ªÀÚÁÖ: ppp¿ë password¸¦ µû·Î µÐ´Ù´Â ¶æÀÎ µí...)
pppd´Â login parameter¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù (command lineÀÌ°Ç,
option
fileÀ̳ª ¼³Á¤À» ÅëÇؼ°Ç). login optionÀÌ ÁÖ¾îÁö¸é,
pppd´Â PAP¸¦ À§ÇØ /etc/passwd
¿¡ ÀÖ´Â username°ú password¸¦
»ç¿ëÇÒ °ÍÀÌ´Ù. ¹°·Ð ÀÌ °æ¿ì¿¡ shadowµÈ password fileÀº ¾µ¸ð¾ø´Ù.
pppd-1.2.1d¿¡¼ shadow¸¦ Áö¿øÇϵµ·Ï code¸¦ µ¡ºÙ¿©¾ß µÈ´Ù.
´ÙÀ½ section¿¡¼ pppd-1.2.1d
¿¡ shadow¸¦ Áö¿øÇϵµ·Ï ÇÏ´Â ¿¹¸¦ º¸ÀÏ
°ÍÀÌ´Ù (pppdÀÇ ¿¾ version).
pppd-2.2.0
´Â ÀÌ¹Ì shadow°¡ Áö¿øµÈ´Ù.
ÀÌ sectionÀº system¿¡ Shadow SuiteÀ» ±ò°í ³ª¼ ¾Ë°í ½ÍÀº ¸î¸î ÁÖÁ¦¸¦
´Ù·é´Ù. ´õ ÀÚ¼¼ÇÑ °ÍÀº °¢ ¸í·ÉÀÇ manual page¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.
Shadow Suite´Â »ç¿ëÀÚ °èÁ¤À» °ü¸®ÇÏ´Â, ´ÙÀ½°ú °°Àº ¸í·ÉµéÀ»
Ãß°¡Çß´Ù. ÀÌ¹Ì adduser
programÀº ±×Àü¿¡ ¼³Ä¡µÇ¾î ÀÖ¾úÀ» °ÍÀÌ´Ù.
useradd
useradd
¸í·ÉÀº »ç¿ëÀÚ¸¦ Ãß°¡ÇÑ´Ù. ¶ÇÇÑ, ±âº» ¼³Á¤À» ¹Ù²Ù±â À§ÇØ
ÀÌ ¸í·ÉÀ» ½ÇÇàÇÒ ¼ö ÀÖ´Ù.
óÀ½ ÇØ¾ß ÇÒ ÀÏÀº ±âº» ¼³Á¤À» È®ÀÎÇÏ°í, system¿¡ ¸Â°Ô °íÄ¡´Â °ÍÀÌ´Ù:
useradd -D
GROUP=1
HOME=/home
INACTIVE=0
EXPIRE=0
SHELL=
SKEL=/etc/skel
±âº» ¼³Á¤Ä¡´Â ¾Æ¸¶ ¸¾¿¡ µéÁö ¾ÊÀ» °ÍÀÌ´Ù. µû¶ó¼ Áö±Ý »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ·Á¸é,
°¢°¢ »ç¿ëÀÚ¿¡°Ô °øÅëµÇ´Â ¸ðµç Á¤º¸¸¦ Á¤ÇØ¾ß ÇÑ´Ù. ¾î·µç ¿ì¸®´Â ±âº» ¼³Á¤Ä¡¸¦
¹Ù²Ù°í µ¡ºÙÀÏ°Å´Ù.
³» system¿¡¼´Â:
- ±âº» groupÀº 100ÀÌ´Ù.
- password´Â 60Àϸ¶´Ù Çѹø¾¿ ¹Ù²Û´Ù.
- password°¡ Ãë¼ÒµÉ ¼ö ÀÖÀ¸¹Ç·Î °èÁ¤ÀÌ °íÁ¤µÇÁö ¾Ê±â¸¦ ¹Ù¶õ´Ù.
- ±âº» shellÀº
/bin/bash
ÀÌ´Ù.
ÀÌ·¸°Ô ¹Ù²Ù±â À§Çؼ:
useradd -D -g100 -e60 -f0 -s/bin/bash
ÀÌÁ¦ useradd -D
¸¦ Ä¡¸é:
GROUP=100
HOME=/home
INACTIVE=0
EXPIRE=60
SHELL=/bin/bash
SKEL=/etc/skel
ÀÌ·¯ÇÑ ±âº»Ä¡µéÀº /etc/default/useradd
¿¡ ÀúÀåµÈ´Ù.
ÀÌÁ¦ useradd
¸¦ ½á¼ system¿¡ »ç¿ëÀÚ¸¦ Ãß°¡ÇÒ ¼ö ÀÖ´Ù. ¿¹¸¦ µé¾î,
fred
¶ó´Â »ç¿ëÀÚ¸¦ ±âº»Ä¡¸¸ Àû¿ëÇؼ Ãß°¡ÇÑ´Ù¸é:
useradd -m -c "Fred Flintstone" fred
/etc/passwd
file¿¡ ´ÙÀ½°ú °°Àº ¸íºÎ(?)°¡ »ý¼ºµÈ´Ù:
fred:*:505:100:Fred Flintstone:/home/fred:/bin/bash
±×¸®°í,
/etc/shadow
file¿¡´Â:
fred:!:0:0:60:0:0:0:0
fred
ÀÇ home directory°¡ ¸¸µé¾îÁö°í,
-m
switch°¡ ¾²¿´À¸¹Ç·Î
/etc/skel
Àüü°¡ ±× °÷À¸·Î º¹»çµÈ´Ù.
¶ÇÇÑ, Ưº°È÷ UID¸¦ ÁöÁ¤ÇÏÁö ¾Ê¾ÒÀ¸·Î, ÀÌ¹Ì »ç¿ëµÈ UID ´ÙÀ½ °ÍÀÌ ¾²¿´´Ù.
fred
ÀÇ °èÁ¤ÀÌ »ý°åÀ¸³ª, ¿ì¸®°¡ °èÁ¤À» Ç®¾îÁÖ±â Àü±îÁö´Â
fred
´Â loginÇÒ ¼ö ¾ø´Ù. °èÁ¤À» Ç®¾îÁÖ±â À§Çؼ´Â password¸¦ ¹Ù²Ù¾î
ÁÖ¾î¾ß ÇÑ´Ù.
passwd fred
Changing password for fred
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
New Password: *******
Re-enter new password: *******
ÀÌÁ¦
/etc/shadow
´Â ´ÙÀ½°ú °°À» °ÍÀÌ´Ù:
fred:J0C.WDR1amIt6:9559:0:60:0:0:0:0
±×¸®°í,
fred
´Â loginÇؼ systemÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù.
Shadow Suite¿¡ ÀÖ´Â ´Ù¸¥ programµé°ú °°ÀÌ
useradd
°¡ ÁÁÀº Á¡Àº
/etc/passwd
¿Í
/etc/shadow
fileÀÇ ³»¿ëÀ» ¹Ù²Ü ¶§ ¹æÇعÞÁö
¾Ê´Â´Ù´Â Á¡ÀÌ´Ù. µû¶ó¼ µ¿½Ã¿¡ ´ç½ÅÀº »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ°í, ´Ù¸¥ ÀÌ¿ëÀÚ´Â
ÀÚ½ÅÀÇ password¸¦ ¹Ù²Û´ÙÇصµ, µÑ ´Ù Á¦´ë·Î ÀÌÇàµÈ´Ù.
(¿ªÀÚÁÖ: mutex lock, race condition°°Àº °É »ý°¢ÇÏ¸é µÉ °Í°°½À´Ï´Ù.)
