½Ã½ºÅÛ °ü¸®
1) System security
- logins ¸í·É¾î
# logins -x -l user1 (user1ÀÇ ·Î±×ÀÎ »óÅ Á¤º¸)
# logins -p (no passwd »ç¿ëÀÚ º¸¿©ÁÜ.)
- userÀÇ loginÀ» Àӽ÷Πdisable Çϱâ
/etc/nologin ÆÄÀÏ »ý¼º or run level0À¸·Î Àüȯ.
# vi /etc/nologin
or
# cat > /etc/nologin
** No logins permitted **
** The system will be unavailable untill 12 noon **
½Ã½ºÅÛ¿¡ /etc/nologinÀÌ Á¸ÀçÇÏ¸é ·Î±×ÀÎÀÌ °ÅºÎµÇ°í nologinÀÇ ³»¿ë Ãâ·Â.
- loginlog ÆÄÀÏ È°¿ëÇϱâ
·Î±×Àο¡ ½ÇÆÐÇÑ Á¤º¸ ÀúÀå. super user¸¸ Àаí/¾²±â °¡´É.
default·Î loginlog ÆÄÀÏÀÌ ¾øÀ¸¹Ç·Î »õ·Î »ý¼ºÇØ ÁÖ¾î¾ß ÇÑ´Ù.
# touch /var/adm/loginlog
# chown root:sys /var/adm/loginlog
# chmod 600 /var/adm/loginlog
# tail -f /var/adm/loginlog
(½Ç½Ã°£À¸·Î login ½ÇÆÐ Á¤º¸ º¸¿©ÁÜ. 5¹ø ÀÌ»ó login ½ÇÆÐ½Ã ȸ鿡 Ç¥½ÃÇØÁØ´Ù.)
- console»ó¿¡ super-user(root)·Î access Á¦ÇÑ.
# vi /etc/default/login
#CONSOLE=/dev/console ('#' Á¦°Å)
½Ã½ºÅÛ Äַܼθ¸ root·Î ·Î±×ÀÎ °¡´É. remote Á¢¼Ó½Ã ÀϹݻç¿ëÀÚ·Î ·Î±×ÀÎ ÈÄ super-user ·Î º¯°æÇØ¾ß ÇÑ´Ù. rlogin È£½ºÆ®¸íµµ ºÒ°¡´ÉÇÏ´Ù.
CONSOLE=/dev/term/a (serial a·Î¸¸ root·Î Á¢±Ù °¡´É)
CONSOLE= (½Ã½ºÅÛ Äֿܼ¡¼µµ root·Î ·Î±×ÀÎ ºÒ°¡´É, Ç×»ó ÀϹÝuser·Î ¸ÕÀú ·Î±×ÀÎ)
# rlogin hostA (host·Î Á÷Á¢ ·Î±×ÀÎ ºÒ°¡´É.)
# rlogin -l blackbat hostA (hostAÀÇ ÀϹÝuser blackbatÀ¸·Î ¸ÕÀú ·Î±×ÀÎ.)
# telnet blackbat (ÀÏ¹Ý user·Î login ÈÄ root·Î login)
- su ¸í·É¾î¸¦ »ç¿ëÇÑ »ç¿ëÀÚ °ü¸®Çϱâ
# vi /etc/default/su
#SULOG=/var/adm/sulog
==>#SULOG=/var/adm/sulog ('#' Á¦°Å)
#CONSOLE=/dev/console ('#'Á¦°ÅÇϸé CDEȯ°æÀÇ console¿¡µµ °°Àº ¸Þ½ÃÁö Ãâ·Â)
# more /var/adm/sulog
# tail -f /var/adm/sulog (½Ç½Ã°£ üũ)
- 'stop+a'¸¦ »ç¿ëÇÏÁö ¸øÇÏ°Ô ¸·±â
# vi /etc/default/kbd
#KEYBOARD_ABORT=disable ('#' Á¦°Å)
or
# vi /etc/system
set abort enable=0 (ÀÌ ¶óÀÎÀ» Ãß°¡ÇØÁØ´Ù.)
