· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
Linuxdoc Sgml/Shadow-Password-HOWTO

Linux Shadow Password HOWTO

Linux Shadow Password HOWTO

Michael H. Jackson, mhjack@tscnet.com.

v1.3, 3 April 1996 ¹ø¿ª: Á¶¿ëÀÏ, mailto:tolkien@nownuri.nowcom.co.kr ¹ø¿ªÀÏ: 1997³â 2¿ù 1ÀÏ
ÀÌ ¹®¼­´Â Linux Passwd Shadow Suite¸¦ ¾î¶»°Ô ¾ò°í, ¼³Ä¡ÇÏ°í, ÃʱâÈ­ÇÏ´Â ¹æ¹ýÀ» ¼³¸íÇÏ°í ÀÖ´Ù. ¶ÇÇÑ user password¸¦ ÇÊ¿ä·Î ÇÏ´Â network daemonÀ̳ª software¸¦ ¾ò°í, À缳ġÇÏ´Â °Íµµ ´Ù·ç°í ÀÖ´Ù. ±×·± software´Â Shadow SuiteÀÇ ÀϺΰ¡ ¾Æ´ÏÁö¸¸, Shadow Suite¸¦ Áö¿øÇϵµ·Ï Àç compileÇÒ ÇÊ¿ä°¡ ÀÖ´Ù. ±ÛÁß¿¡´Â program¿¡ shadow¸¦ Áö¿øÇÏ´Â programming exampleµµ ÀÖ´Ù. ÀÚÁÖ ¹¯´Â Áú¹®µé¿¡ ´ëÇÑ ´äÀÌ ±Û ¸»¹Ì¿¡ ÀÖ´Ù.

1. µé¾î°¡¸é¼­.

ÀÌ°ÍÀº Linux Shadow-Password-HOWTOÀÌ´Ù. ÀÌ ±ÛÀº Linux system¿¡¼­ shadow password°¡ ¿Ö Áö¿øµÆ°í, ¾î¶² ½ÄÀ¸·Î Áö¿øÇÏ´ÂÁö ±â¼úÇÏ°í ÀÖ´Ù. Shadow SuiteÀÇ ¸î¸î ±â´ÉÀ» ¾î¶»°Ô ¾²´Â°¡¿¡ ´ëÇÑ ¿¹Á¦µéµµ Æ÷ÇÔÇÏ°í ÀÖ´Ù.

Shadow Suite¸¦ ¼³Ä¡ÇÏ°í, ¸¹Àº utilityµéÀ» »ç¿ëÇÒ ¶§, ¹Ýµå½Ã root·Î loginÇØ¾ß ÇÑ´Ù. Shadow Suite¸¦ ¼³Ä¡ÇÒ ¶§, system software¿¡ º¯È­¸¦ ÁÖ¾î¾ß ÇÒ °ÍÀÌ´Ù. ±×¸®°í, Áö½ÃÇÏ´Â ´ë·Î programÀÇ backup º¹»çº»À» ¸¸µé¾î ³õ±â¸¦ °­·ÂÈ÷ ±Ç°íÇÑ´Ù. ¶ÇÇÑ, ½ÃÀÛÇϱâ Àü¿¡ ¾È³»¼­¸¦ Àаí ÀÌÇØÇϱ⸦ ±ÇÇÑ´Ù.

1.1 ÀÌÀü ±Û°ú ´Ù¸¥ °Íµé.

µ¡ ºÙ¿©Áø °Íµé:
        shadow¸¦ ¿Ö ¼³Ä¡ÇÏÁö ¿øÇÏÁö ¾Ê´Â ÀÌÀ¯¿¡ ´ëÇÑ sub-section
        xdmÀ» updateÇÏ´Â °Í¿¡ ´ëÇÑ sub-section
        ÀÛ¾÷¿¡ Shadow SuiteÀÇ ±â´ÉÀ» Ãß°¡ÇÏ´Â ¹æ¹ý¿¡ ´ëÇÑ section
        ÀÚÁÖ ¹¯´Â Áú¹®¿¡ ´ëÇÑ section

¼öÁ¤ ¹× updateµÈ °Íµé:
        SunsiteÀÇ html ÂüÁ¶¸¦ Á¤Á¤
        Makefile¿¡ -lshadow¸¦ µ¡ºÙÀ̵µ·Ï wu-ftp¿¡ ´ëÇÑ sectionÀÇ Á¤Á¤
        öÀÚ¿Í ¼ö´Ù½º·¯¿òÀ» Á¤Á¤
        ELF¸¦ Áö¿øÇϵµ·Ï wu-ftpd¿¡ ´ëÇÑ section º¯°æ
        ¿©·¯°¡Áö login programÀÇ º¸¾È ¹®Á¦¸¦ ¹Ý¿µÇϵµ·Ï update
        Marek MichalkiewiczÀÇ Linux Shadow Suite¸¦ ±ÇÇϵµ·Ï update

1.2 ÀÌ ¹®¼­ÀÇ ÃÖ±Ù °ÍÀº...

ÀÌ ¹®¼­ÀÇ ÃÖ±ÙÆÇÀº anonymous FTPÀÎ

sunsite.unc.edu

/pub/Linux/docs/HOWTO/Shadow-Password-HOWTO
¶Ç´Â:
/pub/Linux/docs/HOWTO/other-formats/Shadow-Password-HOWTO{-html.tar,ps,dvi}.gz

¿¡ ÀÖÀ¸¸ç, ¶Ç´Â Linux Documentation Project Web Server¸¦ ÅëÇؼ­, Shadow-Password-HOWTO, ¶Ç´Â ³ª(<mhjack@tscnet.com>)¿¡°Ô Á÷Á¢ ¾òÀ» ¼ö ÀÖ´Ù. ÀÌ °ÍÀº newsgroup: comp.os.linux.answers¿¡ Ç×»ó °Ô½ÃµÈ´Ù.

ÀÌ ¹®¼­´Â Shadow-YYDDMM package¿¡ Æ÷ÇԵȴÙ.

1.3 Feedback.

³ª( Michael H. Jackson <mhjack@tscnet.com>)¿¡°Ô ¾î¶² ÀÇ°ß, »õ·Î¿î °Í, Á¦¾ÈÀ» º¸³»Áֱ⠹ٶõ´Ù. ³»°¡ »¡¸® ±×·¯ÇÑ °ÍµéÀ» ¹ÞÀ»¼ö·Ï, ÀÌ ¹®¼­¸¦ »¡¸® ÃֽŠÁ¤º¸¸¦ ´ã°í, À߸øÀ» ¹Ù·Î ÀâÀ» ¼ö ÀÖ´Ù. ¾î¶² ¹®Á¦°¡ ÀÖÀ» °æ¿ì¿¡´Â ³ª¿¡°Ô Á÷Á¢ ÀüÇØÁֱ⠹ٶõ´Ù. ¿Ö³ÄÇÏ¸é ³»°¡ newsgroup¿¡ ¸ÅÀÏ ¿Ã¶ó°¡Áö ¾Ê±â ¶§¹®ÀÌ´Ù.

2. ¿Ö passwd fileÀ» ¼û°Ü¾ß Çϴ°¡?

±âº»ÀûÀ¸·Î, ´ëºÎºÐÀÇ Linux ¹èÆ÷º»µéÀº ÁغñµÈ Shadow Suite¸¦ Æ÷ÇÔÇÏÁö ¾Ê´Â´Ù. Slackware 2.3, Slackware 3.0, ´Ù¸¥ Àß ¾Ë·ÁÁø ¹èÆ÷º»µéÀÌ ±×·¯ÇÏ´Ù. ÀÌ·¸°Ô ÇÏ´Â ÀÌÀ¯Áß Çϳª´Â ¿ø·¡ÀÇ Shadow Suite°¡ µ·À» ¹Þ°í Àç¹èÆ÷ÇÒ °æ¿ì¿¡ ´ëÇÑ ÀúÀÛ±ÇÀÌ ¸íÈ®ÇÏÁö ¾Ê±â ¶§¹®ÀÌ´Ù. Linux´Â »ç¿ëÇϱâ ÆíÇÏ°Ô Æ÷Àå(CD-ROM ¹èÆ÷ó·³)ÇÑ µÚ, ±×¿¡ ´ëÇÑ ´ñ°¡·Î µ·À» ¹Þ´Â °ÍÀ» Çã¿ëÇÏ´Â GNUÀÇ ÀúÀÛ±Ç(Copyleft¶ó°í ºÒ¸®¿ì±âµµ ÇÑ´Ù)¸¦ »ç¿ëÇÑ´Ù.

Áö±Ý Shadow Suite¸¦ °ü¸®ÇÏ´Â Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>¾¾´Â Àç¹èÆ÷¸¦ Çã¿ëÇÏ´Â BSDÀÇ ÀúÀÛ±ÇÀ» µû¸£´Â ÀúÀڷκÎÅÍ source code¸¦ ¹Þ¾Ò´Ù. µû¶ó¼­, Áö±ÝÀº ÀúÀÛ±Ç ¹®Á¦´Â ÇØ°áµÇ¾î¼­, ÀÌÈÄ¿¡ ³ª¿À´Â ¹èÆ÷º»¿¡´Â password¿¡ shadow°¡ ±âº»À¸·Î »ç¿ëµÉ ¼ö ÀÖÀ» °ÍÀÌ´Ù. ±×¶§±îÁö´Â ´ç½Å ½º½º·Î ¼³Ä¡ÇØ¾ß µÈ´Ù.

CD-ROMÀ¸·ÎºÎÅÍ ¹èÆ÷º»À» ¼³Ä¡Çß´Ù¸é, ºñ·Ï ¹èÆ÷º»ÀÌ Shadow Suite¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´õ¶óµµ, CD-ROM¿¡¼­ Shadow Suite¸¦ ¿øÇÏ´Â ¸î¸î fileµéÀÌ ÀÖÀ» °ÍÀÌ´Ù.

¾î·µç, Shadow Suite 3.3.1, 3.3.1-2, shadow-mk´Â login program°ú suid root¸¦ ¾²´Â program¿¡ º¸¾È ÇãÁ¡ÀÌ ÀÖ°í, ´õ ÀÌ»ó ¾²Áö ¸»¾Æ¾ß ÇÑ´Ù.

¸ðµç ÇÊ¿äÇÑ fileµéÀº anonymous FTP³ª WWWÀ» ÅëÇؼ­ ¾òÀ» ¼ö ÀÖ´Ù.

Shadow Suite¸¦ ±òÁö ¾ÊÀº Linux system¿¡¼­´Â, password¸¦ Æ÷ÇÔÇÑ »ç¿ëÀÚ Á¤º¸´Â /etc/passwd¿¡ º¸°üµÇ¾î ÀÖ´Ù. password´Â ¾ÏȣȭµÇ¾î¼­ (encrypted) ÀúÀåµÈ´Ù. ¸¸ÀÏ ¾ÏÈ£ÇÐÀÇ Àü¹®°¡¿¡°Ô ¹¯´Â´Ù¸é, ±×´Â password´Â encryptµÈ Çü½ÄÀ̶ó±â º¸´Ù´Â encodeµÈ Çü½ÄÀ¸·Î µÇ¾î ÀÖ´Ù. ÀÌÀ¯´Â crypt(3)À» Àû¿ëÇÒ ¶§, text´Â null·Î ÇÏ°í password¸¦ key·Î »ç¿ëÇϱ⠶§¹®À̶ó°í ÇÑ´Ù. µû¶ó¼­ ÀÌ ¹®¼­¿¡¼­´Â encodeµÈÀ̶ó´Â ¸»À» ¾µ °ÍÀÌ´Ù. (¿ªÀÚÁÖ : »çÀü¿¡´Â encode¿Í encrypt¸¦ °°Àº ¶æÀ¸·Î »ç¿ëÇÏ°í ÀÖÀ¾´Ï´Ù. - ¾ÏÈ£·Î ¹Ù²ã¾²´Ù - ¶ó´Â ¶æÀÔ´Ï´Ù¸¸, ¾ÏÈ£ÇÐÀ» Àü°øÇϽŠºÐµé¿¡°Ô´Â ´µ¾Ó½º°¡ ´Ù¸¦ °Í°°½À´Ï´Ù. ÀÌ¿¡ ´ëÇÑ º¸Ãæ ¹Ù¶ø´Ï´Ù.)

password¸¦ encodeÇÏ´Â µ¥ »ç¿ëµÇ´Â algorithmÀº ±â¼úÀûÀ¸·Î´Â ´Ü¹æÇâ hash function°ú °°Àº ¹æ¹ýÀ¸·Î °£Áֵǰí ÀÖ´Ù. ÀÌ °ÍÀº ¼ø¹æÇâÀ¸·Î´Â °è»êÇϱâ ÆíÇÏ°Ô µÇ¾î ÀÖÁö¸¸ ¿ª¹æÇâÀº ¿¬»êÀÌ ¸Å¿ì Èûµé°Ô µÇ¾î ÀÖ´Ù. »ç¿ëµÈ algorithm¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ¼³¸íÀº section 2.4³ª crypt(3) manual page¿¡ ÀÖ´Ù.

»ç¿ëÀÚ°¡ password¸¦ ¼±ÅÃÇϰųª ÇÒ´ç¹ÞÀ» ¶§, password´Â salt(¼Ò±Ý?)¶ó°í ºÒ¸®´Â ¹«ÀÛÀ§·Î »ý¼ºµÈ °ª°ú °°ÀÌ encodeµÈ´Ù. ÀÌ°ÍÀº ¾î¶² passwordµçÁö 4096°¡ÁöÀÇ ´Ù¸¥ ¹æ¹ýÀ¸·Î ÀúÀåµÉ ¼ö ÀÖ´Ù¶ó´Â ¾ê±â´Ù. salt °ªÀº encodeµÈ password¿Í °°ÀÌ ÀúÀåµÈ´Ù.

»ç¿ëÀÚ°¡ loginÇÏ°í password¸¦ »ç¿ëÇϸé, salt´Â encodeµÇ¾î ÀúÀåµÈ password¿¡¼­ »ÌÇôÁ® ³ª¿Â´Ù. ±×´ÙÀ½ ÀÔ·ÂµÈ password¿Í salt°¡ °°ÀÌ encodeµÈ´Ù. ±×¸®°í, encodeµÇ¾î ÀúÀåµÈ password¿Í ºñ±³ÇÑ´Ù. ±× °á°ú, ¼­·Î °°´Ù¸é »ç¿ëÀÚ´Â ÀÎÁõµÈ´Ù.

¹«Áú¼­ÇÏ°Ô encodeµÈ password¸¦ ȹµæÇؼ­ ¿ø·¡ÀÇ password·Î µÇµ¹¸®´Â °ÍÀº °è»ê»óÀ¸·Î´Â Èûµé´Ù(±×·¯³ª ºÒ°¡´ÉÇÏÁö´Â ¾Ê´Ù). ±×·¯³ª, ÀûÁö ¾ÊÀº »ç¿ëÀÚ°¡ »ç¿ëÇÏ´Â systemÀ̶ó¸é, Àû¾îµµ ¸î¸î password´Â ÀÏ»ó´Ü¾î·Î ÀÌ·ç¾îÁ® ÀÖ´Ù (¶Ç´Â °£´ÜÇÑ º¯Á¾ÀÌ´Ù).

system crackerµé´Â ÀÌ·± °ÍÀ» ¾Ë°í, ÀÚÁÖ ¾²ÀÌ´Â passwordµé°ú ´Ü¾îÀÇ »çÀü°ú °¡´ÉÇÑ 4096°¡Áö salt °ªÀ» »ç¿ëÇؼ­ encryptÀ» ÇàÇÒ °ÍÀÌ´Ù. ±×´ÙÀ½¿¡ ±×µéÀº ±×µéÀÇ database¿¡ ÀÖ´Â ´ç½ÅÀÇ /etc/passwd fileÀÇ encodeµÈ password¿Í ºñ±³ÇÒ °ÍÀÌ´Ù. ÀÏ´Ü Çϳª¶óµµ ÀÏÄ¡ÇÑ´Ù¸é ±×µéÀº ¶Ç´Ù¸¥ °èÁ¤ÀÇ password¸¦ °¡Áö°Ô µÇ´Â ¼ÀÀÌ´Ù. ÀÌ´Â dictionary attack(»çÀü °ø°Ý?)À̶ó °í ºÒ¸®¿ì°í, system¿¡ Çã°¡µÇÁö ¾ÊÀº Á¢¼ÓÀ» ¾òÀ» ¶§ ¾²´Â °¡Àå º¸ÆíÀûÀÎ ¹æ¹ýÁß ÇϳªÀÌ´Ù.

»ý°¢Çغ¸¶ó, 8¹®ÀÚµÈ password°¡ 4096 * 13¹®ÀÚ¿­·Î encodeµÈ´Ù. ±×¸®°í, 400,000°³ÀÇ ÀÏ¹Ý ´Ü¾î, À̸§, password, ¾à°£ÀÇ º¯Çüµé·Î ÀÌ·ç¾îÁø »çÀüÀº 4G Byte hard¸¦ ½±°Ô ä¿ï °ÍÀÌ´Ù. °ø°ÝÀÚµéÀº ÀÌ·± Á¾·ùÀÇ °ÍÀÌ ÇÊ¿äÇÏ°í, ¸Â´Â Áö °Ë»çÇØ º¼ ÇÊ¿ä°¡ ÀÖ´Ù. ¸¸ÀÏ 10000 ´Þ·¯ÀÌÇÏ·Î ÀÌ·± 4G byteÂ¥¸® hard¸¦ °¡Áú ¼ö ÀÖ´Ù¸é, ´ëºÎºÐÀÇ system crackerµé¿¡°Ô´Â ÃæºÐÇÏ´Ù.

¶ÇÇÑ, cracker°¡ ´ç½ÅÀÇ /etc/passwd fileÀ» ÀÌ¹Ì °¡Áö°í ÀÖ´Ù¸é, ±×µéÀº /etc/passwd file¿¡ Æ÷ÇԵǾî ÀÖ´Â salt °ª¸¸ °¡Áö°í »çÀüÀ» encodeÇÏ¸é µÈ´Ù. ÀÌ ¹æ¹ýÀº 200 MegabyteÀÇ °ø°£°ú 486±Þ computer¸¦ °¡Áö°í ÀÖ´Â º¸Åë û¼Ò³âÀ̸é ÀÌ¿ëÇÒ ¼ö ÀÖ´Ù.