/etc/passwd
, /etc/shadow
¸¦ Á÷Á¢ ÆíÁýÇÏ´Â °Íº¸´Ù
ÀÌ·± ¸í·ÉÀ» ¾²´Â °ÍÀÌ ´õ ÁÁ´Ù. ¸¸ÀÏ ´ç½ÅÀÌ /etc/shadow
fileÀ» ÆíÁýÇÏ°í
ÀÖ°í, ±× ¿ÍÁß¿¡ ÇÑ »ç¿ëÀÚ°¡ password¸¦ ¹Ù²Ù°í, ±×¸®°í³ª¼ ´ç½ÅÀÌ ÆíÁýÀ»
³¡³»°í ÀúÀåÇϸé, ±× »ç¿ëÀÚ°¡ ÇÑ ÀÏÀ» ÀÒ¾î¹ö¸®°Ô µÈ´Ù.
¿©±â¿¡ useradd
¿Í passwd
¸¦ »ç¿ëÇÑ °£´ÜÇÑ ´ëÈÇü script°¡ ÀÖ´Ù:
#!/bin/bash
#
# /sbin/newuser - Shadow SuiteÀÇ useradd¿Í passwd ¸í·ÉÀ» ÀÌ¿ëÇؼ
# »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ´Â script
#
# Linux Shadow Password HowtoÀÇ ¿¹Á¦·Î½á Mike Jackson <mhjack@tscnet.com>¿¡
# ÀÇÇØ ÀÛ¼ºµÆÀ½. »ç¿ë°ú ¼öÁ¤À» Ưº°È÷ Çã°¡ÇÔ.
#
# ÀÌ °ÍÀº SlackwareÀÇ Adduser programó·³ ±âº»Ä¡¸¦ º¸¿©ÁÖ°í, ¼öÁ¤ÇÒ ¼ö ÀÖµµ·Ï
# ¹Ù²Ü ¼ö ÀÖ¾ú´Ù. ¶ÇÇÑ ¸ÛûÇÑ ÀÔ·ÂÀ» °ÅºÎÇϵµ·Ï ¹Ù²ð ¼ö ÀÖ¾ú´Ù.
# (Áï, ´õ ³ªÀº ¿À·ù °Ë»çµî...)
#
##
# useradd ¸í·ÉÀÇ ±âº» ¼³Á¤Ä¡µé
##
GROUP=100 # 񃧯 Group
HOME=/home # Home directory À§Ä¡ (/home/username)
SKEL=/etc/skel # Skeleton(°øÅëÀûÀÎ ³»¿ëÀ» Áö´Ñ fileµé?) Directory
INACTIVE=0 # password°¡ ±âÇÑÀÌ Áö³ µÚ »ç¿ëÀÚ °èÁ¤ÀÌ ¹«È¿°¡
# µÇ±â±îÁöÀÇ ±â°£ (0=±×·¸°Ô ÇÏ°í ½ÍÁö ¾ÊÀ½)
EXPIRE=60 # password À¯È¿±â°£
SHELL=/bin/bash # 񃧯 Shell (full path)
##
# passwd ¸í·ÉÀÇ ±âº» ¼³Á¤Ä¡µé
##
PASSMIN=0 # password¸¦ ¹Ù²Û´ÙÀ½ ¶Ç ¹Ù²Ù±â À§ÇÑ À¯¿¹±â°£
PASSWARN=14 # passwordÀÇ ±âÇÑÀÌ Áö³ª±âÀü¿¡ °æ°íÇÏ´Â ±â°£
##
# script¸¦ ½ÇÇàÇÏ´Â »ç¿ëÀÚ°¡ rootÀÎÁö È®ÀÎ
##
WHOAMI=`/usr/bin/whoami`
if [ $WHOAMI != "root" ]; then
echo "You must be root to add news users!"
exit 1
fi
##
# »ç¿ëÀÚ ID(username)¿Í ½ÇÁ¦ À̸§(Full name) ¹¯±â
##
echo ""
echo -n "Username: "
read USERNAME
echo -n "Full name: "
read FULLNAME
#
echo "Adding user: $USERNAME."
#
# $FULLNAME ÁÖº¯¿¡ ""°¡ ÇÊ¿äÇÏ´Ù´Â °Í¿¡ ÁÖÀÇÇÒ °Í. ÀÌÀ¯´Â ÀÌ field´Â
# ¹Ýµå½Ã °ø¶õÀÌ»óÀÇ ¹«¾ùÀΰ¡¸¦ Æ÷ÇÔÇϸç, "¸¦ ¾øÀÌ useradd command¸¦
# ½ÇÇà½ÃŲ´Ù¸é, ´ÙÀ½¿¡ À̾îÁö´Â parameterµéµµ ±× field¿¡ ÀϺκÐÀ¸·Î
# ÀνĵȴÙ.
#
/usr/sbin/useradd -c"$FULLNAME" -d$HOME/$USERNAME -e$EXPIRE \
-f$INACTIVE -g$GROUP -m -k$SKEL -s$SHELL $USERNAME
##
# password¿¡ ´ëÇÑ ±âº» ¼³Á¤Ä¡¸¦ Á¤ÇÑ´Ù.
##
/bin/passwd -n $PASSMIN -w $PASSWARN $USERNAME >/dev/null 2>&1
##
# passwd¸¦ ½ÇÇà½ÃÄÑ password¸¦ ÀԷ¹޴´Ù.
##
/bin/passwd $USERNAME
##
# °á°ú¸¦ º¸¿©ÁÜ.
##
echo ""
echo "Entry from /etc/passwd:"
echo -n " "
grep "$USERNAME:" /etc/passwd
echo "Entry from /etc/shadow:"
echo -n " "
grep "$USERNAME:" /etc/shadow
echo "Summary output of the passwd command:"
echo -n " "
passwd -S $USERNAME
echo ""
»õ·Î¿î »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ´Â µ¥ script¸¦ ¾²´Â °ÍÀº /etc/passwd
¿Í
/etc/shadow
¸¦ Á÷Á¢ ÆíÁýÇÏ´Â °Å³ª SlackwareÀÇ adduser
¸¦ ¾²´Â
°Íº¸´Ù ÈÎ ³´´Ù. ´ç½ÅÀÇ Æ¯º°ÇÑ system¿¡ ¾Ë¸Â·Î·Ï ÀÚÀ¯·Ó°Ô °íÄ¡±â ¹Ù¶õ´Ù.
useradd
¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¸¦ º¸½Ã±æ...
usermod
usermod
´Â »ç¿ëÀÚ¿¡ ´ëÇÑ Á¤º¸¸¦ °íÄ£´Ù. optionÀº useradd
¿Í
ºñ½ÁÇÏ´Ù.
¾ÕÀÇ fred
ÀÇ shellÀ» ¹Ù²Ù°í ½ÍÀ¸¸é, ´ÙÀ½°ú °°ÀÌ ÀÔ·ÂÇÑ´Ù:
usermod -s /bin/tcsh fred
ÀÌÁ¦
fred
ÀÇ
/etc/passwd
file¿¡ ÀÖ´Â ³»¿ëÀº ´ÙÀ½Ã³·³ ¹Ù²î¾î
ÀÖ´Ù:
fred:*:505:100:Fred Flintstone:/home/fred:/bin/tcsh
À̹ø¿¡´Â
fred
ÀÇ °èÁ¤ÀÌ 97³â 9¿ù 15ÀϱîÁö¸¸ ¾²µµ·Ï ÇÏÀÚ:
usermod -e 09/15/97 fred
±×·¯¸é
fred
ÀÇ
/etc/shadow
file¿¡ ÀÖ´Â ³»¿ëÀº:
fred:J0C.WDR1amIt6:9559:0:60:0:0:10119:0
usermod
¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¸¦...
userdel
userdel
´Â Á¤È®È÷ ´ç½ÅÀÌ ¿øÇÑ °Í - »ç¿ëÀÚ °èÁ¤ Á×À̱â - ¸¦ ÇØÄ¡¿î´Ù.
userdel -r username
¶ó°í Ä¡¸é µÈ´Ù.
