Q9W5:DbVTtY7_nw
Warning:Original file contains whitespace invisible,do not edit casually,required Filetype:Markdown,Syntax:Markdown,Editor:Sublime Text.
MANUAL SECTIONS:
The standard sections of the manual include:
- 1 命令 User Commands
- 2 系統(tǒng)調(diào)用 System Calls
- 3 庫函數(shù) C Library Functions
- 4 特殊文件 Devices and Special Files
- 5 文件格式 File Formats and Conventions
- 6 游戲 Games et. Al.
- 7 雜項信息 Miscellanea
- 8 系統(tǒng)管理 System Administration tools and Daemons
How to search a command for specific information
you can man man to check follows:
man number command
man -f command = whatis command
man -k command = apropos command
info command
related command:
crypt(3)
dlopen(3)
syslog(3)
related file(directory):
/etc/passwd
/usr/lib/security
/lib/security
/lib64/security
/usr/include/security/ | grep types.h
/etc/security/access.conf
- if /etc/pam.d exists,PAM will ignore /etc/pam.conf
Linux-PAM deals with four separate types of management:
- authentication management
- account management
- session management
- password management
The format of /etc/pam.conf of each rule is a space separated collection of tokens,the first three being case-insensitive:
service type control module-path module-arguments
The syntax of each file in /etc/pam.d/ is similar to that of the /etc/pam.conf file and is made up of lines of the following form:
type control module-path module-arguments
The service is typically the familiar name of the corresponding application: login and su are good examples. The service-name, other, is reserved for giving default rules. Only lines that mention the current service (or in the absence of such, the other entries) will be associated with the given service-application.
The type is the management group that the rule corresponds to. It is used to specify which of the management groups the subsequent module is to be associated with. Valid entries are:
account
this module type performs non-authentication based account management. It is typically used to restrict/permit access to a service based on the time of day, currently available system resources (maximum number of users) or perhaps the location of the applicant user -- 'root' login only on the console.
auth
this module type provides two aspects of authenticating the user. Firstly, it establishes that the user is who they claim to be, by instructing the application to prompt the user for a password or other means of identification. Secondly, the module can grant group membership or other privileges through its credential granting properties.
password
this module type is required for updating the authentication token associated with the user. Typically, there is one module for each 'challenge/response' based authentication (auth) type.
session
this module type is associated with doing things that need to be done for the user before/after they can be given service. Such things include the logging of information concerning the opening/closing of some data exchange with a user, mounting directories, etc.
常用PAM模塊介紹
PAM模塊 管理類型 說明
pam_unix.so auth 提示用戶輸入密碼,并與/etc/shadow文件相比對.匹配返回0
pam_unix.so account 檢查用戶的賬號信息(包括是否過期等).帳號可用時,返回0.
pam_unix.so password 修改用戶的密碼. 將用戶輸入的密碼,作為用戶的新密碼更新shadow文件
pam_shells.so (auth丐膝,account) 如果用戶想登錄系統(tǒng)髓抑,那么它的shell必須是在/etc/shells文件中
pam_deny.so (account聚谁,auth暇藏,password猫缭,session) 該模塊可用于拒絕訪問
pam_deny.so (account病往,auth凰萨,password,session)模塊任何時候都返回成功
pam_securetty.so auth 如果用戶要以root登錄時,則登錄的tty必須在/etc/securetty之中
pam_listfile.so (account童漩,auth弄贿,password,session) 訪問應(yīng)用程的控制開關(guān)
pam_cracklib.so password 這個模塊可以插入到一個程序的密碼棧中,用于檢查密碼的強(qiáng)度
pam_limits.so session 定義使用系統(tǒng)資源的上限矫膨,root用戶也會受此限制,可以通過/etc/security/limits.conf或/etc/security/limits.d/*.conf來設(shè)定
related topic
Filesystem Hierarchy Standard(FHS)