½ÉÁö¾î ¸¹Àº °ø°£¾øÀÌ, crack(1)°ú °°Àº utilityµéÀº ÃÖ¼ÒÇÑ ÃæºÐÈ÷ ¸¹Àº »ç¿ëÀÚ¸¦ È®º¸ÇÏ°í ÀÖ´Â systemÀÇ password¸¦ 2°³Á¤µµ´Â ±ý ¼ö ÀÖ´Ù (user°¡ ÀÚ±â ÀÚ½ÅÀÇ password¸¦ °í¸¦ ¼ö ÀÖ´Â systemÀ̶ó°í ÇÑ´Ù¸é).

/etc/passwd fileÀº user ID¿Í group ID¿Í °°Àº ´ëºÎºÐÀÇ system program¿¡¼­ ¾²´Â Á¤º¸¸¦ °¡Áö°í ÀÖ´Ù. °Ô´Ù°¡ /etc/passwd fileÀº "¸ðµÎ Àб⠰¡´É"À¸·Î ³²¾Æ ÀÖ¾î¾ß ÇÑ´Ù. /etc/passwd fileÀ» ¾Æ¹«µµ º¸Áö ¸øÇÏ°Ô Çϸé, Á¦ÀÏ ¸ÕÀú ls -l ¸í·ÉÀÌ ÀÌÁ¦ user À̸§´ë½Å user ID¸¦ Ãâ·ÂÇÏ´Â °ÍÀ» º¸°Ô µÉ °ÍÀÌ´Ù!

Shadow Suite´Â password¸¦ ´Ù¸¥ file(´ë°³ /etc/shadow)¿¡ À§Ä¡½ÃÅ´À¸·Î½á ÀÌ ¹®Á¦¸¦ ÇØ°áÇÑ´Ù. /etc/shadow fileÀº ¾î´À ´©±¸µµ º¼ ¼ö ¾øµµ·Ï µÇ¾î ÀÖ´Ù. root¸¸ÀÌ /etc/shadow¸¦ º¼ ¼ö ÀÖ°í, ¾µ ¼ö ÀÖ´Ù. ¾î¶² program (xlock °°Àº)Àº password¸¦ ¹Ù²Ü ¼ö ÀÖ´Â ±Ç¸®¸¦ ¿øÇÏÁö ¾Ê´Â´Ù. password¸¦ È®ÀÎÇÒ ¼ö ÀÖÀ¸¸é µÈ´Ù. ÀÌ·± programµéÀº suid root·Î ½ÇÇàµÇ°Å³ª, /etc/shadow¸¦ Àб⸸ ÇÒ ¼ö ÀÖ´Â shadow·Î groupÀ» ¹Ù²Ù¾î ÁÖ¸é µÈ´Ù. ±×·¯¸é programÀº sgid shadow·Î ½ÇÇà½Ãų ¼ö ÀÖ´Ù.

password¸¦ /etc/shadow file·Î ¿Å°Ü ÁÜÀ¸·Î½á, dictionary attack¸¦ Çϱâ À§Çؼ­ encodeµÈ passwordµé¿¡ Á¢±ÙÇÏ´Â °ø°ÝÀÚµéÀº È¿°úÀûÀ¸·Î ¹æÇØÇÒ ¼ö ÀÖ´Ù.

Ãß°¡ÀûÀ¸·Î Shadow Suite´Â ¸î°¡Áö ±¦ÂúÀº ±â´ÉÀ» ´õ °¡Áö°í ÀÖ´Ù:

  • login ±âº»»çÇ×(/etc/login.defs)µéÀÌ ÁغñµÈ configuration file
  • user °èÁ¤ ¹× groupÀ» Ãß°¡, ¼öÁ¤, »èÁ¦ÇÏ´Â utilityµé
  • passwordÀÇ À¯È¿±â°£ ¼³Á¤°ú °æ°úÈÄ Ãë¼Ò
  • °èÁ¤ ¹«È¿¿Í µ¿°á
  • group passwordµéÀÇ shadow (¼±ÅûçÇ×)
  • 2¹è ±æÀ̸¦ °¡Áö´Â passwrd (16¹®ÀÚ password) (±ÇÇÏÁö ¾ÊÀ½)
  • user°¡ password¸¦ °í¸¦ ¶§, ÀûÀýÇÑ ÅëÁ¦
  • ÀüÈ­Á¢¼Ó¿ë password
  • º¸Á¶ ÀÎÁõ program (±ÇÇÏÁö ¾ÊÀ½)

Shadow Suite¸¦ ¼³Ä¡ÇÏ´Â °ÍÀº Á» ´õ º¸¾ÈÀÌ °­È­µÈ systemÀ¸·Î ¸¸µé¾î ÁØ´Ù. ±×·¯³ª, Linux systemÀÇ º¸¾ÈÀ» °­È­½ÃÄÑÁÖ´Â ´Ù¸¥ ¸¹Àº °ÍµéÀÌ ÀÖ°í, µû¶ó¼­ ±Ã±ØÀûÀ¸·Î ´Ù¸¥ º¸¾È µµ±¸³ª °ü·ÃµÈ »ç¾ÈÀ» ´Ù·ç´Â Linux Security HOWTO series°¡ »ý±æ °ÍÀÌ´Ù.

¾Ë·ÁÁø Ãë¾àÁ¡À» Æ÷ÇÔÇÑ Linux º¸¾È ¹®Á¦¿¡ ´ëÇÑ Á¤º¸¸¦ ¾òÀ¸·Á¸é Linux Security home page¸¦ ¹æ¹®Çϱ⠹ٶõ´Ù.

2.1 passwd fileÀ» ÀºÆóÇϱ⸦ ÁÖÀúÇմϱî?

´ÙÀ½°ú °°Àº ȯ°æµé¿¡¼­´Â, Shadow Suite°¡ ÁÁÀº ´ë¾ÈÀÌ µÉ ¼ö ¾ø´Ù:

  • systemÀÌ »ç¿ëÀÚ °èÁ¤À» °¡Áö°í ÀÖÁö ¾Ê´Ù.
  • ´ç½ÅÀÇ systemÀÌ LANÀ§¿¡¼­ ¿î¿µµÇ°í ÀÖ°í, network»óÀÇ ´Ù¸¥ ±â°è¿¡ »ç¿ëÀÚ À̸§°ú password¸¦ ¾ò±â À§Çؼ­ NIS(Network Information Services)¸¦ »ç¿ëÇÑ´Ù. (ÀÌ °Í¸¸À¸·Î Àß ¿î¿µµÇ°í ÀÖ°í, - ±× ÀÌ»óÀº ÀÌ ¹®¼­ÀÇ ¹üÀ§¸¦ ³Ñ´Â´Ù - º¸¾ÈÀ» ±×´ÙÁö ¸¹ÀÌ °­È­½ÃÅ°±â¸¦ ¿øÇÏÁö ¾Ê´Â´Ù.)
  • ´ç½ÅÀÇ ±â°è°¡ NFS(Network File System), NIS ¶Ç´Â ´Ù¸¥ ¹æ¹ýÀ» ÅëÇØ »ç¿ëÀÚ¸¦ È®ÀÎÇϱâ À§ÇÑ terminal server·Î »ç¿ëµÇ°í ÀÖ´Ù.
  • »ç¿ëÀÚ¸¦ È®ÀÎÇÏ´Â ´Ù¸¥ software¸¦ »ç¿ëÇÏ°í ÀÖ°í, ¾µ ¼ö ÀÖ´Â shadow versionÀÌ ¾ø´Ù. ±×¸®°í, source codeµµ °®°í ÀÖÁö ¾Ê´Ù.

2.2 /etc/passwd fileÀÇ Çü½Ä

shadowÀÇ ¼¼·Ê¸¦ ¹ÞÁö ¾ÊÀº /etc/passwd fileÀº ´ÙÀ½°ú °°ÀÌ ±¸¼ºµÇ¾î ÀÖ´Ù.

username:passwd:UID:GID:full_name:directory:shell
°¢¿ä¼Ò´Â:
username

»ç¿ëÀÚ (login) À̸§

passwd

encodeµÈ password

UID

¼ýÀÚ·Î µÈ user ID

GID

¼ýÀÚ·Î µÈ ±âº» group ID

full_name

userÀÇ ½ÇÁ¦ À̸§ - ½ÇÁö·Î ÀÌ field´Â GECOS (General Electric Comprehensive Operating System: ÀÏ¹Ý ÀüÀÚÀû Á¾ÇÕ ¿î¿µ ü°è?) field¶ó°í ºÒ¸®¿ì¸ç, ´ÜÁö ½ÇÁ¦ À̸§º¸´Ù´Â ´Ù¸¥ Á¤º¸¸¦ °¡Áú ¼ö ÀÖ´Ù. Shadow ¸í·Éµé°ú manual page´Â ÀÌ field¸¦ comment·Î ´Ù·é´Ù.

directory

»ç¿ëÀÚÀÇ home directory (Full pathname)

shell

»ç¿ëÀÚÀÇ login shell (Full pathname)

¿¹¸¦ µé¸é:

username:Npge08pfz4wuk:503:100:Full Name:/home/username:/bin/sh
Np´Â saltÀ̸ç, ge08pfz4wuk´Â encodeµÈ passwordÀÌ´Ù. encodeµÈ salt/password´Â kbeMVnZM0oL7I°¡ µÉ ¼öµµ ÀÖ°í, µÑÀº °°Àº password¸¦ °¡¸®Å²´Ù. °°Àº password¿¡ ´ëÇؼ­ 4096°³ÀÇ ´Ù¸¥ encodingÀÌ Á¸ÀçÇÒ ¼ö ÀÖ´Ù. (¿¹¸¦ µç password´Â 'password'À̸ç, »ó´çÈ÷ ³ª»Û passwordÀÌ´Ù).

shadow suite°¡ ¼³Ä¡µÇ¸é, /etc/passwd fileÀº ´ÙÀ½Ã³·³ ¹Ù²ï´Ù:

username:x:503:100:Full Name:/home/username:/bin/sh
µÎ¹ø° fieldÀÇ x´Â ¾Æ¹« °Íµµ ¾Æ´Ï´Ù. (°ø°£¸¸ Â÷ÁöÇÏ°í ÀÖÀ» »ÓÀÌ´Ù.) /etc/passwd fileÀÇ Çü½ÄÀº ÀüÇô ¹Ù²îÁö ¾Ê¾Ò´Ù. ´ÜÁö encodeµÈ password¸¦ Æ÷ÇÔÇÏÁö ¾ÊÀ» »ÓÀÌ´Ù. ÀÌ´Â /etc/passwd fileÀ» Àб⸸ ÇÒ »Ó password¸¦ °Ë»çÇÏÁö ¾ÊÀº programÀº ¾Æ¹« ÀÌ»ó¾øÀÌ µ¹¾Æ°£´Ù´Â °ÍÀ» ÀǹÌÇÑ´Ù.

ÀÌÁ¦ password°¡ shadow file(´ëºÎºÐ /etc/shadow file)·Î Àç¹èÄ¡µÈ´Ù.

2.3 shadow fileÀÇ Çü½Ä

/etc/shadow fileÀº ´ÙÀ½°ú °°Àº Á¤º¸¸¦ °®°í ÀÖ´Ù:

username:passwd:last:may:must:warn:expire:disable:reserved
°¢ ¿ä¼Ò´Â:
username

»ç¿ëÀÚ À̸§

passwd

encodeµÈ password

last

ÃÖ±ÙÀÇ password¸¦ ¹Ù²Û ³¯ (1970, 1, 1ÀϺÎÅÍ °è»êÇÑ ³¯¼ö)

may

password¸¦ ¹Ù²Û ´ÙÀ½, ¶Ç ¹Ù²Ù±â À§ÇØ ±â´Ù¸®´Â ³¯¼ö (´ÙÀ½ password·ÎÀÇ º¯°æ À¯¿¹±â°£)

must

´ÙÀ½ password·Î ¹Ù²Ü¾î¾ß ÇÒ ¶§±îÁöÀÇ ±â°£ (Çö password À¯È¿±â°£)

warn

password°¡ ¸¸·áµÇ±â Àü¿¡ user¿¡°Ô ¹Ù²Ü °ÍÀ» °æ°íÇÏ´Â ±â°£

expire

password°¡ ¸¸·áµÈ µÚ, user °èÁ¤ »ç¿ëÀÌ ºÒ°¡´ÉÇϱâ±îÁö ±â°£

disable

°èÁ¤ÀÌ »ç¿ë ºÒ°¡´ÉÇÏ°Ô µÈ ³¯(1970, 1, 1ÀϺÎÅÍ °è»êÇÑ ³¯¼ö)

reserved

³²°ÜµÒ

ÀüÀÇ ¿¹Á¦ °æ¿ì ´ÙÀ½°ú °°´Ù:
username:Npge08pfz4wuk:9479:0:10000::::

2.4 crypt(3)¿¡ ´ëÇؼ­.

crypt(3) manual ÆäÀÌÁö¿¡ ÀÇÇϸé:

"crypt´Â password¸¦ encryptÇÏ´Â ÇÔ¼öÀÌ´Ù. ÀÌ´Â Data Encryption Standard algorithm¸¦ ±â¹ÝÀ¸·Î, (¹«¾ùº¸´Ù) key¸¦ ã´Â ±â°èÀûÀÎ ¹æ¹ýÀÌ ÀÌ¿ëµÇ±â Èûµéµµ·Ï ¾à°£ÀÇ º¯ÇüÀÌ °¡ÇØÁ® ÀÖ´Ù.

key´Â »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ passwordÀÌ´Ù. [encodeµÇ´Â stringÀ» ÀüºÎ NULLÀÌ´Ù.]

saltÀº [a-zA-Z0-9./]·Î ÀÌ·ç¾îÁø ÁýÇÕÀ¸·ÎºÎÅÍ °í¸¥ µÎ¹®ÀÚ·Î ÀÌ·ç¾îÁø ¹®ÀÚ¿­ÀÌ´Ù. ÀÌ ¹®ÀÚ¿­Àº 4096°³ °æ¿ìÁßÀÇ Çϳª·Î algorithmÀÌ È¥¶õ½º·´°Ô º¸ÀÌ·Á´Â ¸ñÀûÀ¸·Î ¾²ÀδÙ.

keyÀÇ °¢ ¹®ÀÚÀÇ ÇÏÀ§ 7 bitÀ» ÃëÇÔÀ¸·Î½á, 56-bit key°¡ ÁÖ¾îÁø´Ù. ÀÌ 56-bit key´Â ÀÏÁ¤ÇÑ ¹®ÀÚ¿­À», ¹Ýº¹Çؼ­ encryptÇÏ´Â µ¥ ¾²ÀδÙ. °á°ú´Â 13°³ ASCII ¹®ÀÚ¿­·Î, encryptµÈ password¸¦ °¡¸®Å²´Ù (óÀ½ µÎ°³ ¹®ÀÚ´Â salt ±× ÀÚ½ÅÀÌ´Ù). °á°ú°ªÀº ¸Å¹ø È£ÃâµÉ ¶§¸¶´Ù ´Ù½Ã ¾²ÀÌ´Â °íÁ¤µÈ data¸¦ °¡¸®Å²´Ù.

°æ°í: key space´Â 2**56, Áï 7.2e16 °¡´ÉÇÑ °ªÀ¸·Î ÀÌ·ç¾îÁ® ÀÖ´Ù. key space¸¦ »ô»ôÀÌ µÚÁö´Â °ÍÀº °Å´ëÇÑ º´·Ä computer¸¦ »ç¿ëÇÏ¸é °¡´ÉÇÒ °ÍÀÌ´Ù. crack(1)¿Í °°Àº, ´ëºÎºÐÀÇ »ç¶÷µéÀÌ password·Î »ï´Â key spaceÀÇ Æ¯Á¤ ºÎºÐÀ» ã´Â software°¡ ÀÖ´Ù. µû¶ó¼­, ÃÖ¼ÒÇÑ password¸¦ ¼±ÅÃÇÒ ¶§, ÀÚÁÖ ¾²ÀÌ´Â ´Ü¾î³ª À̸§Àº ÇÇÇϱ⠹ٶõ´Ù. passwd programÀ» »ç¿ëÇÏ¿©, ã±â ½¬¿î password¸¦ ¼±ÅÃÇÏ´Â Áö °Ë»çÇϱ⸦ ¹Ù¶õ´Ù.

DES algorithm, ±× ÀÚü´Â °¡²û crypt(3) interface¸¦ »ç¿ëÇÏ´Â °ÍÀÌ ´Ù¸¥ password ÀÎÁõÀ» À§ÇÑ ¾î¶² °Íº¸´Ù ´õ ³ª»Û ¼±ÅÃÀ¸·Î ¸¸µé¾î ¹ö¸®´Â °æÇâÀÌ ÀÖ´Ù. º¸¾È °­È­¸¦ À§Çؼ­ crypt(3)¸¦ »ç¿ëÇÏ·Á°í ÇÑ´Ù¸é, DES¸¸ »ç¿ëÇÏÁö ¸¶¶ó: encryption¿¡ ´ëÇÑ ÁÁÀº Ã¥°ú ³Î¸® ¾²ÀÌ´Â DES libraryµéÀ» ±¸Ç϶ó."

(¿ªÀÚÁÖ : ¿ø¹®Àº The DES algorithm itself has a few quirks which make the use of the crypt(3) interface a very poor choice for anything other than password authentication. If you are planning on using the crypt(3) interface for a cryptography project, don't do it: get a good book on encryption and one of the widely available DES libraries." ÀÔ´Ï´Ù. ±×Áß¿¡¼­ don't do it: get ...ºÎºÐÀÌ ¸Å¿ì ¾Ö¸ÅÇÕ´Ï´Ù. itÀÌ ¹«¾ó °¡¸®Å°´Â °ÇÁö ¸íÈ®ÇÏÁö ¾Ê½À´Ï´Ù. ÀÏ´Ü, get ...À» ±ÇÀ¯ÇÏ´Â °ÍÀ¸·Î ÃßÃøÇÏ°í ¹ø¿ªÀ» Çß´Â µ¥...)