- ³×Æ®¿öÅ©»ó¿¡¼ÀÇ incoming Á¶ÀýÇϱâ
/etc/inet/inetd.conf or /etc/inetd.conf ÆÄÀÏ
³×Æ®¿öÅ©¸¦ ÅëÇÑ access ÅëÁ¦ °¡´É.
# vi /etc/inetd.conf
#ftp stream ...... (¼ºñ½º ÁßÁöºÎºÐ ¾Õ¿¡ ¡®#¡¯ üũ)
#telnet stream ..... (¼ºñ½º ÁßÁöºÎºÐ ¾Õ¿¡ ¡®#¡¯ üũ)
# ps -ef | grep inetd
# /etc/init.d/inetsvc stop
# /etc/init.d/inetsvc start
or
# kill -9 183
# /usr/sbin/inetd -s
- Port Number ¼³Á¤ ÆÄÀÏ, Æ÷Æ® ¸·±â
# vi /etc/services (Æ÷Æ® ¼³Á¤ or ¸·°í ½ÍÀº Æ÷Æ® ¾Õ¿¡ ¡®#¡¯ üũ)
# ps -ef | grep inetd
# /etc/init.d/inetsvc stop
# /etc/init.d/inetsvc start
or
# kill -9 183
# /usr/sbin/inetd -s
- who ¸í·É¾î
server¿¡ Á¢¼ÓÇÑ »ç¿ëÀÚ¸¦ º¸¿©ÁØ´Ù.
/var/adm/utmpx ÆÄÀÏÀ» ÀÐ¾î¼ Ãâ·ÂÇÑ´Ù.
# who
user2 pts/2 ......... (192.168.0.116) (pts : /dev/pts/# °¡»ódevice)
root comsole ......... (:0) (console : system boot °ú error message Ãâ·Â)
(term : /dev/term/a,b ¹°¸®ÀûÀÎ serial port)
# who -m (ÇöÀçÀÇ terminal â¿¡ ´ëÇÑ Á¤º¸¸¸ º¸¿©ÁÜ)
- Switching Users È®ÀÎÇϱâ
$ who am i (óÀ½¿¡ ·Î±×ÀÎÇÑ »ç¿ëÀÚ º¸¿©ÁÜ)
user1
$ whoami (½ºÀ§Ä¡µÈ »ç¿ëÀÚ º¸¿©ÁÜ. ÇöÀç »ç¿ëÀÚ º¸¿©ÁÜ)
user1
$ su user2
$ who am i
user1
$ whoami
user2
- rusers ¸í·É¾î
³×Æ®¿öÅ©¿¡ broadcast¸¦ ÇØ¼ »ç¿ëÀÚ Á¤º¸¸¦ ¼öÁýÇÑ´Ù. Àüü user¼ö¸¦ È®ÀÎ ÇÒ ¼ö ÀÖ´Ù.
°°Àº ³×Æ®¿öÅ©¿¡ ÀÖ´Â ¼¹ö¿Í ¼¹ö¿¡ Á¢¼ÓÇÑ user¸¸ º¸¿©ÁÜ.
/usr/lib/netsvc/rusers/rpc.rusersd daemonÀÌ enableµÇ¾î ÀÖ¾î¾ß ÇÑ´Ù.
# rusers -l
- finger ¸í·É¾î
local or remoteÀÇ »ç¿ëÀÚ¸¦ È®ÀÎ ÇÒ ¼ö ÀÖ´Ù.
in.fingerd daemonÀÌ enable µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù.
# finger (local¿¡ Á¢¼ÓÇÑ »ç¿ëÀÚ¸¸ º¸¿©ÁÜ.)
# finger -l (local¿¡ Á¢¼ÓÇÑ »ç¿ëÀÚÀÇ ÀÚ¼¼ÇÑ Á¤º¸ º¸¿©ÁÜ.)
# finger -m blackbat (ÇØ´çuserÀÇ ÀÚ¼¼ÇÑ Á¤º¸ º¸¿©ÁÜ.)
hostA# finger root@hostB (remote hostB¿¡ Á¢¼ÓÇÑ »ç¿ëÀÚÀÇ Á¤º¸ º¸¿©ÁÜ.)
user remote host
hostA# finger -l blackbat@hostB (remote hostBÀÇ blackbat »ç¿ëÀÚÀÇ Á¤º¸ º¸¿©ÁÜ.)