-r
Àº »ç¿ëÀÚÀÇ home directory¿¡ ÀÖ´Â ¸ðµç fileµé°ú
ÇÔ²² directory ÀÚü¸¦ Áö¿î´Ù. ´Ù¸¥ °÷¿¡ ÀÖ´Â fileµéÀº ÀÏÀÏÀÌ Ã£¾Æ¼ Áö¿ö¾ß
ÇÑ´Ù.
»èÁ¦º¸´Ù °èÁ¤À» ¾²Áö ¸øÇÏ°Ô ÇÒ °Å¶ó¸é, passwd
¸í·ÉÀ» ¾²±â ¹Ù¶õ´Ù.
passwd
´Â ¸» ±×´ë·Î password¸¦ ¹Ù²Ù´Â µ¥ »ç¿ëµÈ´Ù.
´õ¿ì±â, root´Â ´ÙÀ½°ú °°Àº ÀÏÀ» ÇÒ ¼ö ÀÖ´Ù:
- °èÁ¤ Àá±Ý(lock)°ú Ç®¸²(unlock)(
-l
¿Í -u
)
- password À¯È¿±â°£(
-x
)
- password¸¦ ´Ù½Ã ¹Ù²Ù±â À§ÇØ ±â´Ù·Á¾ß ÇÏ´Â ±â°£(
-n
)
- password À¯È¿±â°£ ¸¸·áÀÓÀ» ¾Ë¸®´Â °æ°í´Â ¸îÀÏÀü¿¡ ÇÒ °ÍÀΰ¡(
-w
)
- password À¯È¿±â°£ÀÌ Áö³ µÚ °èÁ¤À» Àá±×±â(lock)Çϱâ±îÁöÀÇ ±â°£(
-i
)
- °èÁ¤¿¡ ´ëÇÑ Á¤º¸¸¦ ´õ ÀÚ¼¼È÷ º¸´Â °ÍÀ» Çã¿ëÇÔ(
-S
)
´Ù½Ã fred
ÀÇ ¿¹·Î µ¹¾Æ°¡¸é
passwd -S fred
fred P 03/04/96 0 60 0 0
ÀÌ°ÍÀº
fred
ÀÇ password°¡ À¯È¿ÇÏ°í, 96³â 3¿ù 4ÀÏ¿¡ ¸¶Áö¸·À¸·Î ¹Ù²Ù¾ú°í,
¾ðÁ¦µçÁö ¹Ù²Ü ¼ö ÀÖ´Ù. ±×¸®°í, 60Àϵ¿¾È password¸¦ ¹Ù²ÙÁö ¾ÊÀ¸¸é ±×ÈÄ¿¡´Â
¸ø¾²°í, ±× ÀÌÀü¿¡ fred´Â ¾Æ¹«·± °æ°í¸¦ ¹ÞÁö ¾ÊÀ» °ÍÀ̸ç,
password¸¦ ¸ø¾²´õ¶óµµ °èÁ¤Àº À¯È¿ÇÏ´Ù.
Áï, fred
ÀÇ password°¡ ¹«È¿°¡ µÈ µÚ µé¾î¿À¸é, »õ·Î¿î password¸¦
ÀçÃ˹ÞÀ» °ÍÀÌ´Ù.
fred
¿¡°Ô password°¡ Ãë¼ÒµÇ±â 14ÀÏÀü¿¡ °æ°í¸¦ ÇÏ°í, Ãë¼ÒµÈ µÚ 14ÀÏÈÄ
±×ÀÇ °èÁ¤À» µ¿°á½ÃÅ°·Á¸é:
passwd -w14 -i14 fred
±×·¯¸é ´ÙÀ½Ã³·³
fred
¿¡ ´ëÇÑ ³»¿ëÀÌ ¹Ù²ï´Ù:
fred P 03/04/96 0 60 14 14
passwd
¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¿¡...
/etc/login
ÆÄÀÏ(file)Àº login
ÇÁ·Î±×·¥(program) »Ó¸¸ ¾Æ´Ï¶ó ÀüüÀûÀÎ(as a whole)
Shadow Suite¿¡ ´ëÇÑ ¼³Á¤ ÆÄÀÏÀÌ´Ù.
/etc/login
Àº promptµéÀÌ ¾î¶² ¸ð½ÀÀ» ÇÏ°í ÀÖ´Â °¡ºÎÅÍ »ç¿ëÀÚ°¡ password¸¦
¹Ù²Ù¸é ±âº» À¯È¿±â°£Àº ¾î¶»°Ô µÉ °ÍÀΰ¡¿¡ ´ëÇÑ ¼³Á¤±îÁö ´ã°í ÀÖ´Ù.
/etc/login.defs
ÆÄÀÏÀº ³»ºÎ¿¡ ÀÖ´Â ¼ö¸¹Àº commentµé·Î ¸Å¿ì Àß ¹®¼ÈµÇ¾î
ÀÖ´Ù. ±×·¯³ª, ÀÌ ÆÄÀÏÀº ´ÙÀ½°ú °°Àº ÁÖÀÇÇÒ ¸î °¡Áö °ÍµéÀ» ´ã°í ÀÖ´Ù:
- ¹ß»ýÇÏ´Â logÀÇ ¾ç(?)À» °áÁ¤ÇÏ´Â on/off¹æ½ÄÀÇ flagµé.
- ´Ù¸¥ ¼³Á¤ ÆÄÀϵé(files)À» °¡¸®Å°´Â pointerµé.
- password À¯È¿±â°£ ¼³Á¤°°Àº ±âº» ¼³Á¤Ä¡µé(assignments).
À§¿¡¼ º¸µí ÀÌ ³ðÀº »ó´çÈ÷ Áß¿äÇÑ ÆÄÀÏÀÌ´Ù. µû¶ó¼, Áö±Ý ÀÖ´ÂÁö È®ÀÎÇÏ°í, ¼³Á¤µéÀÌ
system°ú ´ç½Å ÃëÇâ¿¡ ¸Â´Â Áö Á¡°ËÇÒ °Í.
/etc/groups
fileÀº »ç¿ëÀÚ°¡ ƯÁ¤ groupÀÇ È¸¿øÀÌ µÉ ¼ö ÀÖµµ·Ï Çã¿ëÇÏ´Â
password¸¦ ´ã°í ÀÖ´Ù. ÀÌ ±â´ÉÀº /usr/src/shadow-YYMMDD/config.h
ÀÇ
SHADOWGRP
»ó¼ö¸¦ Á¤ÀÇÇÒ °æ¿ì ÀÛµ¿µÈ´Ù.
¸¸ÀÏ ÀÌ ±â´ÉÀ» ¾´´Ù¸é, /etc/gshadow
fileÀ» ¸¸µé¾î, group password¿Í
group °ü¸®ÀÚ¿¡ ´ëÇÑ Á¤º¸¸¦ ´ãÀ» ¼ö ÀÖµµ·Ï Ç϶ó.
/etc/shadow
¸¦ ¸¸µé ¶§, ´ç½ÅÀº pwconv
¸¦ ½èÁö¸¸,
/etc/gshadow
¸¦ ¸¸µå´Â µ¥¿¡´Â ±×·± programÀÌ ¾ø´Ù.
ÇÏÁö¸¸ °ÆÁ¤¸»¶ó. ¾Ë¾Æ¼ Çϴϱî.