´ëºÎºÐ Shadow SuiteµéÀº passwordÀÇ ±æÀ̸¦ 16¹®ÀÚ·Î ´ÃÀÌ´Â code¸¦ Æ÷ÇÔÇÑ´Ù. desÀÇ Àü¹®°¡µéÀº À̸¦ ±ÇÇÏÁö´Â ¾Ê´Â´Ù. ¿Ö³ÄÇϸé Àü¹ÝºÎ¸¦ encodingÇÑ µÚ, ±ä passwordÀÇ ÈĹݺθ¦ encodingÇÏ´Â ´Ü¼øÇÑ ¹æ¹ýÀ̱⠶§¹®ÀÌ´Ù. cryptÀÇ ¹æ½Ä´ë·Î¶ó¸é, ±ä password¸¦ »ç¿ëÇÏÁö ¾Ê´Â °Íº¸´Ù ´õ Ãë¾àÇÑ password¸¦ ¸¸µé ¼ö ÀÖ´Ù. ´õ¿ì±â, »ç¿ëÀÚ°¡ 16¹®ÀÚ³ª µÇ´Â password¸¦ ±â¾ïÇϱâ Èûµé´Ù´Â Ãø¸éµµ ÀÖ´Ù.

crypt ¹æ¹ý°ú ȣȯ¼ºÀ» Áö´Ï¸é¼­, ±ä password¸¦ Áö¿øÇÏ°í ´õ °­È­µÈ ÀÎÁõ(ƯÈ÷, MD5 algorithm)À» ÇÒ ¼ö ÀÖ´Â ¹æ¹ýÀÌ ¿¬±¸ÁßÀÌ´Ù.

encryption¿¡ ´ëÇÑ Ã¥À¸·Î ´ÙÀ½À» ±ÇÇÑ´Ù:

        "Applied Cryptography: Protocols, Algorithms, and Source Code in C"
        by Bruce Schneier <schneier@chinet.com>
        ISBN: 0-471-59756-2

3. Shadow Suite ¾ò±â.

3.1 Linux¿ë Shadow SuiteÀÇ ¿ª»ç

ÀÌ SECTION¿¡¼­ ¼Ò°³ÇÏ´Â PACKAGE¸¦ »ç¿ëÇÏÁö ¸»¶ó. ¹®Á¦Á¡ÀÌ ¹ß°ßµÇ¾ú´Ù

ÃÖÃÊ·Î Shadow Suite¸¦ ¸¸µç »ç¶÷Àº John F. Haugh IIÀÌ´Ù.

Linux system¿¡¼­ »ç¿ëµÇ´Â °ÍÀ¸·Î´Â ´ÙÀ½°ú °°Àº °ÍµéÀÌ ÀÖ´Ù.

  • shadow-3.3.1°¡ ¿øº»ÀÌ´Ù.
  • shadow-3.3.1-2´Â Florian La Roche <flla@stud.uni-sb.de>¾¾¿¡ ÀÇÇؼ­ Linux¿¡ ¸Â°Ô °íÃÄÁ³°í, Á» ´õ ³ª¾ÆÁø °ÍÀÌ ÀÖ´Ù.
  • shadow-mk´Â Linux¿¡ ¸ÂÃß¾î ±¸¼ºµÇ¾î ÀÖ´Ù.

shadow-mk package´Â shadow-3.3.1-2 patch°¡ Àû¿ëµÈ, John F. Haugh II¾¾¿¡ ÀÇÇØ ¹èÆ÷µÈ shadow-3.3.1 package¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Ù. °Å±â¿¡ Á» ´õ ¼³Ä¡°¡ ½±°Ô Mohan Kokal <magnus@texas.net>¾¾²²¼­ Á¶±Ý °íÄ¡°í, Joseph R.M. Zbiciak¾¾²²¼­ /bin/loginÀÇ -f, -h º¸¾È ±¸¸ÛÀ» Á¦°ÅÇÑ login1.c (login.secure)°¡ µ¡ ºÙ¿©Áö°í, ¸î¸î ´Ù¸¥ Àâ´ÙÇÑ patch°¡ Àû¿ëµÇ¾î ÀÖ´Ù.

shadow.mk package´Â ÇöÀç login program¿¡ º¸¾È»ó ÇãÁ¡°¡ ÀÖ¾î Á¶¸¸°£ ´ëüµÉ °ÍÀÌ´Ù.

Shadow 3.3.1, 3.3.1-2, shadow-mk´Â login program¿¡ º¸¾È»ó ÇãÁ¡ÀÌ ÀÖ´Ù. ÀÌ login bug´Â login nameÀÇ ±æÀ̸¦ °Ë»çÇÏÁö ¾Ê´Â °ÍÀ» Æ÷ÇÔÇÏ°í ÀÖ´Ù. ÀÌ °ÍÀº Ãæµ¹ ¶Ç´Â ´õ ³ª»Û °ÍÀ» À¯¹ß½ÃÅ°´Â buffer overflow¸¦ ¹ß»ý½ÃŲ´Ù. ÀÌ buffer overflow°¡, ÀÌ bug¿Í ÇÔ²² shared library¸¦ »ç¿ëÇÏ´Â system¿¡¼­ ¾î¶² »ç¿ëÀÚ¿¡°Ô root ±ÇÇÑÀ» Áشٴ ¼Ò¹®ÀÌ ÀÖ¾î ¿Ô´Ù. ³ª´Â ¾î¶»°Ô ÀÌ·± ÀÏÀÌ °¡´ÉÇÑÁö ±¸Ã¼ÀûÀ¸·Î °Å·ÐÇÏÁö ¾Ê°Ú´Ù. ±× ÀÌÀ¯´Â ÀÌ·± (bug°¡ ÀÖ´Â) Shadow Suite¸¦ ¼³Ä¡Çؼ­ ÇÇÇظ¦ ÀÔÀ» ¼ö ÀÖ´Â Linux systemÀÌ ¸¹°í, Shadow SuiteÀÌ ¾ø´Â ELF-ÀÌÀü ¹èÆ÷ÆÇ¿¡°Ôµµ À§ÇèÇϱ⠶§¹®ÀÌ´Ù.

ÀÌ ¹®Á¦¿Í ´Ù¸¥ Linux º¸¾È°ü·Ã ¹®Á¦¿¡ ´ëÇØ ´õ ÀÚ¼¼È÷ ¾Ë°í ½Í´Ù¸é, Linux Security home page (Shared Libraries and login Program Vulnerability)¸¦ ÂüÁ¶Ç϶ó.

3.2 ¾îµð¼­ Shadow Suite¸¦ ¾ò½À´Ï±î?

±ÇÇÒ¸¸ÇÑ Shadow SuiteÀº ¾ÆÁ÷ BETA testingÁßÀÌ´Ù. ¾î·µç ÃÖ±Ù versionÀÌ ¾ÈÀüÇϸç, Ãë¾àÇÑ login programÀ» Æ÷ÇÔÇÏÁö ¾Ê´Â´Ù.

package´Â ´ÙÀ½°ú °°Àº ¸í¸í±ÔÄ¢À» °®´Â´Ù:

shadow-YYMMDD.tar.gz
YYMMDD´Â Suite°¡ ¹ßÇ¥µÈ ³¯Â¥ÀÌ´Ù.

ÀÌ versionÀº Beta testingÀÌ ³¡³ª¸é, °á±¹ Version 3.3.3ÀÌ µÉ°ÍÀÌ°í, Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>¿¡ ÀÇÇؼ­ À¯Áöº¸¼ö µÇ°í ÀÖ´Ù. shadow-current.tar.gz¿¡¼­ ¾òÀ» ¼ö ÀÖ´Ù.

¶ÇÇÑ, ´ÙÀ½¿¡ ³ª¿À´Â mirror siteµé¿¡¼­ ¾òÀ» ¼ö ÀÖ´Ù:

ÇöÀç ³ª¿ÍÀÖ´Â versionÀ» »ç¿ëÇϱ⠹ٶõ´Ù.

shadow-960129º¸´Ù ÀÌÀü¿¡ ³ª¿Â versionÀ» ¾²Áö ¸»±â ¹Ù¶õ´Ù: ¾Õ¿¡¼­ ³íÀÇÇÑ login º¸¾È ÇãÁ¡ÀÌ ÀÖ´Ù.

ÀÌ ¹®¼­¿¡¼­ Shadow Suite¶ó°í ¸»ÇÏ´Â °ÍÀº ÀÌ versionÀ» °¡¸®Å²´Ù. ¶ÇÇÑ, ´ç½ÅÀÌ »ç¿ëÇÏ°í ÀÖ´Â package¶ó°í °¡Á¤ÇÑ´Ù.

Âü°íÀûÀ¸·Î, ¼³Ä¡ ¾È³»¼­¸¦ ÀÛ¼ºÇÏ´Â µ¥, shadow-960129¸¦ »ç¿ëÇß´Ù.

ÀÌÀü¿¡ shadow-mk¸¦ »ç¿ëÇß´Ù¸é, ÀÌ versionÀ¸·Î upgrade¸¦ ÇÏ°í, ÀÌÀü¿¡ compileÇß´ø °ÍÀ» ´Ù½Ã Çϱ⠹ٶõ´Ù.

3.3 Shadow Suite¿¡´Â ¹º°¡ ÀÖ´Â °Í°°Àº µ¥...

Shadow Suite´Â ´ÙÀ½ programÀÇ ´ëüǰÀ» °¡Áö°í ÀÖ´Ù:

su, login, passwd, newgrp, chfn, chsh, id

¶ÇÇÑ, »õ·Î¿î programµéµµ ÀÖ´Ù:

chage, newusers, dpasswd, gpasswd, useradd, userdel, usermod, groupadd, groupdel, groupmod, groups, pwck, grpck, lastlog, pwconv, pwunconv

µ¡ºÙ¿©, library: libshadow.a°¡ »ç¿ëÀÚ password¿¡ Á¢±ÙÇÏ´Â programÀ» ÀÛ¼ºÇϰųª compileÇϱâ À§ÇØ Æ÷ÇԵǾî ÀÖ´Ù.

¶ÇÇÑ, programµéÀ» À§ÇÑ manual pageµµ ÀÖ´Ù.

/etc/login.defs·Î ¼³Ä¡µÇ´Â login programÀÇ ¼³Á¤ fileµµ ÀÖ´Ù.

4. programµé ¸¸µé±â.

4.1 ¾ÐÃàÇ®±â.

package¸¦ ¹ÞÀ» µÚ óÀ½ ÇÒ ÀÏÀº Ç®¾î Á¦Ä¡´Â °ÍÀÌ´Ù. package´Â gzipÀ¸·Î ¾ÕÃàµÈ tar (tape archive) Çü½ÄÀ¸·Î µÇ¾î ÀÖÀ¸¹Ç·Î, /usr/src·Î ¿Å±ä µÚ:

tar -xzvf shadow-current.tar.gz

±×·¯¸é, /usr/src/shadown-YYMMDD¶ó´Â directory¿¡ Ç®¸± °ÍÀÌ´Ù.

4.2 config.h fileÀ» °¡Áö°í ¼³Á¤ÇÕ´Ï´Ù.

ù°, Makefile°ú config.h¸¦ º¹»çÇÑ´Ù:

cd /usr/src/shadow-YYMMDD
cp Makefile.linux Makefile
cp config.h.linux config.h

±×¸®°í config.h¸¦ º¸¶ó. ÀÌ fileÀº ¸î¸î ¼³Á¤ »çÇ׿¡ ´ëÇÑ Á¤ÀǸ¦ ´ã°í ÀÖ´Ù. ¸¸ÀÏ ±Ç°íÇÑ package¸¦ °¡Áö°í ÀÖ´Ù¸é, ÀÏ´Ü group shadow Áö¿øÀ» »ç¿ëÇÏÁö ¾Êµµ·Ï Çϱ⸦ ±ÇÇÑ´Ù.

±âº»À¸·Î, shadowµÈ group passwordµéÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. À̸¦ ¹Ù²Ù±â À§Çؼ­ config.hÀÇ #define SHADOWGRP¸¦ #undef SHADOWGRP·Î ¹Ù²Û´Ù. ³ª´Â ±×µéÀ» »ç¿ëÇÏÁö ¾Ê°í ½ÃÀÛÇÒ °ÍÀ» ¿øÇÑ´Ù. ³ªÁß¿¡ Àý½ÇÈ÷ group password¿Í group °ü¸®ÀÚ¸¦ ¿øÇÑ´Ù¸é, ´Ù½Ã »ç¿ë°¡´ÉÇϵµ·Ï ÇÑ µÚ ÀçcompileÇÏ¸é µÈ´Ù. ¸¸ÀÏ »ç¿ë°¡´ÉÀ¸·Î ³²°ÜµÐ´Ù¸é, ¹Ýµå½Ã /etc/gshadow fileÀ» ¸¸µé¾î¾ß ÇÑ´Ù.

±ä password »ç¿ëÀ» ÇÏ´Â °ÍÀº ¾Õ¿¡¼­ ¾ê±âÇÑ´ë·Î ±ÇÇÏÁö ¾Ê´Â´Ù.

#undef AUTOSHADOW¶ó°í ÇÑ °ÍÀ» ¹Ù²ÙÁö ¸»¶ó.

AUTOSHADOW ¼±ÅûçÇ×Àº shadow¸¦ ¹«½ÃÇÏ´Â programµéÀÌ °è¼Ó ÀÛµ¿Çϵµ·Ï ÇÏ·Á´Â ¸ñÀûÀ¸·Î ÁغñµÈ °ÍÀ̾ú´Ù. ÀÌ À̾߱â´Â À̷лóÀ¸·Î´Â ±¦ÂúÁö¸¸, Á¦´ë·Î ±â´ÉÇÏÁö ¾Ê´Â´Ù. ÀÌ optionÀ» Çã¿ëÇÏ°í root·Î½á programÀ» ½ÇÇà½ÃÅ°¸é, ±× ³ðÀº getpwnam()¸¦ root±ÇÇÑÀ¸·Î ºÎ¸£°í, ÈÄ¿¡ /etc/passwd file¿¡ ¼öÁ¤µÈ ³»¿ëÀ» ´Ù½Ã ¾²°Ô µÈ´Ù (´õÀÌ»ó shadowµÇÁö ¾ÊÀº ä·Î). ±×·± program¿¡´Â chfn°ú chsh°¡ ÀÖ´Ù. (getpwnam()¸¦ È£ÃâÇϱâ Àü¿¡, ½ÇÁ¦ uid¿Í À¯È¿ uid¸¦ ¹Ù²Û´ÙÇصµ À̸¦ ȸÇÇÇÒ ¼ö ¾ø´Ù. ¿Ö³ÄÇϸé rootµµ chfn°ú chsh¸¦ »ç¿ëÇÒ °ÍÀ̱⶧¹®ÀÌ´Ù. (¿ªÀÚÁÖ: ¸ðÈ£Çϳ׿ä. system programming¿¡ °üÇÑ ³»¿ë°°´Â µ¥... ¾Æ½Ã´Â ºÐÀÇ ¼³¸í ¹Ù¶ø´Ï´Ù.))

libc¸¦ ¸¸µé ¶§µµ °°Àº °æ¿ì°¡ ÀÖ´Ù. SHADOW_COMPAT optionÀÌ ±× °ÍÀÌ´Ù. ±× °ÍÀº ¾²¸é ¾È µÈ´Ù! /etc/passwd·ÎºÎÅÍ encodeµÈ password¸¦ ¾ò±â ½ÃÀÛÇÑ´Ù´Â °ÍÀÌ ¹®Á¦´Ù.

Áö±Ý »ç¿ëÇÏ°í ÀÖ´Â libc versionÀÌ 4.6.27ÀÌÀüÀ̶ó¸é, config.h¿Í MakefileÀ» °íÄ¥ °ÍÀÌ ´õ ÀÖ´Ù. config.h¿¡¼­ ¹Ù²Ü °ÍÀº:

#define HAVE_BASENAME
À»
#undef HAVE_BASENAME
À¸·Î. ±×¸®°í Makefile¿¡¼­´Â:
SOBJS = smain.o env.o entry.o susetup.o shell.o \
        sub.o mail.o motd.o sulog.o age.o tz.o hushed.o

SSRCS = smain.c env.c entry.c setup.c shell.c \
        pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \
        tz.c hushed.c
À»
SOBJS = smain.o env.o entry.o susetup.o shell.o \
        sub.o mail.o motd.o sulog.o age.o tz.o hushed.o basename.o

SSRCS = smain.c env.c entry.c setup.c shell.c \
        pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \
        tz.c hushed.c basename.c
À¸·Î. ÀÌ °íħÀº libc 4.6.27À̳ª ±× ÀÌÈÄ¿¡ Æ÷ÇÔµÈ basename.c¿¡ ÀÖ´Â code¸¦ µ¡ºÙÀδÙ.

4.3 ¿ø programÀÇ backup copyµéÀ» ¸¸µç´Ù.

shadow suite°¡ ´ëü½Ãų programµéÀ» ÃßÀûÇؼ­ backupÀ» ¸¸µå´Â °Íµµ ÁÁÀº »ý°¢ÀÌ´Ù. Slackware 3.0¿¡´Â ´ÙÀ½°ú °°´Ù:

  • /bin/su
  • /bin/login
  • /usr/bin/passwd
  • /usr/bin/newgrp
  • /usr/bin/chfn
  • /usr/bin/chsh
  • /usr/bin/id

BETA package´Â Makefile¿¡ backupÀ» ¸¸µé ¸ñ·ÏÀÌ ÀÖÁö¸¸, ´Ù¸¥ ¹èÆ÷ÆÇ¿¡¼­ ´Ù¸¥ À§Ä¡¿¡ ³õ¿© ÀÖÀ» ¼ö Àֱ⿡ ¼³¸íÀ¸·Î 󸮵Ǿî ÀÖ´Ù.