- last ¸í·É¾î
logins°ú logouts Á¤º¸¸¦ º¸¿©ÁØ´Ù.
/var/adm/wtmpx ÆÄÀÏÀ» ÀÐ¾î¼ Ãâ·ÂÇÑ´Ù.
# last (Àüü login, logout Á¢¼Ó Á¤º¸)
# last blackbat (blackbatÀÇ login, logout Á¢¼Ó Á¤º¸)
# last -n 5 reboot (reboot Á¤º¸¸¦ ÃÖ½ÅÁ¤º¸·Î 5line¸¸ º¸¿©ÁÜ)
# cp /dev/null /var/adm/wtmpx (wtmpx¸¦ clear ½ÃŲ´Ù.)
- FTP(File Transfer Protocol)
Solaris8 : /etc/ftpusers
Solaris9 : /etc/ftpd/ftpusers
ÀÌ ÆÄÀÏ¿¡ µî·ÏÀÌ µÇ¾î ÀÖ´Â ID·Î´Â Á¢¼ÓÀÌ ºÒ°¡´ÉÇÏ´Ù. Á¢¼ÓÀ» °¡´ÉÇÏ°Ô ÇÏ°í ½ÍÀº ID¾Õ¿¡ ¡®#¡¯À¸·Î ÁÖ¼®Ã³¸®¸¦ ÇØÁØ´Ù.
ex)
# vi /etc/ftpusers
#root (root¾Õ¿¡ ÁÖ¼®Ã³¸®¸¦ ÇØÁÖ¸é root·Î ·Î±×ÀÎÀÌ °¡´ÉÇÏ´Ù.)
- .rhosts & /etc/hosts.equiv ÆÄÀÏ
/etc/hosts.equiv or /.rhosts¿¡ ·ÎÄÃÁ¤º¸°¡ µé¾îÀÖÀ¸¸é passwd¸¦ ¹¯Áö ¾Ê´Â´Ù.
hostB# cat /.rhosts
hostA root (sunAÀÇ root¸¸ Á¢±Ù Çã¶ô)
hostA + (sunAÀÇ ¸ðµç À¯Àú¿¡°Ô Á¢±Ù Çã¶ô)
+ root (¸ðµç ½Ã½ºÅÛÀÇ root¸¸ Á¢±Ù Çã¶ô)
+ + (¸ðµç ½Ã½ºÅÛÀÇ ¸ðµç À¯Àú¿¡°Ô Á¢±Ù Çã¶ô)
- rlogin ¸í·É¾î (.rhosts¿¡ µî·ÏµÇ¾î ÀÖ¾î¾ß »ç¿ë °¡´É.) => remote login
hostA# rlogin hostB
hostA# rlogin -l blackbat hostB (blackbat »ç¿ëÀÚ·Î rlogin)
inetd |
standalone |
/etc/inet/inetd.conf or /etc/inetd.conf |
°³º° process ÀÛµ¿ |
telnet, ftp, finger, rlogin µî |
http, sendmail, nfsd, mountd µî |
inetd daemonÀÌ ½ÇÇàµÇ°í ÀÖ´Ù°¡ ¿äûÀÌ µé¾î¿À¸é ÇØ´ç daemon ½ÇÇàÇÑ´Ù. |
Ç×»ó daemonÀÌ ½ÇÇàµÈ´Ù. |
# pkill -HUP inetd
or
# /etc/init.d/inetsvc stop
# /etc/init.d/inetsvc start |
# /etc/init.d/ÇØ´çdaemon stop
# /etc/init.d/ÇØ´çdaemon start |
- rsh ¸í·É¾î (.rhosts¿¡ µî·ÏµÇ¾î ÀÖ¾î¾ß »ç¿ë °¡´É.) => remote shell
rlogin°ú À¯»çÇÏ´Ù. ÇÏÁö¸¸ remote·Î shellÀ» ¿¾î¼ ¸í·É¾î¸¦ ½ÇÇà ÇÒ ¼ö ÀÖ´Ù.