óÀ½ /etc/gshadow
¸¦ ¸¸µé±â À§Çؼ ´ÙÀ½Ã³·³ Çضó:
touch /etc/gshadow
chown root.root /etc/gshadow
chmod 700 /etc/gshadow
´ç½ÅÀÌ »õ·Î¿î groupÀ» ¸¸µç´Ù¸é, ÀÚµ¿ÀûÀ¸·Î /etc/group
¿Í
/etc/gshadow
file¿¡ ±×µéÀÌ µ¡ºÙ¿©Áø´Ù. group¿¡ »ç¿ëÀÚ¸¦ Ãß°¡Çϰųª
»èÁ¦, ¶Ç´Â group password¸¦ ¹Ù²Ù¸é, /etc/gshadow
fileÀº µû¶ó¼ ¹Ù²ð
°ÍÀÌ´Ù.
groups
, groupadd
, groupmod
, groupdel
programÀÌ groupÀ» °íÄ¡´Â µµ±¸·Î½á Shadow Suite¿¡ Æ÷ÇÔµÇ¾î °ø±ÞµÈ´Ù.
/etc/group
fileÀÇ Çü½ÄÀº ´ÙÀ½°ú °°´Ù:
groupname:!:GID:member,member,...
°¢ ¿ä¼Ò´Â:
groupname
-
group À̸§
!
-
ÀÌ field´Â password¶õÀÌÁö¸¸ /etc/gshadow
file·Î ¿Å°ÜÁ³´Ù.
GID
-
group ID number
member
-
group memberÀÇ list
ÀÌ´Ù.
/etc/gshadow
file ÀÇ Çü½ÄÀº ´ÙÀ½°ú °°´Ù:
groupname:password:admin,admin,...:member,member,...
°¢ ¿ä¼Ò´Â:
groupname
-
group À̸§
password
-
encodeµÈ group password.
admin
-
group °ü¸®ÀÚ list
member
-
group member list
ÀÌ´Ù.
gpasswd
¸í·ÉÀº groupÀÇ »ç¿ëÀÚ³ª °ü¸®ÀÚ¸¦ Ãß°¡, ¶Ç´Â »èÁ¦ÇÒ ¶§ ¾´´Ù.
root
¶Ç´Â °ü¸®ÀÚ¸¸ÀÌ group member¸¦ Ãß°¡, »èÁ¦ÇÒ ¼ö ÀÖ´Ù.
group password´Â root³ª group °ü¸®ÀÚ¿¡ ÀÇÇØ passwd
¸í·ÉÀ¸·Î
¹Ù²Ü ¼ö ÀÖ´Ù.
gpasswd
¿¡ ´ëÇÑ manual page°¡ ÇöÀç Á¦°øµÇ¾î ÀÖÁö ¾ÊÁö¸¸, ¾Æ¹«·±
parameter¾øÀÌ gpasswd
¸¦ Ä¡¸é option¿¡ ´ëÇÑ list°¡ ³ª¿À¹Ç·Î,
file format°ú °³³ä¸¸ Àß ÀÌÇØÇÏ¸é »ç¿ë¹ýÀ» ½±°Ô ÀÍÈú ¼ö ÀÖ´Ù.
pwck
pwck
program˼ /etc/passwd
¿Í /etc/shadow
file°£¿¡
Ʋ¸° Á¡ÀÌ ¾ø´Â Áö Á¡°ËÇÑ´Ù. ÀÌ °ÍÀº °¢°¢ »ç¿ëÀÚ¿¡ ´ëÇØ ´ÙÀ½°ú °°Àº »çÇ×À»
Á¡°ËÇÑ´Ù:
- fieldÀÇ °¹¼ö´Â ¸Â´Â°¡
- »ç¿ëÀÚ À̸§Àº À¯ÀÏÇÑ°¡
- »ç¿ëÀÚ¿Í group id
- 񃧯 group
- home directory
- login shell
¶ÇÇÑ, password°¡ ¾ø´Â °èÁ¤¿¡ ´ëÇØ °æ°í¸¦ ÁØ´Ù.
Shadow SuiteÀ» ±ñ µÚ, pwck
¸¦ ½ÇÇà½ÃÅ°´Â °ÍÀº ÁÁÀº »ý°¢ÀÌ´Ù.
ÁÖ³ª ¿ù´ÜÀ§µî ÁÖ±âÀûÀ¸·Î ½ÇÇà½ÃÅ°±â¸¦ ±ÇÇÑ´Ù. -r
optionÀ» ¾´´Ù¸é,
cron
À¸·Î ÇÏ¿©±Ý Á¤±âÀûÀ¸·Î ½ÇÇàÇÏ°í °á°ú¸¦ º¸°íÇϵµ·Ï ÇÒ ¼ö ÀÖ´Ù.
grpck
grpck
program˼ /etc/group
¿Í /etc/gshadow
file°£¿¡
Ʋ¸° Á¡ÀÌ ¾ø´Â Áö Á¡°ËÇÑ´Ù. ÀÌ°ÍÀº ´ÙÀ½°ú °°Àº »çÇ×À» Á¡°ËÇÑ´Ù:
- fieldÀÇ °¹¼ö´Â ¸Â´Â°¡
- »ç¿ëÀÚ À̸§Àº À¯ÀÏÇÑ°¡
- »ç¿ëÀÚ¿Í °ü¸®ÀÚÀÇ list°¡ ¸Â´Â°¡
ÀÚµ¿ º¸°í¼¸¦ À§ÇØ -r
optionÀÌ ÀÖ´Ù.
Dial-up password´Â ÀüÈÁ¢¼ÓÀ» Çã¿ëÇÏ´Â system¿¡°Ô´Â ¶Ç ÇϳªÀÇ ¹æ¾î¼±ÀÌ´Ù.
´ç½ÅÀº Á÷Á¢À̵ç network¸¦ ÅëÇؼ°Ç ¸¹Àº »ç¶÷µéÀÌ system¿¡ Á¢¼ÓÇÏ°Ô ÇÒ ¼ö
ÀÖÁö¸¸, ÀüÈÁ¢¼ÓÀ» ÇÒ ¼ö ÀÖ´Â »ç¶÷À» Á¦ÇÑÇÏ°í ½Í´Ù¸é, dial-up password´Â
ÁÁÀº ÇØ°áÃ¥ÀÌ´Ù. dial-up password¸¦ ¾²°í ½Í´Ù¸é, /etc/login.defs
ÀÇ
DIALUPS_CHECK_ENAB
¸¦ yes
·Î ¹Ù²Ù¸é µÈ´Ù.
µÎ fileÀÌ ÀüÈÁ¢¼Ó¿¡ ´ëÇÑ Á¤º¸¸¦ ´ã°í ÀÖ´Ù. /etc/dialups
´Â ttys¿¡
´ëÇÑ ³»¿ëÀÌ´Ù ("/dev/"´Â Á¦°ÅµÈ ä·Î line´ç Çϳª¾¿). tty°¡ list¿¡ ¿Ã¶ó¿ÍÀÖ´Ù¸é
dial-up °Ë»ç°¡ ¼öÇàµÈ´Ù(?).