¶ÇÇÑ /etc/passwd fileÀ» backup¹Þ±â¸¦ ¹Ù¶õ´Ù. ±×·¯³ª, °°Àº directory¿¡ ¸¸µé ¶§, passwd ¸í·ÉÀ¸·Î µ¤¾î ¾²Áö ¸øÇϵµ·Ï, À̸§À» Á¤ÇÒ ¶§ Á¶½ÉÇضó.

4.4 make¸¦ ½ÇÇà

°ÅÀÇ ´ëºÎºÐÀÇ ¼³Ä¡°úÁ¤¿¡¼­ ´ç½ÅÀÌ root ±ÇÇÑÀ» Áö´Ò ÇÊ¿ä°¡ ÀÖ´Ù.

package¸¦ compileÇϱâ À§ÇØ makeÀ» ½ÇÇà½ÃŲ´Ù:

make all

´ÙÀ½°ú °°Àº °æ°í¹®°¡ ³ª¿À´Â °æ¿ì°¡ ÀÖ´Ù: rcsid defined but not used (rcsid°¡ Á¤ÀǵǾî ÀÖÁö¸¸ »ç¿ëµÇÁö ¾Ê½À´Ï´Ù). ±¦Âú´Ù, ÀÌ °Ç ÀúÀÚ°¡ version control package¸¦ »ç¿ëÇϱ⿡ ³ª¿À´Â °ÍÀÌ´Ù.

5. ¼³Ä¡

5.1 ÀÏÀÌ À߸øµÅ¾î °¥ °æ¿ì¸¦ ´ëºñÇؼ­ boot disk¸¦ ÁغñÇսôÙ.

¹º°¡ À߸øµÇ¾î °£´Ù¸é, boot disk¸¦ ÁغñÇØ¾ß µÉ °ÍÀÌ´Ù. ¼³Ä¡½Ã boot/root disk¸¦ »ç¿ëÇß´Ù¸é, ±× °É·Î ÃæºÐÇÏ´Ù. ±×·¸Áö ¾Ê´Ù¸é, Bootdisk-HOWTO¿¡ booting°¡´ÉÇÑ disk¸¦ ¸¸µå´Â ¹ýÀÌ ÀûÇôÀÖÀ¸´Ï ÂüÁ¶Ç϶ó.

5.2 Áߺ¹µÈ man pageµéÀ» Á¦°ÅÇϱâ

¶ÇÇÑ, ´ëüµÉ manual pageµéÀ» ¿Å±â±æ ¹Ù¶õ´Ù. ½ÉÁö¾î backup¾øÀÌ Shadow Suite¸¦ ¼³Ä¡ÇÒ Á¤µµ·Î ¹«¸ðÇÒÁö´õ¶óµµ, ¿©ÀüÈ÷ ¿¾ manual pageµéÀº Á¦°ÅÇϱ⸦ ¿øÇÒ °ÍÀÌ´Ù. ´ë°³ ¿¾ manual page°¡ ¾ÐÃàµÇ¾î º¸°üµÇ¾î ÀÖÀ¸¹Ç·Î, »õ °ÍµéÀº ÀÌÀü °Í¿¡ µ¤¾î¾²Áö ¸øÇÒ ¼ö ÀÖ´Ù.

Á¦°Å ¶Ç´Â ¿Å±æ ÇÊ¿ä°¡ ÀÖ´Â manual page¸¦ ã±â À§ÇØ man -aW command³ª locate command¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù. make installÀ» ½ÇÇà½ÃÅ°±â Àü¿¡ ±×·± ½ÄÀ¸·Î ¿¾ pageµéÀ» ã´Â °ÍÀÌ ÀϹÝÀûÀ¸·Î ´õ ½±´Ù.

Slackware 3.0 ¹èÆ÷ÆÇÀ» »ç¿ëÇÑ´Ù¸é, Á¦°ÅÇØ¾ß ÇÒ man pageµéÀº:

  • /usr/man/man1/chfn.1.gz
  • /usr/man/man1/chsh.1.gz
  • /usr/man/man1/id.1.gz
  • /usr/man/man1/login.1.gz
  • /usr/man/man1/passwd.1.gz
  • /usr/man/man1/su.1.gz
  • /usr/man/man5/passwd.5.gz

¶Ç, /var/man/cat[1-9]ÀÇ subdirectory¿¡ »èÁ¦ÇØ¾ß ÇÒ °Í°ú °°Àº À̸§À» Áö´Ñ ³ðµéÀÌ ÀÖ´Ù.

5.3 make installÀ» ½ÇÇà

ÀÌÁ¦ Áغñ°¡ ³¡³µ´Ù: (root·Î¼­ ÀÌ ÀÏÀ» ÇսôÙ)

make install

ÀÌ ÀÏÀº »õ °ÍÀ» ±ò°Å³ª, ¿¾ °Í°ú ´ëüÇϸç file permissionÀ» °íÄ£´Ù. ¶Ç, man pageµµ ¼³Ä¡ÇÑ´Ù.

±×¸®°í, /usr/include/shadow¿¡ Shadow Suite¿¡ ÀÖ´Â include fileÀ» ¼³Ä¡ÇØÁØ´Ù.

BETA package¸¦ ¾´´Ù¸é, Á÷Á¢ login.defs¸¦ /etc¿¡ º¹»çÇÏ°í, root¸¸ÀÌ À̸¦ ¹Ù²Ü ¼ö ÀÖµµ·Ï ÇØÁÖ¾î¾ß ÇÑ´Ù.

cp login.defs /etc
chmod 700 /etc/login.defs

ÀÌ fileÀº login programÀÇ ¼³Á¤ fileÀÌ´Ù. ³»¿ëÀ» ´Ù½Ã º¸°í, ´ç½ÅÀÇ system¿¡ ¸Â°Ô °íÄ¡±â ¹Ù¶õ´Ù. ÀÌ°ÍÀº root·Î loginÇÒ ¼ö ÀÖ´Â tty¸¦ °áÁ¤ÇÏ°í, ´Ù¸¥ º¸¾È °ü·Ã settingÀ» °áÁ¤ÇÑ´Ù(password Ãë¼Ò¿¡ ´ëÇÑ ±âº»°ª°°Àº).

5.4 pwconv ½ÇÇà

´ÙÀ½ ÀÏÀº pwconv¸¦ ½ÇÇà½ÃÅ°´Â °ÍÀÌ´Ù. ¹Ýµå½Ã root·Î¼­ ÀÌ ÀÏÀ» ÇØ¾ß µÉ »Ó¸¸ ¾Æ´Ï¶ó, /etc directory¿¡¼­ ÇÏ¸é ±Ý»ó÷ȭ´Ù:

cd /etc
/usr/sbin/pwconv

pwconv´Â /etc/passwd¿Í ±× ¾È¿¡¼­ ¸î¸î fieldÀ» °¡Á®¿Í ´ÙÀ½ µÎ fileÀ» ¸¸µç´Ù: /etc/npasswd ¿Í /etc/nshadow.

pwunconv programÀº /etc/passwd¿Í /etc/shadow·ÎºÎÅÍ Æò¹üÇÑ /etc/passwd fileÀ» ¸¸µé °æ¿ì¿¡ ´ëºñÇØ ÁÖ¾îÁø´Ù.

5.5 npasswd¿Í nshadowÀÇ À̸§À» ¹Ù²Û´Ù.

ÀÌÁ¦ pwconv¸¦ ½ÇÇà½ÃÄѼ­ /etc/npasswd¿Í /etc/nshadow¸¦ ¾ò¾ú´Ù. ÀÌ °ÍµéÀ» /etc/passwd¿Í /etc/shadow·Î µ¤¾î¾µ ÇÊ¿ä°¡ ÀÖ´Ù. ¿ì¸®´Â ¿ø /etc/passwd¸¦ backupÀ» ¹Þ±â¸¦ ¿øÇÏ°í, root¸¸ ÀÐÀ» ¼ö ÀÖ°Ô ÇÑ´Ù. ±×¸®°í backupÀ» rootÀÇ home directory·Î ¿Å±ä´Ù:

cd /etc
cp passwd ~passwd
chmod 600 ~passwd
mv npasswd passwd
mv nshadow shadow

fileÀÇ ¼ÒÀ¯¿Í permission¿¡ °üÇÑ °ÍÀ» Á¤È®ÇÏ°Ô Çضó. X-Windows¸¦ ¾µ »ý°¢À̶ó¸é, xlock¿Í xdm programÀº shadow fileÀ» ÀÐÀ» ¼ö ÀÖ°Ô ÇÑ´Ù (¾²´Â °ÍÀº ¸»°í).

ÀÌ ÀÏÀ» °¡´ÉÇÏ°Ô ÇÏ´Â ¹æ¹ýÀº µÎ°¡Áö´Ù. xlock¿¡ suid root¸¦ ¼³Á¤ÇØ ÁÙ ¼ö ÀÖ´Ù(xdm°¡ rootÀÇ ±ÇÇÑÀ¸·Î ½ÇÇàµÉ ¼ö ÀÖ´Ù). ¶Ç´Â shadow fileÀ» shadow groupÀÇ root°¡ ¼ÒÀ¯ÇÑ °ÍÀ¸·Î ¸¸µå´Â °ÍÀÌ´Ù. ±×·¯³ª µÎ ¹ø° Á¦¾ÈÀ» Çϱâ Àü¿¡ shadow group(/etc/group¸¦ º¸¶ó)ÀÌ ÀÖ´Â Áö È®½ÇÈ÷ Çضó. ÇöÀç systemÀÇ ¾î¶² »ç¿ëÀÚµµ shadow group¿¡ ¼ÓÇØÀÖÀ¸¸é ¾ÈµÈ´Ù.

chown root.root passwd
chown root.shadow shadow
chmod 0644 passwd
chmod 0640 shadow

ÀÌÁ¦ systemÀ» shadowµÈ password fileÀ» °¡Áö°Ô µÇ¾ú´Ù. ´Ù¸¥ °¡»ó terminalÀ» ¶ç¿ì°í, loginÇÒ ¼ö ÀÖ´Â Áö Á¡°ËÇÏ´Â °ÍÀÌ ÁÁÀ» °ÍÀÌ´Ù.

Áö±Ý Çضó!

¾È µÅ¸é, ¹º°¡ À߸øµÈ°Å´Ù! shadowµÇÁö ¾ÊÀº »óÅ·Πµ¹¾Æ°¡±â À§Çؼ­ ´ÙÀ½Ã³·³ ÇÑ´Ù:

cd /etc
cp ~passwd passwd
chmod 644 passwd

±×¸®°í ³ª¼­, ÀÌÀü¿¡ ÀÖ´ø Àå¼Ò·Î ¸ðµç fileÀ» µÇµ¹·Á ³õ¾Æ¾ß ÇÒ °ÍÀÌ´Ù.

6. patchÇϰųª upgradeÇÒ ÇÊ¿ä°¡ ÀÖ´Â ´Ù¸¥ programµé

password·Î Á¢±ÙÀ» ÇÊ¿ä·Î ÇÏ´Â ´ëºÎºÐ programµéÀÇ ´ëÄ¡Ç°ÀÌ shadow suite¿¡ Æ÷ÇԵǾî ÀÖ´Ù°í Çصµ, ´ëºÎºÐ system¿¡¼­ password Á¢±ÙÀ» ÇÊ¿ä·Î ÇÏ´Â ´Ù¸¥ programµéÀÌ ÀÖ´Ù.

Debian ¹èÆ÷ÆÇÀ» ¾²°í ÀÖ´Ù¸é (¶Ç´Â ¾²°í ÀÖÁö ¾Ê´õ¶óµµ), ftp://ftp.debian.org/debian/stable/source/·ÎºÎÅÍ ´Ù½Ã ¸¸µé¾î¾ß µÉ programµéÀÇ Debian source¸¦ ¾òÀ» ¼ö ÀÖ´Ù.

ÀÌ sectionÀÇ ³ª¸ÓÁö ºÎºÐÀº adduser, wu_ftpd, ftpd, pop3d, xlock, xdm, sudo°°Àº programµéÀÌ shadow suite¸¦ Áö¿øÇϵµ·Ï upgradeÇÏ´Â ¹ý¿¡ ´ëÇØ ´Ù·ç°í ÀÖ´Ù.

shadow suite¿¡ ´ëÇÑ Áö¿øÀ» ¾î¶»°Ô program¿¡ ³Ö´Â°¡ÇÏ´Â ¹®Á¦´Â section C program¿¡ Shadow¸¦ Áö¿øÇϵµ·Ï µ¡ºÙÀ̱⸦ º¸¶ó (±×¸®°í³ª¼­ programÀÌ shadow fileÀ» Á¢±ÙÇÒ ¼ö ÀÖµµ·Ï SUID root³ª SGID shadow·Î ½ÇÇàÇØ¾ß µÇÁö¸¸)

6.1 Slackware adduser program

Slackware ¹èÆ÷ÆÇ( ´Ù¸¥ °ÍµéÁß¿¡¼­µµ)Àº /sbin/adduser¶ó°í ºÒ¸®¿ì´Â »ç¿ëÀÚ¸¦ Ãß°¡ÇÒ ¶§ ¾²´Â ´ëÈ­½Ä programÀ» Æ÷ÇÔÇÏ°í ÀÖ´Ù. ÀÌ programÀÇ shadow versionÀº ftp://sunsite.unc.edu/pub/Linux/system/Admin/accounts/adduser.shadow-1.4.tar.gz¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Ù.

³ª´Â slackwareÀÇ adduser´ë½Å¿¡ Shadow Suite¿¡ ÀÖ´Â programµé (useradd, usermod, userdel)À» »ç¿ëÇÒ °ÍÀ» ±ÇÇÑ´Ù. ±×µéÀ» ÀÍÈ÷´Â µ¥ ´Ù¼Ò ½Ã°£ÀÌ °É¸®Áö¸¸, ±×¸¸ÇÑ °ª¾îÄ¡¸¦ ÇÑ´Ù. ¿Ö³ÄÇÏ¸é ´ç½ÅÀº Á»´õ ÀÚ¼¼È÷ controlÇÒ ¼ö ÀÖ°í, /etc/passwd¿Í /etc/shadow¿¡ ¾Ë¸ÂÀº file lockingÀ» ÇàÇØÁֱ⠶§¹®ÀÌ´Ù (adduser´Â ¾Æ´Ï´Ù).

Á¾ ´õ ÀÚ¼¼ÇÑ °É ¾Ë°í ½ÍÀ¸¸é Shadow Suite »ç¿ëÇϱ⸦ ÂüÁ¶Çϵµ·Ï.

ÇÏÁö¸¸, °¡Áö°í ÀÖ´Ù¸é ´ÙÀ½Ã³·³ Çضó:

tar -xzvf adduser.shadow-1.4.tar.gz
cd adduser
make clean
make adduser
chmod 700 adduser
cp adduser /sbin

6.2 The wu_ftpd Server

´ëºÎºÐ Linux systemÀº wu_ftpd server¸¦ ¾²°í ÀÖ´Ù. ¹èÆ÷ÆÇÀ¸·ÎºÎÅÍ shadow¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é, ´ç½ÅÀÇ wu_ftpd´Â shadow Áö¿øÀ» Çϵµ·Ï compileµÇÁö ¾Ê¾Ò´Ù. wu_ftpd´Â root process·Î½á ½ÇÇàµÇ´Â inetd/tcpd·ÎºÎÅÍ ½ÃÀ۵ȴÙ. ¾ÆÁ÷µµ ³°Àº wu_ftpd deamonÀ» ¾²°í ÀÖ´Ù¸é, ±× ³ðÀº root °èÁ¤À» À§ÅÂ·Ó°Ô ÇÏ´Â bug¸¦ Áö´Ï°í Àֱ⿡ ¹«Á¶°Ç upgrade¸¦ ÇØ¾ß µÈ´Ù ( Linux security home page¸¦ ÂüÁ¶).

´ÙÇàÈ÷ source code¸¦ °¡Á®¿Í shadow°¡ °¡´ÉÇϵµ·Ï ÀçcompileÇϱ⸸ ÇÏ¸é µÈ´Ù.

¾²°í ÀÖ´Â °ÍÀÌ ELF systemÀÌ ¾Æ´Ï¶ó¸é, wu_ftp server´Â sunsiteÀÇ wu-ftp-2.4-fixed.tar.gz¸¦ ¾²¸é µÈ´Ù.

ÀÏ´Ü °¡Á®¿Í¼­ /usr/src¿¡ ³õÀº µÚ:

cd /usr/src
tar -xzvf wu-ftpd-2.4-fixed.tar.gz
cd wu-ftpd-2.4-fixed
cp ./src/config/config.lnx.shadow ./src/config/config.lnx

±×·±´ÙÀ½ ./src/makefiles/Makefile.lnxÀ» ¼öÁ¤ÇÑ´Ù:

LIBES    = -lbsd -support
¸¦:
LIBES    = -lbsd -support -lshadow
À¸·Î.

ÀÌÁ¦ script¸¦ ¸¸µé°í ¼³Ä¡Çϱâ À§ÇÑ Áغñ°¡ ³¡³µ´Ù:

cd /usr/src/wu-ftpd-2.4-fixed
/usr/src/wu-ftp-2.4.fixed/build lnx
cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old
cp ./bin/ftpd /usr/sbin/wu.ftpd

ÀÌ´Â Linux shadow ¼³Á¤ fileÀ» »ç¿ëÇؼ­ compileÇÏ°í server¸¦ ¼³Ä¡ÇÑ´Ù.

³» Slackware 2.3 system¿¡¼­´Â build¸¦ ½ÇÇà½ÃÅ°±â Àü¿¡ ´ÙÀ½°ú °°Àº ÀÏÀ» ÇØ¾ß Çß´Ù:

cd /usr/include/netinet
ln -s in_systm.h in_system.h
cd -

ELF system¿¡¼­ ÀÌ package¸¦ compileÇÏ´Â µ¥ ¸î°¡Áö ¹®Á¦Á¡µéÀÌ º¸°í µÇ¾úÁö¸¸, ´ÙÀ½ releaseÀÇ Beta version¿¡¼­´Â Àß µÈ´Ù. ±×°ÍÀº wu-ftp-2.4.2-beta-10.tar.gzÀÌ´Ù.