hostA# rsh hostB
hostA# rsh -l blackbat hostB
hostA# rsh hostB cat /etc/shadow
(hostBÀÇ /etc/shadowÆÄÀÏÀ» ÀÐÀ» ¼ö ÀÖ´Ù. rloginÀº ºÒ°¡´ÉÇÏ´Ù.)
- rcp ¸í·É¾î (.rhosts¿¡ µî·ÏµÇ¾î ÀÖ¾î¾ß »ç¿ë °¡´É.)
hostA# rcp ./file1 hostB:/home/user1
(hostA->hostB·Î file1 º¹»çÇϱâ)
hostA# rcp hostB:/home/user1/file0 ./
(hostB->hostA·Î file0 º¹»çÇϱâ)
**rlogin, rsh, rcp´Â unix ¸Ó½Å»çÀÌ¿¡¼¸¸ »ç¿ëµÈ´Ù.**
- groups ¸í·É¾î
# groups
# groups blackbat (blackbatÀÇ groupÀ» Ãâ·ÂÇÑ´Ù.)
- id ¸í·É¾î
# id (uid, gid Ãâ·Â)
# id blackbat (blackbatÀÇ uid, gid Ãâ·Â)
# id -a blackbat (uid, gid, secondary groups Ãâ·Â)
- chown ¸í·É¾î
# chown user2 file7 (file7ÀÇ ¼ÒÀ¯ÀÚ¸¦ user2·Î º¯°æ.)
# chown -R user2:class file2 (file2ÀÇ ¼ÒÀ¯ÀÚ¿Í group ¼ÒÀ¯ÀÚ º¯°æ.)
# chown -R user2 dir4 (dir4¿Í directory¿¡ Æ÷ÇÔµÈ ¸ðµç fileÀÇ ¼ÒÀ¯ÀÚ¸¦ º¯°æ.)
# chown -R user2:class dir1
(dir1ÀÇ directory¿¡ Æ÷ÇÔµÈ ¸ðµç fileÀÇ ¼ÒÀ¯ÀÚ¿Í group ¼ÒÀ¯ÀÚ¸¦ º¯°æ.)
# chgrp class file4 (file4ÀÇ group ¼ÒÀ¯ÀÚ¸¦ º¯°æ.)
2) ÇÁ·Î¼¼½º ±¸¼º ¿ä¼Ò
- PID(Process Identification Number) :
ÇÁ·Î¼¼½º °¢°¢À» ±¸º°ÇÒ ¼ö ÀÖ´Â À¯ÀÏÇÑ µ¥ÀÌÅÍÀÌ´Ù. ÇÁ·Î¼¼½º´Â ÇÁ·Î¼¼½º¿¡ ÇÒ´çµÈ À̸§ ÀÌ Á¸ÀçÇÏÁö ¾Ê±â ¶§¹®¿¡ ½Ã½ºÅÛÀ̳ª »ç¿ëÀÚ ¸ðµÎ°¡ PID·Î¼ ÇÁ·Î¼¼½º¸¦ ±¸º°ÇÑ´Ù.
- PPID(Parent Process Identification Number) :
ÇÁ·Î¼¼½º¸¦ ¸¸µç ºÎ¸ð ÇÁ·Î¼¼½ºÀÇ PID¸¦ ³ªÅ¸³»´Â °ª.
shell ÇÁ·ÒÇÁÆ®¿¡¼ ¸í·É¾î¸¦ ÀÔ·ÂÇÏ¿© ÇÁ·Î±×·¥À» ½ÇÇàÇß´Ù¸é shellÀÌ ºÎ¸ð ÇÁ·Î¼¼½º°¡ µÇ¾î shellÀÇ PID°¡ ÇÁ·Î¼¼½ºÀÇ PPID·Î ÇÒ´çµÈ´Ù.