µÎ¹ø°´Â /etc/d_passwd
ÀÌ´Ù. ÀÌ file¿¡´Â password¿Í
shellÀÇ ¿ÏÀüÇÑ pathnameÀÌ µé¾î ÀÖ´Ù.
tty¸¦ ÅëÇؼ logÇÏ´Â »ç¿ëÀÚ°¡ /etc/dialups
¿¡, ±×ÀÇ shellÀÌ
/etc/d_passwd
¿¡ ÀÖ´Ù¸é, ±×´Â Á¦´ë·Î password¸¸ ÀÔ·ÂÇÏ¸é µÈ´Ù.
dial-up passwordÀÇ ¶Ç ´Ù¸¥ ÀÌ¿ë¹ý´Â ÇÑ line¿¡ ¾î¶² Á¢¼Ó À¯Çü(´ë°³ PPP³ª
UUCP Á¢¼Ó)À» Çã¿ëÇÒ °ÍÀΰ¡¸¦ Á¤ÇÏ´Â °ÍÀÌ´Ù. »ç¿ëÀÚ°¡ ´Ù¸¥ À¯ÇüÀÇ Á¢¼Ó(ƯÈ÷,
ÀÏ·ÃÀÇ shell·Î½á)À» ½ÃµµÇÏ°íÀÚ ÇÑ´Ù¸é, lineÀ» »ç¿ëÇÒ ¼ö ÀÖ´Â password¸¦ ¾Ë°í
ÀÖ¾î¾ß ÇÑ´Ù.
dial-up ±â´ÉÀ» »ç¿ëÇϱâ Àü¿¡, fileµéÀ» ¸¸µé¾î¾ß ÇÑ´Ù.
dpasswd
¸í·ÉÀº password¿Í /etc/d_passwd
¿¡ ÀÖ´Â shellÀ»
¿¬°áÇØÁØ´Ù. ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¿¡...
C program¿¡ Shadow¸¦ Áö¿øÇϵµ·Ï µ¡ºÙÀÌ´Â °ÍÀº ½ÇÁ¦ÀûÀ¸·Î ¸Å¿ì °£´ÜÇÏ´Ù. ´ÜÁö
¹®Á¦´Â /etc/shadow
file¿¡ Á¢±ÙÇϱâ À§Çؼ´Â programÀÌ root(¶Ç´Â SUID
root)·Î ½ÇÇàµÇ¾î¾ß ÇÑ´Ù´Â °ÍÀÌ´Ù.
ÀÌ °ÍÀº Ä¿´Ù¶õ ¹®Á¦ Çϳª¸¦ ¿ì¸®¿¡°Ô °¿äÇÑ´Ù: SUID programÀ» ¸¸µé ¶§,
¸Å¿ì Á¶½É½º·´°Ô programmingÇÏ´Â ½À°üÀÌ µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù. ¿¹¸¦ µé¾î, programÀÌ
shell Å»Ãâ±â´ÉÀ» °¡Áö°í ÀÖ°í ÀÌ programÀÌ SUID root¶ó¸é, ÀÌ ±â´ÉÀÌ root ±ÇÇÑÀ»
Á־ ¾ÈµÈ´Ù.
password¸¦ °Ë»çÇØ ÇÒ ¼ö ÀÖÁö¸¸ ´Ù¸¥ °æ¿ì´Â root±ÇÇÑÀ¸·Î ½ÇÇàÇÒ ÇÊ¿ä°¡ ¾ø´Â
program¿¡ shadow Áö¿ø ±â´ÉÀ» µ¡ºÙÀÓÀ¸·Î½á, SUID programº¸´Ù ÈξÀ ¾ÈÀüÇÑ
programÀ» ¸¸µé ¼ö ÀÖ°Ô ÇÑ´Ù. xlock
programÀÌ ±× ÇÑ ¿¹ÀÌ´Ù.
¾Æ·¡ ¿¹¿¡¼, pppd-1.2.1d
´Â ÀÌ¹Ì SUID root·Î ½ÇÇàÇÏ°í ÀÖÀ¸¹Ç·Î,
shadow Áö¿ø ±â´ÉÀ» µ¡ºÙÀÌ´Â °ÍÀº programÀÌ ´õ Ãë¾àÇÏ°Ô ¸¸µéÁö ¾ÊÀ» °ÍÀÌ´Ù.
header fileµéÀº /usr/include/shadow
¿¡ ÀÖ´Ù.
¶ÇÇÑ, /usr/include/shadow.h
µµ ÀÖ´Ù. ±×·¯³ª, ÀÌ°ÍÀº
/usr/include/shadow/shadow.h
¿¡ ´ëÇÑ symbolic linkÀÏ °ÍÀÌ´Ù.
shadow Áö¿ø ±â´ÉÀ» Ãß°¡Çϱâ À§ÇØ, header fileÀ» ³ÖÀÚ:
#include <shadow/shadow.h>
#include <shadow/pwauth.h>
shadow code¸¦ »óȲ¿¡ µû¶ó compileÇϵµ·Ï compiler directive(Áö½ÃÀÚ)¸¦ ¾²´Â °ÍÀº
Á¾Àº ¹æ¹ýÀÌ´Ù (¾Æ·¡ ¿¹¿¡¼ º¸µµ·Ï).
Shadow SuiteÀ» ¼³Ä¡ÇÒ ¶§, libshadow.a
file˼
/usr/lib
¿¡ ³õÀδÙ.
shadow Áö¿ø±â´ÉÀ» program¿¡ ³ÖÀ»·Á¸é, linker¿¡°Ô libshadow.a
¸¦
°°ÀÌ linkÇϵµ·Ï Áö½ÃÇØÁÖ¾î¾ß ÇÑ´Ù.
´ÙÀ½Ã³·³:
gcc program.c -o program -lshadow
¾î·µç, ¾Æ·¡ ¿¹¿¡¼ º¸´Ù½ÃÇÇ, ´ëºÎºÐ °Å´ëÇÑ programµéÀº Makefile
À»
»ç¿ëÇÏ°í, ¿ì¸®°¡ °íÄ¥ LIBS=...
¶ó´Â º¯¼ö¸¦ ´ë°³ ¾´´Ù.
libshadow.a
library´Â /etc/shadow
file·ÎºÎÅÍ ¾ò´Â Á¤º¸¸¦
spwd
¶ó´Â ±¸Á¶Ã¼¿¡ ´ã´Â´Ù. spwd
±¸Á¶Ã¼¿¡ ´ëÇÑ Á¤ÀÇ´Â
/usr/include/shadow/shadow.h
file¿¡ ÀÖ´Ù:
struct spwd
{
char *sp_namp; /* »ç¿ëÀÚ À̸§ */
char *sp_pwdp; /* encryptµÈ password */
sptime sp_lstchg; /* ÃÖ±Ù data ¼öÁ¤ÀÏ */
sptime sp_min; /* ¼öÁ¤ÀÛ¾÷°£ÀÇ ÃÖ¼Ò ³¯Â¥(°á±¹ Çѹø ¼öÁ¤ÇÑ
´ÙÀ½ ¾ðÁ¦ ¼öÁ¤ÀÌ °¡´ÉÇÑ°¡¿¡ ´ëÇÑ ´ë´ä) */
sptime sp_max; /* ¼öÁ¤ÀÛ¾÷°£ÀÇ ÃÖ´ë ³¯Â¥(password À¯È¿±â°£) */
sptime sp_warn; /* password°¡ ¹«È¿°¡ µÇ±â Àü °æ°íÇÏ´Â ±â°£ */
sptime sp_inact; /* password°¡ ¹«È¿µÈ µÚ, °èÁ¤ÀÌ »ç¿ëºÒ´ÉÀÌ
µÉ ¶§±îÁöÀÇ ±â°£. */
sptime sp_expire; /* ³¯Â¥(°èÁ¤»ç¿ëºÒ´É - 1/1/70) */
unsigned long sp_flag; /* ³ªÁßÀ» À§ÇØ ºñ¿öµÒ */
};
Shadow Suite´Â sp_pwdp
field¿¡ encodeµÈ passwd¿Í ÇÔ²² ´Ù¸¥ °É
³ÖÀ» ¼ö ÀÖ´Ù. password field´Â ´ÙÀ½Ã³·³ µÉ ¼ö ÀÖ´Ù:
username:Npge08pfz4wuk;@/sbin/extra:9479:0:10000::::
ÀÌ´Â password¿¡ µ¡ºÙ¿©, /sbin/extra
programÀÌ ´õ ½ÉÈµÈ ÀÎÁõÀ» À§ÇØ
È£ÃâµÈ´Ù´Â °ÍÀ» ÀǹÌÇÑ´Ù. È£ÃâµÇ´Â programÀº username, È£ÃâÀÌÀ¯¸¦ ¾Ë·ÁÁÖ´Â
switch¸¦ ¹ÞÀ» ¼ö ÀÖ¾î¾ß µÉ °ÍÀÌ´Ù. ÀÚ¼¼ÇÑ °É ¾Ë°í ½Í´Ù¸é,
/usr/include/shadow/pwauth.h
¿Í pwauth.c
¸¦ º¸±â ¹Ù¶õ´Ù.