ÀÏ´Ü °¡Á®¿Í¼­ /usr/src¿¡ ³õÀº µÚ:

cd /usr/src
tar -xzvf wu-ftpd-2.4.2-beta-9.tar.gz
cd wu-ftpd-beta-9
cd ./src/config

±×·± µÚ config.lnx¸¦ ¼öÁ¤ÇÑ´Ù:

#undef SHADOW.PASSWORD
À»:
#define SHADOW.PASSWORD
À¸·Î. ±×¸®°í
cd ../Makefiles
Makefile.lnx¸¦ ¼öÁ¤ÇÑ´Ù:
LIBES = -lsupport -lbsd # -lshadow
¸¦:
LIBES = -lsupport -lbsd -lshadow
À¸·Î. ¸¶Áö¸·À¸·Î ¸¸µé°í ¼³Ä¡:
cd ..
build lnx
cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old
cp ./bin/ftpd /usr/sbin/wu.ftpd

´ç½ÅÀÇ wu.ftpd server°¡ ½ÇÁ¦·Î ¾îµð ÀÖ´Â Áö È®ÀÎÇϱâ À§ÇØ /etc/inetd.conf¸¦ Á¡°ËÇØ º¸¶ó. ¾î¶² ¹èÆ÷ÆÇ¿¡¼­´Â server deamonÀ» ´Ù¸¥ Àå¼Ò¿¡ µÎ°í, ƯÈ÷ wu.ftpd´Â ´Ù¸¥ À̸§À» ÇÏ°í ÀÖ´Ù´Â ¸»ÀÌ ÀÖ´Ù.

6.3 Ç¥ÁØ ftpd

Ç¥ÁØ ftpd server¸¦ ¾²°í ÀÖ´Ù¸é wu_ftpd server¸¦ ¾²µµ·Ï ±ÇÇÑ´Ù. À§¿¡¼­ ¾ê±âÇÑ bug¿Ü¿¡´Â ÀϹÝÀûÀ¸·Î ´õ ¾ÈÀüÇÑ °ÍÀ¸·Î ¾Ë·ÁÁ® ÀÖ´Ù.

Ç¥ÁØÀ» °è¼Ó °í¼öÇϰųª NISÀ» Áö¿øÇÒ ÇÊ¿ä°¡ ÀÖ´Ù¸é, Sunsite¿¡ ftpd-shadow-nis.tgz°¡ ÀÖ´Ù.

6.4 pop3d (Post Office Protocol 3)

POP3°¡ ÇÊ¿äÇϸé, pop3d programÀ» ÀçcompileÇØ¾ß ÇÑ´Ù. pop3d´Â root ±ÇÇÑÀ¸·Î inetd/tcpd¿¡ ÀÇÇØ ½ÇÇàµÈ´Ù.

Sunsite¿¡ µÎ°¡Áö versionÀÌ ÀÖ´Ù: pop3d-1.00.4.linux.shadow.tar.gz ¿Í pop3d+shadow+elf.tar.gz

µÑ ´Ù ¼³Ä¡±îÁö ¼ö¿ùÇÏ°Ô ÁøÇàµÈ´Ù.

6.5 xlock

shadow suite¸¦ ¼³Ä¡ÇÏ°í, X Windows System°ú upgradeÇÏÁö ¾Ê°í xlockÀ¸·Î screen¿¡ lockÀ» °Ç´Ù¸é, Ctrl-Atl-Fx¸¦ ´­·¯ ´Ù¸¥ tty·Î loginÇÑ µÚ xlock process¸¦ Á׿© ÇÒ °ÍÀÌ Æ²¸²¾ø´Ù (¶Ç´Â Ctrl-Alt-BS·Î X server¸¦ Á×ÀÌ´ø°¡). ´ÙÇàÈ÷ xlock programÀ» upgradeÇÏ´Â °ÍÀº ½±´Ù.

XFree86 3.x.x¸¦ ¾²°í ÀÖ´Ù¸é, ¾Æ¸¶µµ xlockmore (lock±â´É¿¡ ÈǸ¢ÇÑ screen-saver±îÁö ÀÖ´Â)¸¦ ¾²°í ÀÖÀ» °ÍÀÌ´Ù. ÀÌ package´Â shadow¿Í ÇÔ²² ÀçcompileÇÒ ¼ö ÀÖµµ·Ï µÇ¾î ÀÖ´Ù. ³°Àº xlock¸¦ ¾²°í ÀÖ´Ù¸é, ÀÌ °É·Î upgradeÇϵµ·Ï ±ÇÇÑ´Ù.

xlockmore-3.7.tgz´Â ftp://sunsite.unc.edu/pub/Linux/X11/xutils/screensavers/xlockmore-3.7.tgz ¿¡ ÀÖ´Ù.

´ë°³, ÀÌ°Ô ±¸¹Ì¿¡ µü ¸ÂÀ» °ÍÀÌ´Ù.

xlockmore-3.7.tgzÀ» ±¸ÇÑ ´ÙÀ½, /usr/src¿¡ Ǭ´Ù:

tar -xzvf xlockmore-3.7.tgz

/usr/X11R6/lib/X11/config/linux.cf fileÀÇ ´ÙÀ½ lineÀ» ¹Ù²Ù¸é µÈ´Ù:

#define HasShadowPasswd    NO

¸¦ ´ÙÀ½Ã³·³

#define HasShadowPasswd    YES

±×¸®°í ³ª¼­ ½ÇÇà fileÀ» ¸¸µéÀÚ:

cd /usr/src/xlockmore
xmkmf
make depend
make

¸¶Áö¸·À¸·Î ¸ðµÎ Á¦ÀÚ¸®¿¡, ¹Ù¸¥ permissionÀ» Áö´Ï°Ô ÇÏ¸é ³¡ÀÌ´Ù:

cp xlock /usr/X11R6/bin/
cp XLock /var/X11R6/lib/app-defaults/
chown root.shadow /usr/X11R6/bin/xlock
chmod 2755 /usr/X11R6/bin/xlock
chown root.shadow /etc/shadow
chmod 640 /etc/shadow

ÀÌÁ¦ xlockÀº Àß µ¹¾Æ°¥ °ÍÀÌ´Ù.

6.6 xdm

xdm´Â X-Windows»ó¿¡¼­ÀÇ login screenÀ» º¸¿©ÁØ´Ù. ¾î¶² systemÀº ƯÁ¤ level·Î °¡µµ·Ï ÁöÁ¤Çϸé xdmÀ» ½Ãµ¿½ÃŲ´Ù(/etc/inittab¸¦ º¸µµ·Ï).

Shadow Suite°¡ ¼³Ä¡µÇ¸é xdmµµ updateµÉ ÇÊ¿ä°¡ ÀÖ´Ù. ÀÌ´Â ¸Å¿ì ½±´Ù.

xdm.tar.gz´Â ftp://sunsite.unc.edu/pub/Linux/X11/xutils/xdm.tar.gz¿¡ ÀÖ´Ù.

xdm.tar.gz¸¦ ±¸ÇÑ ´ÙÀ½, /usr/src¿¡¼­ Ǭ´Ù:

tar -xzvf xdm.tar.gz

/usr/X11R6/lib/X11/config/linux.cf¿¡¼­ ´ÙÀ½ lineÀ» °íÄ£´Ù:

#define HasShadowPasswd    NO

¸¦ ´ÙÀ½Ã³·³

#define HasShadowPasswd    YES

±×¸®°í ³ª¼­ ½ÇÇà fileÀ» ¸¸µéÀÚ:

cd /usr/src/xdm
xmkmf
make depend
make

¸ðµç °É Á¦ÀÚ¸®·Î...:

cp xdm /usr/X11R6/bin/

xdmÀº root ±ÇÇÑÀ¸·Î ½ÇÇàµÇ±â¿¡ permissionÀ» ¹Ù²Ü ÇÊ¿ä´Â ¾ø´Ù.

6.7 sudo

sudo´Â ½Ã½ºÅÛ °ü¸®ÀÚ°¡ »ç¿ëÀÚ·Î ÇÏ¿©±Ý Á¤»óÀûÀ¸·Î root ±ÇÇÑÀ» °¡Áö°í programµéÀ» ½ÇÇàÇÒ ¼ö ÀÖ°Ô Çϵµ·Ï Çã¿ëÇØÁØ´Ù. ÀÌ °ÍÀº drive¸¦ mountÇÏ´Â °Í°ú °°Àº ÀÏÀ» »ç¿ëÀÚ°¡ ÇÒ ¼ö ÀÖµµ·Ï Çã¿ëÇÔÀ¸·Î½á, system °ü¸®ÀÚ°¡ root °èÁ¤À¸·Î Á¢¼ÓÇÒ Çʿ並 ¾ïÁ¦ÇÒ ¼ö ÀÖ´Ù´Â ¸é¿¡¼­ °£ÆíÇÏ´Ù.

sudo´Â ½ÇÇàµÉ ¶§ »ç¿ëÀÚ password¸¦ È®ÀÎÇϱ⠶§¹®¿¡ password¸¦ ÀÐÀ» ÇÊ¿ä°¡ ÀÖ´Ù. sudo´Â ÀÌ¹Ì SUID root»óÅ·Πµ¿À۵DZ⿡ /etc/shadow file¿¡ Á¢±ÙÇÏ´Â µ¥ ¹®Á¦´Â ¾ø´Ù.

shadow suite¿¡ ¸Â´Â sudo´Â ftp://sunsite.unc.edu/pub/Linux/system/Admin/sudo-1.2-shadow.tgz¿¡ ÀÖ´Ù.

°æ°í: sudo¸¦ ¼³Ä¡ÇÒ ¶§, ±âÁ¸ÀÇ /etc/sudoers´Â ±âº» ¼³Á¤À¸·Î ´ëüµÈ´Ù. ±×·¯¹Ç·Î ±âº» ¼³Á¤ÀÌ¿ÜÀÇ °ÍÀ» ¾²°í ÀÖ´Ù¸é backupÀ» Çϱ⠹ٶõ´Ù (¶Ç´Â, Makefile¿¡¼­ ±âº» ¼³Á¤ fileÀ» /etc·Î º¹»çÇϵµ·Ï Áö½ÃÇÏ´Â lineÀ» Á¦°ÅÇÏ¸é µÈ´Ù).

ÀÌ package´Â ÀÌ¹Ì shadow¸¦ ¾µ ¼ö ÀÖ°Ô ¼³Á¤µÇ¾î ÀÖÀ¸¹Ç·Î, ÀçcompileÇϱ⸸ ÇÏ¸é µÈ´Ù (/usr/src¿¡ ³Ö°í):

cd /usr/src
tar -xzvf sudo-1.2-shadow.tgz
cd sudo-1.2-shadow
make all
make install

6.9 pppd (Point-to-Point Protocol Server)

pppd server´Â ¿©·¯°¡Áö ¹æ½ÄÀ¸·Î ÀÎÁõÇÒ ¼ö ÀÖ°Ô ¼³Á¤ÇÒ ¼ö ÀÖ´Ù: Password Authentication Protocol (PAP)¿Í Cryptographic Handshake Authentication Protocol (CHAP). ´ë°³ pppd server´Â /etc/ppp/chap-secrets¿Í/¶Ç´Â /etc/ppp/pap-secrets¿¡ ÀÖ´Â password¸¦ Àд´Ù. ÀÌ·± ½ÄÀ¸·Î pppd¸¦ ¾´´Ù¸é, pppd¸¦ ´Ù½Ã ¼³Ä¡ÇÒ ÇÊ¿ä°¡ ¾ø´Ù. (¿ªÀÚÁÖ: ppp¿ë password¸¦ µû·Î µÐ´Ù´Â ¶æÀÎ µí...)

pppd´Â login parameter¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù (command lineÀÌ°Ç, option fileÀ̳ª ¼³Á¤À» ÅëÇؼ­°Ç). login optionÀÌ ÁÖ¾îÁö¸é, pppd´Â PAP¸¦ À§ÇØ /etc/passwd¿¡ ÀÖ´Â username°ú password¸¦ »ç¿ëÇÒ °ÍÀÌ´Ù. ¹°·Ð ÀÌ °æ¿ì¿¡ shadowµÈ password fileÀº ¾µ¸ð¾ø´Ù. pppd-1.2.1d¿¡¼­ shadow¸¦ Áö¿øÇϵµ·Ï code¸¦ µ¡ºÙ¿©¾ß µÈ´Ù.

´ÙÀ½ section¿¡¼­ pppd-1.2.1d¿¡ shadow¸¦ Áö¿øÇϵµ·Ï ÇÏ´Â ¿¹¸¦ º¸ÀÏ °ÍÀÌ´Ù (pppdÀÇ ¿¾ version).

pppd-2.2.0´Â ÀÌ¹Ì shadow°¡ Áö¿øµÈ´Ù.

7. Shadow Suite »ç¿ëÇϱâ

ÀÌ sectionÀº system¿¡ Shadow SuiteÀ» ±ò°í ³ª¼­ ¾Ë°í ½ÍÀº ¸î¸î ÁÖÁ¦¸¦ ´Ù·é´Ù. ´õ ÀÚ¼¼ÇÑ °ÍÀº °¢ ¸í·ÉÀÇ manual page¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.

7.1 »ç¿ëÀÚ°èÁ¤ Ãß°¡, ¼öÁ¤, »èÁ¦

Shadow Suite´Â »ç¿ëÀÚ °èÁ¤À» °ü¸®ÇÏ´Â, ´ÙÀ½°ú °°Àº ¸í·ÉµéÀ» Ãß°¡Çß´Ù. ÀÌ¹Ì adduser programÀº ±×Àü¿¡ ¼³Ä¡µÇ¾î ÀÖ¾úÀ» °ÍÀÌ´Ù.

useradd

useradd ¸í·ÉÀº »ç¿ëÀÚ¸¦ Ãß°¡ÇÑ´Ù. ¶ÇÇÑ, ±âº» ¼³Á¤À» ¹Ù²Ù±â À§ÇØ ÀÌ ¸í·ÉÀ» ½ÇÇàÇÒ ¼ö ÀÖ´Ù.

óÀ½ ÇØ¾ß ÇÒ ÀÏÀº ±âº» ¼³Á¤À» È®ÀÎÇÏ°í, system¿¡ ¸Â°Ô °íÄ¡´Â °ÍÀÌ´Ù:

useradd -D

GROUP=1
HOME=/home
INACTIVE=0
EXPIRE=0
SHELL=
SKEL=/etc/skel

±âº» ¼³Á¤Ä¡´Â ¾Æ¸¶ ¸¾¿¡ µéÁö ¾ÊÀ» °ÍÀÌ´Ù. µû¶ó¼­ Áö±Ý »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ·Á¸é, °¢°¢ »ç¿ëÀÚ¿¡°Ô °øÅëµÇ´Â ¸ðµç Á¤º¸¸¦ Á¤ÇØ¾ß ÇÑ´Ù. ¾î·µç ¿ì¸®´Â ±âº» ¼³Á¤Ä¡¸¦ ¹Ù²Ù°í µ¡ºÙÀÏ°Å´Ù.

³» system¿¡¼­´Â:

  • ±âº» groupÀº 100ÀÌ´Ù.
  • password´Â 60Àϸ¶´Ù Çѹø¾¿ ¹Ù²Û´Ù.
  • password°¡ Ãë¼ÒµÉ ¼ö ÀÖÀ¸¹Ç·Î °èÁ¤ÀÌ °íÁ¤µÇÁö ¾Ê±â¸¦ ¹Ù¶õ´Ù.
  • ±âº» shellÀº /bin/bashÀÌ´Ù.
ÀÌ·¸°Ô ¹Ù²Ù±â À§Çؼ­:
useradd -D -g100 -e60 -f0 -s/bin/bash

ÀÌÁ¦ useradd -D¸¦ Ä¡¸é:


GROUP=100
HOME=/home
INACTIVE=0
EXPIRE=60
SHELL=/bin/bash
SKEL=/etc/skel

ÀÌ·¯ÇÑ ±âº»Ä¡µéÀº /etc/default/useradd¿¡ ÀúÀåµÈ´Ù.

ÀÌÁ¦ useradd¸¦ ½á¼­ system¿¡ »ç¿ëÀÚ¸¦ Ãß°¡ÇÒ ¼ö ÀÖ´Ù. ¿¹¸¦ µé¾î, fred¶ó´Â »ç¿ëÀÚ¸¦ ±âº»Ä¡¸¸ Àû¿ëÇؼ­ Ãß°¡ÇÑ´Ù¸é:

useradd -m -c "Fred Flintstone" fred
/etc/passwd file¿¡ ´ÙÀ½°ú °°Àº ¸íºÎ(?)°¡ »ý¼ºµÈ´Ù:
fred:*:505:100:Fred Flintstone:/home/fred:/bin/bash
±×¸®°í, /etc/shadow file¿¡´Â:
fred:!:0:0:60:0:0:0:0
fredÀÇ home directory°¡ ¸¸µé¾îÁö°í, -m switch°¡ ¾²¿´À¸¹Ç·Î /etc/skel Àüü°¡ ±× °÷À¸·Î º¹»çµÈ´Ù.

¶ÇÇÑ, Ưº°È÷ UID¸¦ ÁöÁ¤ÇÏÁö ¾Ê¾ÒÀ¸·Î, ÀÌ¹Ì »ç¿ëµÈ UID ´ÙÀ½ °ÍÀÌ ¾²¿´´Ù.

fredÀÇ °èÁ¤ÀÌ »ý°åÀ¸³ª, ¿ì¸®°¡ °èÁ¤À» Ç®¾îÁÖ±â Àü±îÁö´Â fred´Â loginÇÒ ¼ö ¾ø´Ù. °èÁ¤À» Ç®¾îÁÖ±â À§Çؼ­´Â password¸¦ ¹Ù²Ù¾î ÁÖ¾î¾ß ÇÑ´Ù.

passwd fred

Changing password for fred
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
New Password: *******
Re-enter new password: *******

ÀÌÁ¦ /etc/shadow´Â ´ÙÀ½°ú °°À» °ÍÀÌ´Ù:
fred:J0C.WDR1amIt6:9559:0:60:0:0:0:0
±×¸®°í, fred´Â loginÇؼ­ systemÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. Shadow Suite¿¡ ÀÖ´Â ´Ù¸¥ programµé°ú °°ÀÌ useradd°¡ ÁÁÀº Á¡Àº /etc/passwd¿Í /etc/shadow fileÀÇ ³»¿ëÀ» ¹Ù²Ü ¶§ ¹æÇعÞÁö ¾Ê´Â´Ù´Â Á¡ÀÌ´Ù. µû¶ó¼­ µ¿½Ã¿¡ ´ç½ÅÀº »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ°í, ´Ù¸¥ ÀÌ¿ëÀÚ´Â ÀÚ½ÅÀÇ password¸¦ ¹Ù²Û´ÙÇصµ, µÑ ´Ù Á¦´ë·Î ÀÌÇàµÈ´Ù. (¿ªÀÚÁÖ: mutex lock, race condition°°Àº °É »ý°¢ÇÏ¸é µÉ °Í°°½À´Ï´Ù.)

/etc/passwd, /etc/shadow¸¦ Á÷Á¢ ÆíÁýÇÏ´Â °Íº¸´Ù ÀÌ·± ¸í·ÉÀ» ¾²´Â °ÍÀÌ ´õ ÁÁ´Ù. ¸¸ÀÏ ´ç½ÅÀÌ /etc/shadow fileÀ» ÆíÁýÇÏ°í ÀÖ°í, ±× ¿ÍÁß¿¡ ÇÑ »ç¿ëÀÚ°¡ password¸¦ ¹Ù²Ù°í, ±×¸®°í³ª¼­ ´ç½ÅÀÌ ÆíÁýÀ» ³¡³»°í ÀúÀåÇϸé, ±× »ç¿ëÀÚ°¡ ÇÑ ÀÏÀ» ÀÒ¾î¹ö¸®°Ô µÈ´Ù.

¿©±â¿¡ useradd¿Í passwd¸¦ »ç¿ëÇÑ °£´ÜÇÑ ´ëÈ­Çü script°¡ ÀÖ´Ù:


#!/bin/bash
#
# /sbin/newuser - Shadow SuiteÀÇ useradd¿Í passwd ¸í·ÉÀ» ÀÌ¿ëÇؼ­ 
#                 »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ´Â script
#
# Linux Shadow Password HowtoÀÇ ¿¹Á¦·Î½á Mike Jackson <mhjack@tscnet.com>¿¡
# ÀÇÇØ ÀÛ¼ºµÆÀ½. »ç¿ë°ú ¼öÁ¤À» Ưº°È÷ Çã°¡ÇÔ.
#
# ÀÌ °ÍÀº SlackwareÀÇ Adduser programó·³ ±âº»Ä¡¸¦ º¸¿©ÁÖ°í, ¼öÁ¤ÇÒ ¼ö ÀÖµµ·Ï
# ¹Ù²Ü ¼ö ÀÖ¾ú´Ù. ¶ÇÇÑ ¸ÛûÇÑ ÀÔ·ÂÀ» °ÅºÎÇϵµ·Ï ¹Ù²ð ¼ö ÀÖ¾ú´Ù. 
# (Áï, ´õ ³ªÀº ¿À·ù °Ë»çµî...)
#
##
#  useradd ¸í·ÉÀÇ ±âº» ¼³Á¤Ä¡µé
##
GROUP=100        # 񃧯 Group
HOME=/home       # Home directory À§Ä¡ (/home/username)
SKEL=/etc/skel   # Skeleton(°øÅëÀûÀÎ ³»¿ëÀ» Áö´Ñ fileµé?) Directory
INACTIVE=0       # password°¡ ±âÇÑÀÌ Áö³­ µÚ »ç¿ëÀÚ °èÁ¤ÀÌ ¹«È¿°¡ 
                 # µÇ±â±îÁöÀÇ ±â°£ (0=±×·¸°Ô ÇÏ°í ½ÍÁö ¾ÊÀ½)
EXPIRE=60        # password À¯È¿±â°£
SHELL=/bin/bash  # 񃧯 Shell (full path)
##
#  passwd ¸í·ÉÀÇ ±âº» ¼³Á¤Ä¡µé
##
PASSMIN=0        # password¸¦ ¹Ù²Û´ÙÀ½ ¶Ç ¹Ù²Ù±â À§ÇÑ À¯¿¹±â°£
PASSWARN=14      # passwordÀÇ ±âÇÑÀÌ Áö³ª±âÀü¿¡ °æ°íÇÏ´Â ±â°£
##
#  script¸¦ ½ÇÇàÇÏ´Â »ç¿ëÀÚ°¡ rootÀÎÁö È®ÀÎ
##
WHOAMI=`/usr/bin/whoami`
if [ $WHOAMI != "root" ]; then
        echo "You must be root to add news users!"
        exit 1
fi
##
#  »ç¿ëÀÚ ID(username)¿Í ½ÇÁ¦ À̸§(Full name) ¹¯±â
##
echo ""
echo -n "Username: "
read USERNAME
echo -n "Full name: "
read FULLNAME
#
echo "Adding user: $USERNAME."
#
# $FULLNAME ÁÖº¯¿¡ ""°¡ ÇÊ¿äÇÏ´Ù´Â °Í¿¡ ÁÖÀÇÇÒ °Í. ÀÌÀ¯´Â ÀÌ field´Â 
# ¹Ýµå½Ã °ø¶õÀÌ»óÀÇ ¹«¾ùÀΰ¡¸¦ Æ÷ÇÔÇϸç, "¸¦ ¾øÀÌ useradd command¸¦
# ½ÇÇà½ÃŲ´Ù¸é, ´ÙÀ½¿¡ À̾îÁö´Â parameterµéµµ ±× field¿¡ ÀϺκÐÀ¸·Î
# ÀνĵȴÙ.
#
/usr/sbin/useradd -c"$FULLNAME" -d$HOME/$USERNAME -e$EXPIRE \
        -f$INACTIVE -g$GROUP -m -k$SKEL -s$SHELL $USERNAME
##
#  password¿¡ ´ëÇÑ ±âº» ¼³Á¤Ä¡¸¦ Á¤ÇÑ´Ù.
##
/bin/passwd -n $PASSMIN -w $PASSWARN $USERNAME >/dev/null 2>&1
##
#  passwd¸¦ ½ÇÇà½ÃÄÑ password¸¦ ÀԷ¹޴´Ù.
##
/bin/passwd $USERNAME
##
#  °á°ú¸¦ º¸¿©ÁÜ.
##
echo ""
echo "Entry from /etc/passwd:"
echo -n "   "
grep "$USERNAME:" /etc/passwd
echo "Entry from /etc/shadow:"
echo -n "   "
grep "$USERNAME:" /etc/shadow
echo "Summary output of the passwd command:"
echo -n "   "
passwd -S $USERNAME
echo ""

»õ·Î¿î »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ´Â µ¥ script¸¦ ¾²´Â °ÍÀº /etc/passwd¿Í /etc/shadow¸¦ Á÷Á¢ ÆíÁýÇÏ´Â °Å³ª SlackwareÀÇ adduser¸¦ ¾²´Â °Íº¸´Ù ÈÎ ³´´Ù. ´ç½ÅÀÇ Æ¯º°ÇÑ system¿¡ ¾Ë¸Â·Î·Ï ÀÚÀ¯·Ó°Ô °íÄ¡±â ¹Ù¶õ´Ù.

useradd¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¸¦ º¸½Ã±æ...

usermod

usermod´Â »ç¿ëÀÚ¿¡ ´ëÇÑ Á¤º¸¸¦ °íÄ£´Ù. optionÀº useradd¿Í ºñ½ÁÇÏ´Ù.

¾ÕÀÇ fredÀÇ shellÀ» ¹Ù²Ù°í ½ÍÀ¸¸é, ´ÙÀ½°ú °°ÀÌ ÀÔ·ÂÇÑ´Ù:

usermod -s /bin/tcsh fred
ÀÌÁ¦ fredÀÇ /etc/passwd file¿¡ ÀÖ´Â ³»¿ëÀº ´ÙÀ½Ã³·³ ¹Ù²î¾î ÀÖ´Ù:
fred:*:505:100:Fred Flintstone:/home/fred:/bin/tcsh
À̹ø¿¡´Â fredÀÇ °èÁ¤ÀÌ 97³â 9¿ù 15ÀϱîÁö¸¸ ¾²µµ·Ï ÇÏÀÚ:
usermod -e 09/15/97 fred
±×·¯¸é fredÀÇ /etc/shadow file¿¡ ÀÖ´Â ³»¿ëÀº:
fred:J0C.WDR1amIt6:9559:0:60:0:0:10119:0

usermod¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¸¦...

userdel

userdel´Â Á¤È®È÷ ´ç½ÅÀÌ ¿øÇÑ °Í - »ç¿ëÀÚ °èÁ¤ Á×À̱â - ¸¦ ÇØÄ¡¿î´Ù.

userdel -r username
¶ó°í Ä¡¸é µÈ´Ù. -rÀº »ç¿ëÀÚÀÇ home directory¿¡ ÀÖ´Â ¸ðµç fileµé°ú ÇÔ²² directory ÀÚü¸¦ Áö¿î´Ù. ´Ù¸¥ °÷¿¡ ÀÖ´Â fileµéÀº ÀÏÀÏÀÌ Ã£¾Æ¼­ Áö¿ö¾ß ÇÑ´Ù.

»èÁ¦º¸´Ù °èÁ¤À» ¾²Áö ¸øÇÏ°Ô ÇÒ °Å¶ó¸é, passwd ¸í·ÉÀ» ¾²±â ¹Ù¶õ´Ù.

7.2 passwd ¸í·É°ú passwd ¼ö¸í Á¤Çϱâ.

passwd´Â ¸» ±×´ë·Î password¸¦ ¹Ù²Ù´Â µ¥ »ç¿ëµÈ´Ù. ´õ¿ì±â, root´Â ´ÙÀ½°ú °°Àº ÀÏÀ» ÇÒ ¼ö ÀÖ´Ù:

  • °èÁ¤ Àá±Ý(lock)°ú Ç®¸²(unlock)(-l¿Í -u)
  • password À¯È¿±â°£(-x)
  • password¸¦ ´Ù½Ã ¹Ù²Ù±â À§ÇØ ±â´Ù·Á¾ß ÇÏ´Â ±â°£(-n)
  • password À¯È¿±â°£ ¸¸·áÀÓÀ» ¾Ë¸®´Â °æ°í´Â ¸îÀÏÀü¿¡ ÇÒ °ÍÀΰ¡(-w)
  • password À¯È¿±â°£ÀÌ Áö³­ µÚ °èÁ¤À» Àá±×±â(lock)Çϱâ±îÁöÀÇ ±â°£(-i)
  • °èÁ¤¿¡ ´ëÇÑ Á¤º¸¸¦ ´õ ÀÚ¼¼È÷ º¸´Â °ÍÀ» Çã¿ëÇÔ(-S)

´Ù½Ã fredÀÇ ¿¹·Î µ¹¾Æ°¡¸é

passwd -S fred
fred P 03/04/96 0 60 0 0
ÀÌ°ÍÀº fredÀÇ password°¡ À¯È¿ÇÏ°í, 96³â 3¿ù 4ÀÏ¿¡ ¸¶Áö¸·À¸·Î ¹Ù²Ù¾ú°í, ¾ðÁ¦µçÁö ¹Ù²Ü ¼ö ÀÖ´Ù. ±×¸®°í, 60Àϵ¿¾È password¸¦ ¹Ù²ÙÁö ¾ÊÀ¸¸é ±×ÈÄ¿¡´Â ¸ø¾²°í, ±× ÀÌÀü¿¡ fred´Â ¾Æ¹«·± °æ°í¸¦ ¹ÞÁö ¾ÊÀ» °ÍÀ̸ç, password¸¦ ¸ø¾²´õ¶óµµ °èÁ¤Àº À¯È¿ÇÏ´Ù.

Áï, fredÀÇ password°¡ ¹«È¿°¡ µÈ µÚ µé¾î¿À¸é, »õ·Î¿î password¸¦ ÀçÃ˹ÞÀ» °ÍÀÌ´Ù.

fred¿¡°Ô password°¡ Ãë¼ÒµÇ±â 14ÀÏÀü¿¡ °æ°í¸¦ ÇÏ°í, Ãë¼ÒµÈ µÚ 14ÀÏÈÄ ±×ÀÇ °èÁ¤À» µ¿°á½ÃÅ°·Á¸é:

passwd -w14 -i14 fred
±×·¯¸é ´ÙÀ½Ã³·³ fred¿¡ ´ëÇÑ ³»¿ëÀÌ ¹Ù²ï´Ù:
fred P 03/04/96 0 60 14 14
passwd¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¿¡...

7.3 The login.defs file.

/etc/login ÆÄÀÏ(file)Àº login ÇÁ·Î±×·¥(program) »Ó¸¸ ¾Æ´Ï¶ó ÀüüÀûÀÎ(as a whole) Shadow Suite¿¡ ´ëÇÑ ¼³Á¤ ÆÄÀÏÀÌ´Ù.

/etc/loginÀº promptµéÀÌ ¾î¶² ¸ð½ÀÀ» ÇÏ°í ÀÖ´Â °¡ºÎÅÍ »ç¿ëÀÚ°¡ password¸¦ ¹Ù²Ù¸é ±âº» À¯È¿±â°£Àº ¾î¶»°Ô µÉ °ÍÀΰ¡¿¡ ´ëÇÑ ¼³Á¤±îÁö ´ã°í ÀÖ´Ù.

/etc/login.defs ÆÄÀÏÀº ³»ºÎ¿¡ ÀÖ´Â ¼ö¸¹Àº commentµé·Î ¸Å¿ì Àß ¹®¼­È­µÇ¾î ÀÖ´Ù. ±×·¯³ª, ÀÌ ÆÄÀÏÀº ´ÙÀ½°ú °°Àº ÁÖÀÇÇÒ ¸î °¡Áö °ÍµéÀ» ´ã°í ÀÖ´Ù:

  • ¹ß»ýÇÏ´Â logÀÇ ¾ç(?)À» °áÁ¤ÇÏ´Â on/off¹æ½ÄÀÇ flagµé.
  • ´Ù¸¥ ¼³Á¤ ÆÄÀϵé(files)À» °¡¸®Å°´Â pointerµé.
  • password À¯È¿±â°£ ¼³Á¤°°Àº ±âº» ¼³Á¤Ä¡µé(assignments).

À§¿¡¼­ º¸µí ÀÌ ³ðÀº »ó´çÈ÷ Áß¿äÇÑ ÆÄÀÏÀÌ´Ù. µû¶ó¼­, Áö±Ý ÀÖ´ÂÁö È®ÀÎÇÏ°í, ¼³Á¤µéÀÌ system°ú ´ç½Å ÃëÇâ¿¡ ¸Â´Â Áö Á¡°ËÇÒ °Í.

7.4 Group passwords.

/etc/groups fileÀº »ç¿ëÀÚ°¡ ƯÁ¤ groupÀÇ È¸¿øÀÌ µÉ ¼ö ÀÖµµ·Ï Çã¿ëÇÏ´Â password¸¦ ´ã°í ÀÖ´Ù. ÀÌ ±â´ÉÀº /usr/src/shadow-YYMMDD/config.hÀÇ SHADOWGRP »ó¼ö¸¦ Á¤ÀÇÇÒ °æ¿ì ÀÛµ¿µÈ´Ù.

¸¸ÀÏ ÀÌ ±â´ÉÀ» ¾´´Ù¸é, /etc/gshadow fileÀ» ¸¸µé¾î, group password¿Í group °ü¸®ÀÚ¿¡ ´ëÇÑ Á¤º¸¸¦ ´ãÀ» ¼ö ÀÖµµ·Ï Ç϶ó.

/etc/shadow¸¦ ¸¸µé ¶§, ´ç½ÅÀº pwconv¸¦ ½èÁö¸¸, /etc/gshadow¸¦ ¸¸µå´Â µ¥¿¡´Â ±×·± programÀÌ ¾ø´Ù. ÇÏÁö¸¸ °ÆÁ¤¸»¶ó. ¾Ë¾Æ¼­ Çϴϱî.

óÀ½ /etc/gshadow¸¦ ¸¸µé±â À§Çؼ­ ´ÙÀ½Ã³·³ Çضó:

touch /etc/gshadow
chown root.root /etc/gshadow
chmod 700 /etc/gshadow

´ç½ÅÀÌ »õ·Î¿î groupÀ» ¸¸µç´Ù¸é, ÀÚµ¿ÀûÀ¸·Î /etc/group¿Í /etc/gshadow file¿¡ ±×µéÀÌ µ¡ºÙ¿©Áø´Ù. group¿¡ »ç¿ëÀÚ¸¦ Ãß°¡Çϰųª »èÁ¦, ¶Ç´Â group password¸¦ ¹Ù²Ù¸é, /etc/gshadow fileÀº µû¶ó¼­ ¹Ù²ð °ÍÀÌ´Ù.

groups, groupadd, groupmod, groupdel programÀÌ groupÀ» °íÄ¡´Â µµ±¸·Î½á Shadow Suite¿¡ Æ÷ÇÔµÇ¾î °ø±ÞµÈ´Ù.

/etc/group fileÀÇ Çü½ÄÀº ´ÙÀ½°ú °°´Ù:

groupname:!:GID:member,member,...
°¢ ¿ä¼Ò´Â:
groupname

group À̸§

!

ÀÌ field´Â password¶õÀÌÁö¸¸ /etc/gshadow file·Î ¿Å°ÜÁ³´Ù.

GID

group ID number

member

group memberÀÇ list

ÀÌ´Ù.