ÀÌ°ÍÀÌ ÀǵµÇÏ´Â ¹Ù´Â -µÎ¹ø »ç¿ëÀÚ È®ÀÎÇÏ´Â µ¥ »ç¿ëÇÒ ¼öµµ ÀÖ´Â- ´Ù¸¥
ÇöÁ¸ÇÏ´Â(actual) »ç¿ëÀÚ È®ÀÎ ¹æ¹ýÀ» ¼öÇàÇÒ ¼ö ÀÖµµ·Ï pwauth
±â´ÉÀ»
¾²´Â °ÍÀÌ´Ù.
Shadow SuiteÀÇ ÀúÀÚ´Â ÇöÁ¸ÇÏ´Â ´ëºÎºÐÀÇ programµéÀÌ ÀÌ ±â´ÉÀ» ¾²°í
ÀÖÁö ¾ÊÀ½Àº ÁöÀûÇϸé¼, Shadow Suite Â÷±â version¿¡´Â »ç¶óÁö°Å³ª,
¹Ù²ð °ÍÀ̶ó°í ÇÑ´Ù.
shadow.h
file˼ libshadow.a
library¿¡ ÀÖ´Â ÇÔ¼öµéÀÇ
±âº»ÇüÀ» Æ÷ÇÔÇÏ°í ÀÖ´Ù:
extern void setspent __P ((void));
extern void endspent __P ((void));
extern struct spwd *sgetspent __P ((__const char *__string));
extern struct spwd *fgetspent __P ((FILE *__fp));
extern struct spwd *getspent __P ((void));
extern struct spwd *getspnam __P ((__const char *__name));
extern int putspent __P ((__const struct spwd *__sp, FILE *__fp));
¿¹Á¦¿¡¼ ¾µ ÇÔ¼ö´Â: getspnam
- spwd
±¸Á¶Ã¼¿¡¼ »ç¿ëÀÚ À̸§À»
°¡Á®¿À´Â ÇÔ¼ö - ÀÌ´Ù.
ÀÌ°ÍÀº shadow Áö¿ø±â´ÉÀÌ ÇÊ¿äÇÏÁö¸¸ ±âº»¼³Á¤À¸·Î µÇ¾î ÀÖÁö ¾ÊÀº program¿¡
±×°ÍÀ» Ãß°¡ÇÏ´Â ¿¹Á¦ÀÌ´Ù.
º» ¿¹Á¦·Î, PAPÀ̳ª CHAP´ë½Å /etc/passwd
file¿¡ ÀÖ´Â
»ç¿ëÀÚÀ̸§°ú password¸¦ »ç¿ëÇÏ¿© PAP ÀÎÁõÀ» ¼öÇàÇÏ´Â mode¸¦ Áö´Ñ,
Point-to-Point Protocol Server (pppd-1.2.1d)¸¦ µé°í ÀÖ´Ù.
pppdÀÇ ÀÌ·± ±â´ÉÀº ±×¸® ÀÚÁÖ ¾²ÀÌ°í ÀÖÁö ¾Ê´Ù. ±×·¯³ª Shadow Suite°¡
¼³Ä¡µÇ¸é ÀÌ ±â´ÉÀº ¸ø ¾²°Ô µÉ °ÍÀÌ´Ù. ¿Ö³ÄÇϸé password´Â ´õ ÀÌ»ó
/etc/passwd
¿¡ ÀÖÁö ¾Ê±â ¶§¹®ÀÌ´Ù.
ppad-1.2.1d
¿¡¼ »ç¿ëÀÚ ÀÎÁõÇÏ´Â code´Â
/usr/src/pppd-1.2.1d/pppd/auth.c
file¿¡ ÀÖ´Ù.
´ÙÀ½ code´Â #include
Áö½ÃÀÚ°¡ À§Ä¡ÇÏ´Â fileÀÇ ÀºÎºÐ¿¡ µ¡´î ÇÊ¿ä°¡
ÀÖ´Ù. ¿ì¸®´Â Á¶°ÇÁö½ÃÀÚ(conditional directive)·Î #include
¸¦ µÑ·¯½Õ´Ù
(Ưº°È÷ shadow Áö¿ø±â´ÉÀ» ³Ö¾î compileÇÒ ¶§¸¸ Æ÷ÇÔÇϵµ·Ï)
#ifdef HAS_SHADOW
#include <shadow.h>
#include <shadow/pwauth.h>
#endif
´ÙÀ½Àº ½ÇÁ¦ code¸¦ °íÄ¡´Â ÀÏÀÌ´Ù. ¾ÆÁ÷µµ auth.c
fileÀ» °íÄ¡°í ÀÖ´Ù.
°íÄ¡±â ÀüÀÇ auth.c
´Â:
/*
* login - Check the user name and password against the system
* password database, and login the user if OK.
*
* returns:
* UPAP_AUTHNAK: Login failed.
* UPAP_AUTHACK: Login succeeded.
* In either case, msg points to an appropriate message.
*/
static int
login(user, passwd, msg, msglen)
char *user;
char *passwd;
char **msg;
int *msglen;
{
struct passwd *pw;
char *epasswd;
char *tty;
if ((pw = getpwnam(user)) == NULL) {
return (UPAP_AUTHNAK);
}
/*
* XXX If no passwd, let them login without one.
*/
if (pw->pw_passwd == '\0') {
return (UPAP_AUTHACK);
}
epasswd = crypt(passwd, pw->pw_passwd);
if (strcmp(epasswd, pw->pw_passwd)) {
return (UPAP_AUTHNAK);
}
syslog(LOG_INFO, "user %s logged in", user);
/*
* Write a wtmp entry for this user.
*/
tty = strrchr(devname, '/');
if (tty == NULL)
tty = devname;
else
tty++;
logwtmp(tty, user, ""); /* Add wtmp login entry */
logged_in = TRUE;
return (UPAP_AUTHACK);
}
»ç¿ëÀÚ password´Â pw->pw_passwd
¿¡ À§Ä¡ÇÑ´Ù. µû¶ó¼ ÇÒ ÀÏÀº
getspnam
ÇÔ¼ö¸¦ Ãß°¡ÇÏ´Â °ÍÀÌ ÀüºÎ´Ù. ÀÌ ÇÔ¼ö´Â
spwd->sp_pwdp
¿¡ password¸¦ ÇÒ´çÇÑ´Ù.