/etc/gshadow file ÀÇ Çü½ÄÀº ´ÙÀ½°ú °°´Ù:

groupname:password:admin,admin,...:member,member,...
°¢ ¿ä¼Ò´Â:
groupname

group À̸§

password

encodeµÈ group password.

admin

group °ü¸®ÀÚ list

member

group member list

ÀÌ´Ù.

gpasswd ¸í·ÉÀº groupÀÇ »ç¿ëÀÚ³ª °ü¸®ÀÚ¸¦ Ãß°¡, ¶Ç´Â »èÁ¦ÇÒ ¶§ ¾´´Ù. root¶Ç´Â °ü¸®ÀÚ¸¸ÀÌ group member¸¦ Ãß°¡, »èÁ¦ÇÒ ¼ö ÀÖ´Ù.

group password´Â root³ª group °ü¸®ÀÚ¿¡ ÀÇÇØ passwd ¸í·ÉÀ¸·Î ¹Ù²Ü ¼ö ÀÖ´Ù.

gpasswd¿¡ ´ëÇÑ manual page°¡ ÇöÀç Á¦°øµÇ¾î ÀÖÁö ¾ÊÁö¸¸, ¾Æ¹«·± parameter¾øÀÌ gpasswd¸¦ Ä¡¸é option¿¡ ´ëÇÑ list°¡ ³ª¿À¹Ç·Î, file format°ú °³³ä¸¸ Àß ÀÌÇØÇÏ¸é »ç¿ë¹ýÀ» ½±°Ô ÀÍÈú ¼ö ÀÖ´Ù.

7.5 ÀÏ°ü¼º Á¡°Ë programµé

pwck

pwck programÀº /etc/passwd¿Í /etc/shadow file°£¿¡ Ʋ¸° Á¡ÀÌ ¾ø´Â Áö Á¡°ËÇÑ´Ù. ÀÌ °ÍÀº °¢°¢ »ç¿ëÀÚ¿¡ ´ëÇØ ´ÙÀ½°ú °°Àº »çÇ×À» Á¡°ËÇÑ´Ù:

  • fieldÀÇ °¹¼ö´Â ¸Â´Â°¡
  • »ç¿ëÀÚ À̸§Àº À¯ÀÏÇÑ°¡
  • »ç¿ëÀÚ¿Í group id
  • ±âº» group
  • home directory
  • login shell

¶ÇÇÑ, password°¡ ¾ø´Â °èÁ¤¿¡ ´ëÇØ °æ°í¸¦ ÁØ´Ù.

Shadow SuiteÀ» ±ñ µÚ, pwck¸¦ ½ÇÇà½ÃÅ°´Â °ÍÀº ÁÁÀº »ý°¢ÀÌ´Ù. ÁÖ³ª ¿ù´ÜÀ§µî ÁÖ±âÀûÀ¸·Î ½ÇÇà½ÃÅ°±â¸¦ ±ÇÇÑ´Ù. -r optionÀ» ¾´´Ù¸é, cronÀ¸·Î ÇÏ¿©±Ý Á¤±âÀûÀ¸·Î ½ÇÇàÇÏ°í °á°ú¸¦ º¸°íÇϵµ·Ï ÇÒ ¼ö ÀÖ´Ù.

grpck

grpck programÀº /etc/group¿Í /etc/gshadow file°£¿¡ Ʋ¸° Á¡ÀÌ ¾ø´Â Áö Á¡°ËÇÑ´Ù. ÀÌ°ÍÀº ´ÙÀ½°ú °°Àº »çÇ×À» Á¡°ËÇÑ´Ù:

  • fieldÀÇ °¹¼ö´Â ¸Â´Â°¡
  • »ç¿ëÀÚ À̸§Àº À¯ÀÏÇÑ°¡
  • »ç¿ëÀÚ¿Í °ü¸®ÀÚÀÇ list°¡ ¸Â´Â°¡

ÀÚµ¿ º¸°í¼­¸¦ À§ÇØ -r optionÀÌ ÀÖ´Ù.

7.6 Dial-up passwords.

Dial-up password´Â ÀüÈ­Á¢¼ÓÀ» Çã¿ëÇÏ´Â system¿¡°Ô´Â ¶Ç ÇϳªÀÇ ¹æ¾î¼±ÀÌ´Ù. ´ç½ÅÀº Á÷Á¢À̵ç network¸¦ ÅëÇؼ­°Ç ¸¹Àº »ç¶÷µéÀÌ system¿¡ Á¢¼ÓÇÏ°Ô ÇÒ ¼ö ÀÖÁö¸¸, ÀüÈ­Á¢¼ÓÀ» ÇÒ ¼ö ÀÖ´Â »ç¶÷À» Á¦ÇÑÇÏ°í ½Í´Ù¸é, dial-up password´Â ÁÁÀº ÇØ°áÃ¥ÀÌ´Ù. dial-up password¸¦ ¾²°í ½Í´Ù¸é, /etc/login.defsÀÇ DIALUPS_CHECK_ENAB¸¦ yes·Î ¹Ù²Ù¸é µÈ´Ù.

µÎ fileÀÌ ÀüÈ­Á¢¼Ó¿¡ ´ëÇÑ Á¤º¸¸¦ ´ã°í ÀÖ´Ù. /etc/dialups´Â ttys¿¡ ´ëÇÑ ³»¿ëÀÌ´Ù ("/dev/"´Â Á¦°ÅµÈ ä·Î line´ç Çϳª¾¿). tty°¡ list¿¡ ¿Ã¶ó¿ÍÀÖ´Ù¸é dial-up °Ë»ç°¡ ¼öÇàµÈ´Ù(?).

µÎ¹ø°´Â /etc/d_passwdÀÌ´Ù. ÀÌ file¿¡´Â password¿Í shellÀÇ ¿ÏÀüÇÑ pathnameÀÌ µé¾î ÀÖ´Ù.

tty¸¦ ÅëÇؼ­ logÇÏ´Â »ç¿ëÀÚ°¡ /etc/dialups¿¡, ±×ÀÇ shellÀÌ /etc/d_passwd¿¡ ÀÖ´Ù¸é, ±×´Â Á¦´ë·Î password¸¸ ÀÔ·ÂÇÏ¸é µÈ´Ù.

dial-up passwordÀÇ ¶Ç ´Ù¸¥ ÀÌ¿ë¹ý´Â ÇÑ line¿¡ ¾î¶² Á¢¼Ó À¯Çü(´ë°³ PPP³ª UUCP Á¢¼Ó)À» Çã¿ëÇÒ °ÍÀΰ¡¸¦ Á¤ÇÏ´Â °ÍÀÌ´Ù. »ç¿ëÀÚ°¡ ´Ù¸¥ À¯ÇüÀÇ Á¢¼Ó(ƯÈ÷, ÀÏ·ÃÀÇ shell·Î½á)À» ½ÃµµÇÏ°íÀÚ ÇÑ´Ù¸é, lineÀ» »ç¿ëÇÒ ¼ö ÀÖ´Â password¸¦ ¾Ë°í ÀÖ¾î¾ß ÇÑ´Ù.

dial-up ±â´ÉÀ» »ç¿ëÇϱâ Àü¿¡, fileµéÀ» ¸¸µé¾î¾ß ÇÑ´Ù.

dpasswd ¸í·ÉÀº password¿Í /etc/d_passwd¿¡ ÀÖ´Â shellÀ» ¿¬°áÇØÁØ´Ù. ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¿¡...

8. C program¿¡ Shadow¸¦ Áö¿øÇϵµ·Ï µ¡ºÙÀ̱â

C program¿¡ Shadow¸¦ Áö¿øÇϵµ·Ï µ¡ºÙÀÌ´Â °ÍÀº ½ÇÁ¦ÀûÀ¸·Î ¸Å¿ì °£´ÜÇÏ´Ù. ´ÜÁö ¹®Á¦´Â /etc/shadow file¿¡ Á¢±ÙÇϱâ À§Çؼ­´Â programÀÌ root(¶Ç´Â SUID root)·Î ½ÇÇàµÇ¾î¾ß ÇÑ´Ù´Â °ÍÀÌ´Ù.

ÀÌ °ÍÀº Ä¿´Ù¶õ ¹®Á¦ Çϳª¸¦ ¿ì¸®¿¡°Ô °­¿äÇÑ´Ù: SUID programÀ» ¸¸µé ¶§, ¸Å¿ì Á¶½É½º·´°Ô programmingÇÏ´Â ½À°üÀÌ µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù. ¿¹¸¦ µé¾î, programÀÌ shell Å»Ãâ±â´ÉÀ» °¡Áö°í ÀÖ°í ÀÌ programÀÌ SUID root¶ó¸é, ÀÌ ±â´ÉÀÌ root ±ÇÇÑÀ» Á־´Â ¾ÈµÈ´Ù.

password¸¦ °Ë»çÇØ ÇÒ ¼ö ÀÖÁö¸¸ ´Ù¸¥ °æ¿ì´Â root±ÇÇÑÀ¸·Î ½ÇÇàÇÒ ÇÊ¿ä°¡ ¾ø´Â program¿¡ shadow Áö¿ø ±â´ÉÀ» µ¡ºÙÀÓÀ¸·Î½á, SUID programº¸´Ù ÈξÀ ¾ÈÀüÇÑ programÀ» ¸¸µé ¼ö ÀÖ°Ô ÇÑ´Ù. xlock programÀÌ ±× ÇÑ ¿¹ÀÌ´Ù.

¾Æ·¡ ¿¹¿¡¼­, pppd-1.2.1d´Â ÀÌ¹Ì SUID root·Î ½ÇÇàÇÏ°í ÀÖÀ¸¹Ç·Î, shadow Áö¿ø ±â´ÉÀ» µ¡ºÙÀÌ´Â °ÍÀº programÀÌ ´õ Ãë¾àÇÏ°Ô ¸¸µéÁö ¾ÊÀ» °ÍÀÌ´Ù.

8.1 Header files

header fileµéÀº /usr/include/shadow¿¡ ÀÖ´Ù. ¶ÇÇÑ, /usr/include/shadow.hµµ ÀÖ´Ù. ±×·¯³ª, ÀÌ°ÍÀº /usr/include/shadow/shadow.h¿¡ ´ëÇÑ symbolic linkÀÏ °ÍÀÌ´Ù.

shadow Áö¿ø ±â´ÉÀ» Ãß°¡Çϱâ À§ÇØ, header fileÀ» ³ÖÀÚ:

#include <shadow/shadow.h>
#include <shadow/pwauth.h>

shadow code¸¦ »óȲ¿¡ µû¶ó compileÇϵµ·Ï compiler directive(Áö½ÃÀÚ)¸¦ ¾²´Â °ÍÀº Á¾Àº ¹æ¹ýÀÌ´Ù (¾Æ·¡ ¿¹¿¡¼­ º¸µµ·Ï).

8.2 libshadow.a library

Shadow SuiteÀ» ¼³Ä¡ÇÒ ¶§, libshadow.a fileÀº /usr/lib¿¡ ³õÀδÙ.

shadow Áö¿ø±â´ÉÀ» program¿¡ ³ÖÀ»·Á¸é, linker¿¡°Ô libshadow.a¸¦ °°ÀÌ linkÇϵµ·Ï Áö½ÃÇØÁÖ¾î¾ß ÇÑ´Ù.

´ÙÀ½Ã³·³:

gcc program.c -o program -lshadow

¾î·µç, ¾Æ·¡ ¿¹¿¡¼­ º¸´Ù½ÃÇÇ, ´ëºÎºÐ °Å´ëÇÑ programµéÀº MakefileÀ» »ç¿ëÇÏ°í, ¿ì¸®°¡ °íÄ¥ LIBS=...¶ó´Â º¯¼ö¸¦ ´ë°³ ¾´´Ù.

8.3 Shadow ±¸Á¶Ã¼

libshadow.a library´Â /etc/shadow file·ÎºÎÅÍ ¾ò´Â Á¤º¸¸¦ spwd¶ó´Â ±¸Á¶Ã¼¿¡ ´ã´Â´Ù. spwd ±¸Á¶Ã¼¿¡ ´ëÇÑ Á¤ÀÇ´Â /usr/include/shadow/shadow.h file¿¡ ÀÖ´Ù:


struct spwd
{
  char *sp_namp;                /* »ç¿ëÀÚ À̸§ */
  char *sp_pwdp;                /* encryptµÈ password */
  sptime sp_lstchg;             /* ÃÖ±Ù data ¼öÁ¤ÀÏ */
  sptime sp_min;                /* ¼öÁ¤ÀÛ¾÷°£ÀÇ ÃÖ¼Ò ³¯Â¥(°á±¹ Çѹø ¼öÁ¤ÇÑ
                                   ´ÙÀ½ ¾ðÁ¦ ¼öÁ¤ÀÌ °¡´ÉÇÑ°¡¿¡ ´ëÇÑ ´ë´ä) */
  sptime sp_max;                /* ¼öÁ¤ÀÛ¾÷°£ÀÇ ÃÖ´ë ³¯Â¥(password À¯È¿±â°£) */
  sptime sp_warn;               /* password°¡ ¹«È¿°¡ µÇ±â Àü °æ°íÇÏ´Â ±â°£ */
  sptime sp_inact;              /* password°¡ ¹«È¿µÈ µÚ, °èÁ¤ÀÌ »ç¿ëºÒ´ÉÀÌ
                                   µÉ ¶§±îÁöÀÇ ±â°£. */
  sptime sp_expire;             /* ³¯Â¥(°èÁ¤»ç¿ëºÒ´É - 1/1/70) */
  unsigned long sp_flag;        /* ³ªÁßÀ» À§ÇØ ºñ¿öµÒ */
};

Shadow Suite´Â sp_pwdp field¿¡ encodeµÈ passwd¿Í ÇÔ²² ´Ù¸¥ °É ³ÖÀ» ¼ö ÀÖ´Ù. password field´Â ´ÙÀ½Ã³·³ µÉ ¼ö ÀÖ´Ù:

username:Npge08pfz4wuk;@/sbin/extra:9479:0:10000::::

ÀÌ´Â password¿¡ µ¡ºÙ¿©, /sbin/extra programÀÌ ´õ ½ÉÈ­µÈ ÀÎÁõÀ» À§ÇØ È£ÃâµÈ´Ù´Â °ÍÀ» ÀǹÌÇÑ´Ù. È£ÃâµÇ´Â programÀº username, È£ÃâÀÌÀ¯¸¦ ¾Ë·ÁÁÖ´Â switch¸¦ ¹ÞÀ» ¼ö ÀÖ¾î¾ß µÉ °ÍÀÌ´Ù. ÀÚ¼¼ÇÑ °É ¾Ë°í ½Í´Ù¸é, /usr/include/shadow/pwauth.h¿Í pwauth.c¸¦ º¸±â ¹Ù¶õ´Ù.

ÀÌ°ÍÀÌ ÀǵµÇÏ´Â ¹Ù´Â -µÎ¹ø »ç¿ëÀÚ È®ÀÎÇÏ´Â µ¥ »ç¿ëÇÒ ¼öµµ ÀÖ´Â- ´Ù¸¥ ÇöÁ¸ÇÏ´Â(actual) »ç¿ëÀÚ È®ÀÎ ¹æ¹ýÀ» ¼öÇàÇÒ ¼ö ÀÖµµ·Ï pwauth ±â´ÉÀ» ¾²´Â °ÍÀÌ´Ù.

Shadow SuiteÀÇ ÀúÀÚ´Â ÇöÁ¸ÇÏ´Â ´ëºÎºÐÀÇ programµéÀÌ ÀÌ ±â´ÉÀ» ¾²°í ÀÖÁö ¾ÊÀ½Àº ÁöÀûÇϸ鼭, Shadow Suite Â÷±â version¿¡´Â »ç¶óÁö°Å³ª, ¹Ù²ð °ÍÀ̶ó°í ÇÑ´Ù.

8.4 Shadow ÇÔ¼öµé

shadow.h fileÀº libshadow.a library¿¡ ÀÖ´Â ÇÔ¼öµéÀÇ ±âº»ÇüÀ» Æ÷ÇÔÇÏ°í ÀÖ´Ù:


extern void setspent __P ((void));
extern void endspent __P ((void));
extern struct spwd *sgetspent __P ((__const char *__string));
extern struct spwd *fgetspent __P ((FILE *__fp));
extern struct spwd *getspent __P ((void));
extern struct spwd *getspnam __P ((__const char *__name));
extern int putspent __P ((__const struct spwd *__sp, FILE *__fp));

¿¹Á¦¿¡¼­ ¾µ ÇÔ¼ö´Â: getspnam - spwd ±¸Á¶Ã¼¿¡¼­ »ç¿ëÀÚ À̸§À» °¡Á®¿À´Â ÇÔ¼ö - ÀÌ´Ù.

8.5 Example

ÀÌ°ÍÀº shadow Áö¿ø±â´ÉÀÌ ÇÊ¿äÇÏÁö¸¸ ±âº»¼³Á¤À¸·Î µÇ¾î ÀÖÁö ¾ÊÀº program¿¡ ±×°ÍÀ» Ãß°¡ÇÏ´Â ¿¹Á¦ÀÌ´Ù.

º» ¿¹Á¦·Î, PAPÀ̳ª CHAP´ë½Å /etc/passwd file¿¡ ÀÖ´Â »ç¿ëÀÚÀ̸§°ú password¸¦ »ç¿ëÇÏ¿© PAP ÀÎÁõÀ» ¼öÇàÇÏ´Â mode¸¦ Áö´Ñ, Point-to-Point Protocol Server (pppd-1.2.1d)¸¦ µé°í ÀÖ´Ù.

pppdÀÇ ÀÌ·± ±â´ÉÀº ±×¸® ÀÚÁÖ ¾²ÀÌ°í ÀÖÁö ¾Ê´Ù. ±×·¯³ª Shadow Suite°¡ ¼³Ä¡µÇ¸é ÀÌ ±â´ÉÀº ¸ø ¾²°Ô µÉ °ÍÀÌ´Ù. ¿Ö³ÄÇϸé password´Â ´õ ÀÌ»ó /etc/passwd¿¡ ÀÖÁö ¾Ê±â ¶§¹®ÀÌ´Ù.

ppad-1.2.1d¿¡¼­ »ç¿ëÀÚ ÀÎÁõÇÏ´Â code´Â /usr/src/pppd-1.2.1d/pppd/auth.c file¿¡ ÀÖ´Ù.

´ÙÀ½ code´Â #include Áö½ÃÀÚ°¡ À§Ä¡ÇÏ´Â fileÀÇ À­ºÎºÐ¿¡ µ¡´î ÇÊ¿ä°¡ ÀÖ´Ù. ¿ì¸®´Â Á¶°ÇÁö½ÃÀÚ(conditional directive)·Î #include¸¦ µÑ·¯½Õ´Ù (Ưº°È÷ shadow Áö¿ø±â´ÉÀ» ³Ö¾î compileÇÒ ¶§¸¸ Æ÷ÇÔÇϵµ·Ï)


#ifdef HAS_SHADOW
#include <shadow.h>
#include <shadow/pwauth.h>
#endif

´ÙÀ½Àº ½ÇÁ¦ code¸¦ °íÄ¡´Â ÀÏÀÌ´Ù. ¾ÆÁ÷µµ auth.c fileÀ» °íÄ¡°í ÀÖ´Ù.

°íÄ¡±â ÀüÀÇ auth.c´Â:


/*
 * login - Check the user name and password against the system
 * password database, and login the user if OK.
 *
 * returns:
 *      UPAP_AUTHNAK: Login failed.
 *      UPAP_AUTHACK: Login succeeded.
 * In either case, msg points to an appropriate message.
 */
static int
login(user, passwd, msg, msglen)
    char *user;
    char *passwd;
    char **msg;
    int *msglen;
{
    struct passwd *pw;
    char *epasswd;
    char *tty;

    if ((pw = getpwnam(user)) == NULL) {
        return (UPAP_AUTHNAK);
    }
     /*
     * XXX If no passwd, let them login without one.
     */
    if (pw->pw_passwd == '\0') {
        return (UPAP_AUTHACK);
    }

    epasswd = crypt(passwd, pw->pw_passwd);
    if (strcmp(epasswd, pw->pw_passwd)) {
        return (UPAP_AUTHNAK);
    }

    syslog(LOG_INFO, "user %s logged in", user);

    /*
     * Write a wtmp entry for this user.
     */
    tty = strrchr(devname, '/');
    if (tty == NULL)
        tty = devname;
    else
        tty++;
    logwtmp(tty, user, "");             /* Add wtmp login entry */
    logged_in = TRUE;

    return (UPAP_AUTHACK);
}

»ç¿ëÀÚ password´Â pw->pw_passwd¿¡ À§Ä¡ÇÑ´Ù. µû¶ó¼­ ÇÒ ÀÏÀº getspnam ÇÔ¼ö¸¦ Ãß°¡ÇÏ´Â °ÍÀÌ ÀüºÎ´Ù. ÀÌ ÇÔ¼ö´Â spwd->sp_pwdp¿¡ password¸¦ ÇÒ´çÇÑ´Ù.

¿ì¸®´Â ´Ù¸¥ ÇöÁ¸ÇÏ´Â(actual) »ç¿ëÀÚ È®ÀÎ ÀÛ¾÷À» ¼öÇàÇϵµ·Ï pwauth ÇÔ¼ö¸¦ ³ÖÀ» °ÍÀÌ´Ù. ÀÌ´Â shadow file¿¡ ¼³Á¤µÇ¾î ÀÖÀ¸¸é ÀÚµ¿ÀûÀ¸·Î µÎ¹ø° ÀÎÁõÀ» ¼öÇàÇÑ´Ù.

shadow¸¦ Áö¿øÇϵµ·Ï °íÄ£ auth.c´Â:


/*
 * login - Check the user name and password against the system
 * password database, and login the user if OK.
 *
 * This function has been modified to support the Linux Shadow Password
 * Suite if USE_SHADOW is defined.
 *
 * returns:
 *      UPAP_AUTHNAK: Login failed.
 *      UPAP_AUTHACK: Login succeeded.
 * In either case, msg points to an appropriate message.
 */
static int
login(user, passwd, msg, msglen)
    char *user;
    char *passwd;
    char **msg;
    int *msglen;
{
    struct passwd *pw;
    char *epasswd;
    char *tty;

#ifdef USE_SHADOW
    struct spwd *spwd;
    struct spwd *getspnam();
#endif

    if ((pw = getpwnam(user)) == NULL) {
        return (UPAP_AUTHNAK);
    }

#ifdef USE_SHADOW
        spwd = getspnam(user);
        if (spwd)
                pw->pw_passwd = spwd->sp-pwdp;
#endif
 
     /*
     * XXX If no passwd, let NOT them login without one.
     */
    if (pw->pw_passwd == '\0') {
        return (UPAP_AUTHNAK);
    }
#ifdef HAS_SHADOW
    if ((pw->pw_passwd && pw->pw_passwd[0] == '@'
         && pw_auth (pw->pw_passwd+1, pw->pw_name, PW_LOGIN, NULL))
        || !valid (passwd, pw)) {
        return (UPAP_AUTHNAK);
    }
#else
    epasswd = crypt(passwd, pw->pw_passwd);
    if (strcmp(epasswd, pw->pw_passwd)) {
        return (UPAP_AUTHNAK);
    }
#endif

    syslog(LOG_INFO, "user %s logged in", user);

    /*
     * Write a wtmp entry for this user.
     */
    tty = strrchr(devname, '/');
    if (tty == NULL)
        tty = devname;
    else
        tty++;
    logwtmp(tty, user, "");             /* Add wtmp login entry */
    logged_in = TRUE;

    return (UPAP_AUTHACK);
}

ÁÖÀÇÇؼ­ º¸¸é ¿ì¸®°¡ ÇÑ ´Ù¸¥ º¯È­¸¦ º¼ ¼ö ÀÖÀ» °ÍÀÌ´Ù. /etc/passwd file¿¡ password°¡ ¾ø´Ù¸é, ¿ø versionÀº UPAP_AUTHACK¸¦ µ¹·ÁÁÖ°í Á¢¼ÓÀ» Çã¿ëÇß´Ù. ÀÌ°Ç ¾È ÁÁ´Ù. ¿Ö³ÄÇϸé, ÀÌ login±â´ÉÀÇ ÀϹÝÀûÀÎ ¿ëµµ´Â PPP process¿¡ Á¢±ÙÇÑ ´ÙÀ½, PAP¿¡ ÀÇÇØ Áö¿øµÇ´Â »ç¿ëÀÚ À̸§°ú password¸¦ /etc/passwd¿¡ ÀÖ´Â »ç¿ëÀÚ À̸§°ú /etc/shadow¿¡ ÀÖ´Â password¿Í ¸Â´ÂÁö Á¡°ËÇϵµ·Ï Çã¿ëÇÏ´Â, ÇÑ °èÁ¤À» »ç¿ëÇÏ´Â °ÍÀ̱⠶§¹®ÀÌ´Ù.

µû¶ó¼­, ¿ø versionÀÌ »ç¿ëÀÚ(ƯÈ÷, ppp)¸¦ À§ÇØ shellÀ» ½ÇÇà½ÃÅ°µµ·Ï ¼³Á¤Çß´Ù¸é, ´©±¸µçÁö ±×µéÀÇ PAP¸¦ »ç¿ëÀÚÀ̸§À» ppp, password¸¦ null·Î ÇÔÀ¸·Î½á ppp ¿¬°áÀ» ȹµæÇÒ ¼ö ÀÖ¾ú´Ù.

¿ì¸®´Â ÀÌ°ÍÀ» password°¡ ¾ø´Ù¸é UPAP_AUTHACK´ë½Å UPAP_AUTHNAK¸¦ µÇµ¹·ÁÁÖµµ·Ï °íÃÆ´Ù.

Èï¹Ì·Ó°Ôµµ pppd-2.2.0·Î °°Àº ¹®Á¦¸¦ Áö´Ï°í ÀÖ´Ù.

´ÙÀ½Àº µÎ°¡Áö ÀÏÀÌ ÀϾ ¼ö ÀÖµµ·Ï MakefileÀ» °íÁö´Â °ÍÀÌ´Ù: USE_SHADOW°¡ ¼±¾ðµÇ¾î ÀÖ¾î¾ß ÇÏ°í, libshadow.a°¡ linkµÇµµ·Ï ÇÒ ÇÊ¿ä°¡ ÀÖ´Ù.

Makefile¿¡¼­´Â:

LIBS = -lshadow

±×¸®°í³ª¼­ ´ÙÀ½ ÁÙÀ»:

COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t

¿¡¼­:

COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t -DUSE_SHADOW
·Î ¹Ù²Û´Ù.

ÀÌÁ¦ ¸¸µé¾î¼­ ¼³Ä¡Ç϶ó.

9. ÀÚÁÖ ¹¯´Â Áú¹®µé.

Áú: /etc/securettys file¸¦ ½á¼­ root°¡ µé¾î°¥ ¼ö ÀÖ´Â tty¸¦ Á¶Á¤ÇØ¿ÔÀ¾´Ï´Ù¸¸, ÀÌÁ¦´Â ¾È µË´Ï´Ù. ¹¹°¡ À߸øÀϱî¿ä?

´ä: /etc/securettys fileÀº Shadow SuiteÀÌ ¼³Ä¡µÈ µÚ¿¡´Â ´õÀÌ»ó ¾µ ¼ö ¾øÀ¾´Ï´Ù. login ¼³Á¤ fileÀÎ /etc/login.defs¿¡¼­ root°¡ ¾µ ¼ö ÀÖ´Â tty¸¦ Á¤ÇÒ ¼ö ÀÖÀ¾´Ï´Ù. ÀÌ fileÀÇ Ç׸ñÀº ¶Ç ´Ù¸¥ fileÀ» °¡¸£Å³ ¼ö ÀÖÀ¾´Ï´Ù.

Áú: Shadow SuiteÀ» ¼³Ä¡Çß´õ´Ï, loginÇÒ ¼ö ¾øÀ¾´Ï´Ù. ³»°¡ ¹«¾ó »© ¸Ô¾úÁö¿ä?

´ä: ¾Æ¸¶ Shadow programµéÀ» ¼³Ä¡ÇßÁö¸¸, pwconv¸¦ ½ÇÇà½ÃÅ°Áö ¾Ê¾Ò´øÁö, /etc/npasswd¿Í /etc/nshadow¸¦ /etc/passwd¿Í /etc/shadow·Î º¹»çÇÏ´Â °ÍÀ» ÀؾúÀ» °Ì´Ï´Ù. ¶ÇÇÑ login.defs¸¦ /etc·Î º¹»çÇØ¾ß µË´Ï´Ù.

Áú: xlock section¿¡¼­, /etc/shadowÀÇ group ¼ÒÀ¯ÀÚ¸¦ shadow·Î ¹Ù²Ù¶ó°í ÇÕ´Ï´Ù. ³ª´Â shadow groupÀ» °¡Áö°í ÀÖÁö ¾Ê½À´Ï´Ù. ¹» ÇؾߵÇÁö¿ä?

´ä: Ãß°¡ÇÏ½Ã¸é µË´Ï´Ù. °£´ÜÈ÷ /etc/group file¿¡ ÇÑÁÙ Ãß°¡ÇÏ¸é µË´Ï´Ù. ´Ù¸¥ groupÀ¸·Î ¾²ÀÌ°í ÀÖÁö ¾ÊÀº group number·Î ÇÒ´çÇؼ­ nogroup Ç׸ñÀü¿¡ »ðÀÔÇÏ¸é µË´Ï´Ù. ¶Ç´Â xlock¸¦ SUID root·Î ÇÏ¸é µË´Ï´Ù.

Áú: Linux Shadow Password Suite¿¡ ´ëÇÑ mailing list°¡ ÀÖÀ¾´Ï±î?

´ä: ¿¹, ÇÏÁö¸¸ ´ÙÀ½ Linux Shadow SuiteÀÇ beta test¿Í °³¹ßÀ» À§ÇÑ °Ì´Ï´Ù. shadow-list-request@neptune.cin.net¿¡ Á¦¸ñ(subject)À» subscribe·Î Çؼ­ mail·Î º¸³»½Ã¸é list¿¡ Ãß°¡µÇ½Ç ¼ö ÀÖÀ¾´Ï´Ù. ÀÌ list´Â ½ÇÁö·Î Linux shadow-YYMMSS series¿¡ ´ëÇؼ­ Åä·ÐÇÏ°í ÀÖÀ¾´Ï´Ù. ¸¸ÀÏ °³¹ß¿¡ Âü°¡ÇÏ°í ½Í°Å³ª, ´ç½ÅÀÇ system¿¡ Suite¸¦ ±ò°í ÃÖ±Ù release¿¡ ´ëÇÑ Á¤º¸¸¦ ¾ò°í ½Í´Ù¸é, Âü°¡Çϼŵµ µË´Ï´Ù.

Áú: Shadow Suite¸¦ ¼³Ä¡ÇßÀ¾´Ï´Ù. ±×·±µ¥, userdel ¸í·ÉÀ» »ç¿ëÇÒ ¶§¸¶´Ù, "userdel: cannot open shadow group file"À̶õ message¸¦ ¹Þ½À´Ï´Ù. ¹» À߸øÇßÁö¿ä?

´ä: Shadow Suite¸¦ SHADOWGRP option°¡´ÉÀ¸·Î compileÇßÁö¸¸, /etc/gshadow fileÀÌ ¾ø´Â °ÍÀÔ´Ï´Ù. config.h¸¦ ÆíÁýÇؼ­ ´Ù½Ã compileÇϰųª, /etc/group fileÀ» ¸¸µå½Ê½Ã¿ä. shadow group¿¡ ´ëÇÑ sectionÀ» ÂüÁ¶ÇϽñ⠹ٶø´Ï´Ù.

Áú: Shadow SuiteÀ» ¼³Ä¡ÇßÁö¸¸, Áö±Ý /etc/passwd¿¡ encodeµÈ password°¡ ÀÖÀ¾´Ï´Ù. ¹¹°¡ À߸øµÆÁö¿ä?

´ä: Shadow config.h file¿¡ AUTOSHADOW option °¡´ÉÇÏ°Ô Ç߰ųª, libc¸¦ SHADOW_COMPAT optionÀ» ÁÖ°í compileÇßÀ» °Ì´Ï´Ù. ¾î´À ¹®Á¦ÀÎÁö È®ÀÎÇؼ­ ´Ù½Ã compileÇϽʽÿä.

10. ÀúÀ۱ǿ¡ °üÇؼ­.

The Linux Shadow Password HOWTO is Copyright (c) 1996 Michael H. Jackson.

¸ðµç »çº»¿¡ ÀúÀÛ±Ç¿Í ÀÌ Çã°¡ Åë°í°¡ Á¦°øµÇ´Â ÀÌ ¹®¼­ÀÇ µ¿ÀÏÇÑ »çº»À» ¸¸µé°í ¹èÆ÷ÇÏ´Â °ÍÀ» Çã°¡ÇÕ´Ï´Ù.

À§¿¡ ¸í±âµÈ µ¿ÀÏÇÑ »çº»¿¡ ´ëÇÑ Á¶°ÇÇÏ¿¡¼­, ¹®¼­°¡ ¼öÁ¤µÈ °ÍÀ̶ó´Â ¸í¹éÇÑ Åë°í°¡ ¼öÁ¤µÈ ¹®¼­¿¡ ¶ÇÇÑ Æ÷ÇԵǾî, ÀÌ ¹®¼­ÀÇ ¼öÁ¤µÈ versionÀ» º¹»çÇÏ°í ¹èÆ÷ÇÏ´Â ÇàÀ§¸¦ Çã°¡ÇÕ´Ï´Ù.

À§¿¡ ¼öÁ¤µÈ version¿¡ ´ëÇØ ¼­¼úÇÑ Á¶°ÇÇÏ¿¡¼­, ÀÌ ¹®¼­ÀÇ ´Ù¸¥ ¾ð¾î ¹ø¿ªº»À» º¹»çÇÏ°í ¹èÆ÷ÇÏ´Â °ÍÀ» Çã°¡ÇÕ´Ï´Ù.

À§¿¡ ¼öÁ¤µÈ version¿¡ ´ëÇØ ¼­¼úÇÑ Á¶°ÇÇÏ¿¡¼­, »õ·Î¿î ¸Åü¿¡ ¿ø ¹®¼­¿¡ ´ëÇÑ ¾Ë±â ½¬¿î ÂüÁ¶À» Æ÷ÇÔ½ÃÅ°´Â °Í°ú ºñ½ÁÇÑ ¿ø ¹®¼­¸¦ ¾Ë¸®´Â µ¥ ÇÊ¿äÇÑ »çÇ×À» ´ã°í, ÀÌ ¹®¼­¸¦ ´Ù¸¥ ¸Åü·Î ¹Ù²Ù´Â °ÍÀ» Çã°¡ÇÕ´Ï´Ù.

11. °¨»ç¸»°ú ±× ¹Û¿¡...

auth.c¿¡ ´ëÇÑ code ¿¹Á¦´Â Copyright (c) 1993 and The Australian National University¿Í Copyright (c) 1989 Carnegie Mellon UniversityÀÇ pppd-1.2.1d¿Í ppp-2.1.0e¿¡¼­ ºô·Á¿Ô´Ù.

Linux¿ë Shadow SuiteÀ» ¸¸µé°í, À¯Áöº¸¼öÇÏ°í ÀÖ´Â °Í¿¡ ´ëÇØ, ±×¸®°í ÀÌ ¹®¼­¸¦ Âß º¸°í ³íÆòÇØÁֽŠMarek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>²² °¨»çµå¸³´Ï´Ù.

Ä£ÀýÇÏ°Ô Âß Àаí, ½ÃÇèÇØÁֽŠRon Tidd <rtidd@tscnet.com>²² °¨»çµå¸³´Ï´Ù.

ÀÌ ¹®¼­°¡ ´õ ³ª¾ÆÁöµµ·Ï Á¤Á¤»çÇ×À» ¾Ë·ÁÁֽŠ¿©·¯ºÐ²² °¨»çµå¸³´Ï´Ù.

¾î¶² ³íÆòÀ̳ª Á¦¾ÈÀ» Á¦°Ô º¸³»Áֽñ⠹ٶø´Ï´Ù.

Michael H. Jackson <mhjack@tscnet.com>

ÀÌ ¹ø¿ª¿¡ ´ëÇÑ ¾î¶°ÇÑ ³íÆòÀ̳ª Ãæ°í ºÎŹµå¸³´Ï´Ù.

Á¶¿ëÀÏ <tolkien@nownuri.nowcom.co.kr>


ID
Password
Join
Man's horizons are bounded by his vision.


sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2005-02-28 04:38:27
Processing time 0.0024 sec