¿ì¸®´Â ´Ù¸¥ ÇöÁ¸ÇÏ´Â(actual) »ç¿ëÀÚ È®ÀÎ ÀÛ¾÷À» ¼öÇàÇϵµ·Ï pwauth
ÇÔ¼ö¸¦ ³ÖÀ» °ÍÀÌ´Ù. ÀÌ´Â shadow file¿¡ ¼³Á¤µÇ¾î ÀÖÀ¸¸é ÀÚµ¿ÀûÀ¸·Î µÎ¹ø°
ÀÎÁõÀ» ¼öÇàÇÑ´Ù.
shadow¸¦ Áö¿øÇϵµ·Ï °íÄ£ auth.c
´Â:
/*
* login - Check the user name and password against the system
* password database, and login the user if OK.
*
* This function has been modified to support the Linux Shadow Password
* Suite if USE_SHADOW is defined.
*
* returns:
* UPAP_AUTHNAK: Login failed.
* UPAP_AUTHACK: Login succeeded.
* In either case, msg points to an appropriate message.
*/
static int
login(user, passwd, msg, msglen)
char *user;
char *passwd;
char **msg;
int *msglen;
{
struct passwd *pw;
char *epasswd;
char *tty;
#ifdef USE_SHADOW
struct spwd *spwd;
struct spwd *getspnam();
#endif
if ((pw = getpwnam(user)) == NULL) {
return (UPAP_AUTHNAK);
}
#ifdef USE_SHADOW
spwd = getspnam(user);
if (spwd)
pw->pw_passwd = spwd->sp-pwdp;
#endif
/*
* XXX If no passwd, let NOT them login without one.
*/
if (pw->pw_passwd == '\0') {
return (UPAP_AUTHNAK);
}
#ifdef HAS_SHADOW
if ((pw->pw_passwd && pw->pw_passwd[0] == '@'
&& pw_auth (pw->pw_passwd+1, pw->pw_name, PW_LOGIN, NULL))
|| !valid (passwd, pw)) {
return (UPAP_AUTHNAK);
}
#else
epasswd = crypt(passwd, pw->pw_passwd);
if (strcmp(epasswd, pw->pw_passwd)) {
return (UPAP_AUTHNAK);
}
#endif
syslog(LOG_INFO, "user %s logged in", user);
/*
* Write a wtmp entry for this user.
*/
tty = strrchr(devname, '/');
if (tty == NULL)
tty = devname;
else
tty++;
logwtmp(tty, user, ""); /* Add wtmp login entry */
logged_in = TRUE;
return (UPAP_AUTHACK);
}
ÁÖÀÇÇؼ º¸¸é ¿ì¸®°¡ ÇÑ ´Ù¸¥ º¯È¸¦ º¼ ¼ö ÀÖÀ» °ÍÀÌ´Ù. /etc/passwd
file¿¡ password°¡ ¾ø´Ù¸é, ¿ø versionÀº UPAP_AUTHACK
¸¦ µ¹·ÁÁÖ°í
Á¢¼ÓÀ» Çã¿ëÇß´Ù. ÀÌ°Ç ¾È ÁÁ´Ù. ¿Ö³ÄÇϸé, ÀÌ login±â´ÉÀÇ ÀϹÝÀûÀÎ
¿ëµµ´Â PPP process¿¡ Á¢±ÙÇÑ ´ÙÀ½, PAP¿¡ ÀÇÇØ Áö¿øµÇ´Â »ç¿ëÀÚ À̸§°ú password¸¦
/etc/passwd
¿¡ ÀÖ´Â »ç¿ëÀÚ À̸§°ú /etc/shadow
¿¡ ÀÖ´Â
password¿Í ¸Â´ÂÁö Á¡°ËÇϵµ·Ï Çã¿ëÇÏ´Â, ÇÑ °èÁ¤À» »ç¿ëÇÏ´Â °ÍÀ̱⠶§¹®ÀÌ´Ù.
µû¶ó¼, ¿ø versionÀÌ »ç¿ëÀÚ(ƯÈ÷, ppp
)¸¦ À§ÇØ shellÀ» ½ÇÇà½ÃÅ°µµ·Ï
¼³Á¤Çß´Ù¸é, ´©±¸µçÁö ±×µéÀÇ PAP¸¦ »ç¿ëÀÚÀ̸§À» ppp
, password¸¦ null·Î
ÇÔÀ¸·Î½á ppp ¿¬°áÀ» ȹµæÇÒ ¼ö ÀÖ¾ú´Ù.
¿ì¸®´Â ÀÌ°ÍÀ» password°¡ ¾ø´Ù¸é UPAP_AUTHACK
´ë½Å
UPAP_AUTHNAK
¸¦ µÇµ¹·ÁÁÖµµ·Ï °íÃÆ´Ù.
Èï¹Ì·Ó°Ôµµ pppd-2.2.0
·Î °°Àº ¹®Á¦¸¦ Áö´Ï°í ÀÖ´Ù.
´ÙÀ½Àº µÎ°¡Áö ÀÏÀÌ ÀϾ ¼ö ÀÖµµ·Ï MakefileÀ» °íÁö´Â °ÍÀÌ´Ù:
USE_SHADOW
°¡ ¼±¾ðµÇ¾î ÀÖ¾î¾ß ÇÏ°í, libshadow.a
°¡ linkµÇµµ·Ï
ÇÒ ÇÊ¿ä°¡ ÀÖ´Ù.
Makefile¿¡¼´Â:
LIBS = -lshadow
±×¸®°í³ª¼ ´ÙÀ½ ÁÙÀ»:
COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t
¿¡¼:
COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t -DUSE_SHADOW
·Î ¹Ù²Û´Ù.
ÀÌÁ¦ ¸¸µé¾î¼ ¼³Ä¡Ç϶ó.
Áú: /etc/securettys
file¸¦ ½á¼ root°¡ µé¾î°¥ ¼ö
ÀÖ´Â tty¸¦ Á¶Á¤ÇØ¿ÔÀ¾´Ï´Ù¸¸, ÀÌÁ¦´Â ¾È µË´Ï´Ù. ¹¹°¡ À߸øÀϱî¿ä?
´ä: /etc/securettys
fileÀº Shadow SuiteÀÌ ¼³Ä¡µÈ
µÚ¿¡´Â ´õÀÌ»ó ¾µ ¼ö ¾øÀ¾´Ï´Ù. login ¼³Á¤ fileÀÎ /etc/login.defs
¿¡¼
root°¡ ¾µ ¼ö ÀÖ´Â tty¸¦ Á¤ÇÒ ¼ö ÀÖÀ¾´Ï´Ù. ÀÌ fileÀÇ Ç׸ñÀº ¶Ç ´Ù¸¥
fileÀ» °¡¸£Å³ ¼ö ÀÖÀ¾´Ï´Ù.
Áú: Shadow SuiteÀ» ¼³Ä¡Çß´õ´Ï, loginÇÒ ¼ö ¾øÀ¾´Ï´Ù. ³»°¡
¹«¾ó »© ¸Ô¾úÁö¿ä?
´ä: ¾Æ¸¶ Shadow programµéÀ» ¼³Ä¡ÇßÁö¸¸, pwconv
¸¦ ½ÇÇà½ÃÅ°Áö
¾Ê¾Ò´øÁö, /etc/npasswd
¿Í /etc/nshadow
¸¦ /etc/passwd
¿Í
/etc/shadow
·Î º¹»çÇÏ´Â °ÍÀ» ÀؾúÀ» °Ì´Ï´Ù. ¶ÇÇÑ login.defs
¸¦
/etc
·Î º¹»çÇØ¾ß µË´Ï´Ù.
Áú: xlock section¿¡¼, /etc/shadow
ÀÇ group ¼ÒÀ¯ÀÚ¸¦
shadow
·Î ¹Ù²Ù¶ó°í ÇÕ´Ï´Ù. ³ª´Â shadow
groupÀ» °¡Áö°í ÀÖÁö
¾Ê½À´Ï´Ù. ¹» ÇؾߵÇÁö¿ä?
´ä: Ãß°¡ÇÏ½Ã¸é µË´Ï´Ù. °£´ÜÈ÷ /etc/group
file¿¡ ÇÑÁÙ Ãß°¡Çϸé
µË´Ï´Ù. ´Ù¸¥ groupÀ¸·Î ¾²ÀÌ°í ÀÖÁö ¾ÊÀº group number·Î ÇÒ´çÇؼ
nogroup
Ç׸ñÀü¿¡ »ðÀÔÇÏ¸é µË´Ï´Ù. ¶Ç´Â xlock
¸¦ SUID root·Î
ÇÏ¸é µË´Ï´Ù.
Áú: Linux Shadow Password Suite¿¡ ´ëÇÑ mailing list°¡ ÀÖÀ¾´Ï±î?
´ä: ¿¹, ÇÏÁö¸¸ ´ÙÀ½ Linux Shadow SuiteÀÇ beta test¿Í °³¹ßÀ» À§ÇÑ
°Ì´Ï´Ù. shadow-list-request@neptune.cin.net
¿¡ Á¦¸ñ(subject)À»
subscribe
·Î Çؼ mail·Î º¸³»½Ã¸é list¿¡ Ãß°¡µÇ½Ç ¼ö ÀÖÀ¾´Ï´Ù.
ÀÌ list´Â ½ÇÁö·Î Linux shadow-YYMMSS
series¿¡ ´ëÇؼ Åä·ÐÇÏ°í
ÀÖÀ¾´Ï´Ù. ¸¸ÀÏ °³¹ß¿¡ Âü°¡ÇÏ°í ½Í°Å³ª, ´ç½ÅÀÇ system¿¡ Suite¸¦ ±ò°í ÃÖ±Ù
release¿¡ ´ëÇÑ Á¤º¸¸¦ ¾ò°í ½Í´Ù¸é, Âü°¡Çϼŵµ µË´Ï´Ù.
Áú: Shadow Suite¸¦ ¼³Ä¡ÇßÀ¾´Ï´Ù. ±×·±µ¥, userdel
¸í·ÉÀ» »ç¿ëÇÒ ¶§¸¶´Ù, "userdel: cannot open shadow group file"À̶õ message¸¦
¹Þ½À´Ï´Ù. ¹» À߸øÇßÁö¿ä?
´ä: Shadow Suite¸¦ SHADOWGRP
option°¡´ÉÀ¸·Î
compileÇßÁö¸¸, /etc/gshadow
fileÀÌ ¾ø´Â °ÍÀÔ´Ï´Ù. config.h
¸¦
ÆíÁýÇؼ ´Ù½Ã compileÇϰųª, /etc/group
fileÀ» ¸¸µå½Ê½Ã¿ä.
shadow group¿¡ ´ëÇÑ sectionÀ» ÂüÁ¶ÇϽñ⠹ٶø´Ï´Ù.
Áú: Shadow SuiteÀ» ¼³Ä¡ÇßÁö¸¸,
Áö±Ý /etc/passwd
¿¡ encodeµÈ password°¡ ÀÖÀ¾´Ï´Ù.
¹¹°¡ À߸øµÆÁö¿ä?
´ä: Shadow config.h
file¿¡ AUTOSHADOW
option
°¡´ÉÇÏ°Ô Ç߰ųª, libc
¸¦ SHADOW_COMPAT
optionÀ» ÁÖ°í
compileÇßÀ» °Ì´Ï´Ù. ¾î´À ¹®Á¦ÀÎÁö È®ÀÎÇؼ ´Ù½Ã compileÇϽʽÿä.
The Linux Shadow Password HOWTO is Copyright (c) 1996 Michael H. Jackson.
¸ðµç »çº»¿¡ ÀúÀÛ±Ç¿Í ÀÌ Çã°¡ Åë°í°¡ Á¦°øµÇ´Â ÀÌ ¹®¼ÀÇ µ¿ÀÏÇÑ »çº»À» ¸¸µé°í
¹èÆ÷ÇÏ´Â °ÍÀ» Çã°¡ÇÕ´Ï´Ù.
À§¿¡ ¸í±âµÈ µ¿ÀÏÇÑ »çº»¿¡ ´ëÇÑ Á¶°ÇÇÏ¿¡¼, ¹®¼°¡ ¼öÁ¤µÈ °ÍÀ̶ó´Â ¸í¹éÇÑ
Åë°í°¡ ¼öÁ¤µÈ ¹®¼¿¡ ¶ÇÇÑ Æ÷ÇԵǾî, ÀÌ ¹®¼ÀÇ ¼öÁ¤µÈ versionÀ» º¹»çÇÏ°í
¹èÆ÷ÇÏ´Â ÇàÀ§¸¦ Çã°¡ÇÕ´Ï´Ù.
À§¿¡ ¼öÁ¤µÈ version¿¡ ´ëÇØ ¼¼úÇÑ Á¶°ÇÇÏ¿¡¼, ÀÌ ¹®¼ÀÇ ´Ù¸¥ ¾ð¾î ¹ø¿ªº»À»
º¹»çÇÏ°í ¹èÆ÷ÇÏ´Â °ÍÀ» Çã°¡ÇÕ´Ï´Ù.
À§¿¡ ¼öÁ¤µÈ version¿¡ ´ëÇØ ¼¼úÇÑ Á¶°ÇÇÏ¿¡¼, »õ·Î¿î ¸Åü¿¡ ¿ø ¹®¼¿¡ ´ëÇÑ
¾Ë±â ½¬¿î ÂüÁ¶À» Æ÷ÇÔ½ÃÅ°´Â °Í°ú ºñ½ÁÇÑ ¿ø ¹®¼¸¦ ¾Ë¸®´Â µ¥ ÇÊ¿äÇÑ »çÇ×À»
´ã°í, ÀÌ ¹®¼¸¦ ´Ù¸¥ ¸Åü·Î ¹Ù²Ù´Â °ÍÀ» Çã°¡ÇÕ´Ï´Ù.
auth.c
¿¡ ´ëÇÑ code ¿¹Á¦´Â
Copyright (c) 1993 and The Australian National University¿Í
Copyright (c) 1989 Carnegie Mellon UniversityÀÇ pppd-1.2.1d¿Í ppp-2.1.0e¿¡¼
ºô·Á¿Ô´Ù.
Linux¿ë Shadow SuiteÀ» ¸¸µé°í, À¯Áöº¸¼öÇÏ°í ÀÖ´Â °Í¿¡ ´ëÇØ,
±×¸®°í ÀÌ ¹®¼¸¦ Âß º¸°í ³íÆòÇØÁÖ½Å
Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>²² °¨»çµå¸³´Ï´Ù.
Ä£ÀýÇÏ°Ô Âß Àаí, ½ÃÇèÇØÁֽŠRon Tidd <rtidd@tscnet.com>²² °¨»çµå¸³´Ï´Ù.
ÀÌ ¹®¼°¡ ´õ ³ª¾ÆÁöµµ·Ï Á¤Á¤»çÇ×À» ¾Ë·ÁÁֽŠ¿©·¯ºÐ²² °¨»çµå¸³´Ï´Ù.
¾î¶² ³íÆòÀ̳ª Á¦¾ÈÀ» Á¦°Ô º¸³»Áֽñ⠹ٶø´Ï´Ù.
Michael H. Jackson <mhjack@tscnet.com>
ÀÌ ¹ø¿ª¿¡ ´ëÇÑ ¾î¶°ÇÑ ³íÆòÀ̳ª Ãæ°í ºÎŹµå¸³´Ï´Ù.
Á¶¿ëÀÏ <tolkien@nownuri.nowcom.co.kr>