- UID(real User ID) & GID(Group ID) :
ÇÁ·Î¼¼½º¿¡ ÀúÀåµÇ´Â UID¿Í GID´Â ÇÁ·Î¼¼½º¸¦ ½ÇÇàÇÑ »ç¿ëÀÚÀÇ UID¿Í GID°¡ ÀúÀåµÈ´Ù.
- EUID(effective user ID) & EGID(effective group ID) :
UID¿Í GID°¡ ½ÇÇàÇÑ »ç¿ëÀÚÀÇ Á¤º¸¸¦ ´ã´Â ¹Ý¸é, EUID¿Í EGID´Â ÇÁ·Î¼¼½º°¡ ÆÄÀÏ¿¡ ´ë ÇØ¼ °¡Áö´Â ±ÇÇÑÀ» ³ªÅ¸³½´Ù. ´ëºÎºÐÀÇ ÇÁ·Î¼¼½º´Â UID¿Í EUID, GID¿Í EGID°¡ µ¿ÀÏÇÑ °ªÀ» °¡Áö°í ÀÖÀ¸³ª, ÀϺΠƯº°ÇÑ ÇÁ·Î¼¼½º´Â µÎ °¡Áö °ªÀÌ ¼·Î ´Ù¸¥ °ªÀ» °¡Áö°í Àֱ⠵µ ÇÏ´Ù.
- setuid : ÇÁ·Î±×·¥ ½ÇÇà½Ã ÇÁ·Î¼¼½º°¡ °¡Áö´Â ±ÇÇÑÀº ÇÁ·Î±×·¥À» ½ÇÇàÇÑ »ç¿ëÀÚÀÇ ±ÇÇÑÀÌ ¾Æ´Ñ ÇÁ·Î±×·¥ ¼ÒÀ¯ÀÚÀÇ ±ÇÇÑÀ» °¡Áø´Ù.
$ ls -l /bin/passwd
-r-sr-sr-x 3 root sys 101744 Jan 6 2000 /bin/passwd
(passwd ¸í·É¾î´Â setuid¿Í setgid°¡ ¼³Á¤µÇ¾î ÀÖÀ¸¹Ç·Î ÀϹÝÀ¯Àú¿¡¼ ÆÄÀϼÒÀ¯ÀÚÀÇ ±ÇÇÑÀ¸·Î ½ÇÇàÀÌ °¡´ÉÇÏ´Ù.)
$ cat /etc/shadow (catÀÇ ½ÇÇàÀÚ´Â ÀϹÝÀ¯ÀúÀ̹ǷΠshadowÆÄÀÏÀ» ÀÐÀ» ¼ö ¾ø´Ù.)
cat: cannot open /etc/shadow
$ su -
# ls -l /etc/shadow (root ±ÇÇÑÀ¸·Î¸¸ ÀбⰡ °¡´ÉÇÏ´Ù.)
-r-------- 1 root sys 339 Feb 18 18:41 /etc/shadow
# ls -l /bin/cat (ÆÄÀϼÒÀ¯ÀÚ´Â rootÀÌ´Ù.)
-r-xr-xr-x 1 root bin 10092 Jul 10 2000 /bin/cat
# chmod 4455 /bin/cat
# ls -l /bin/cat
-r-Sr-xr-x 1 root bin 10092 Jul 10 2000 /bin/cat
(ÆÄÀÏ¿¡ setuid±ÇÇÑÀÌ ÀÖÀ¸³ª ½ÇÇà ±ÇÇÑÀÌ ¾øÀ» °æ¿ì´Â ¼Ò¹®ÀÚ s°¡ ¾Æ´Ï¶ó ´ë¹®ÀÚ S ±âÈ£°¡ ³ªÅ¸³´Ù.)
# chmod 4555 /bin/cat (½ÇÇàÀÚÀÇ ±ÇÇÑÀÌ ¾Æ´Ñ ÆÄÀϼÒÀ¯ÀÚÀÇ ±ÇÇÑÀ» ºÎ¿©ÇÑ´Ù.)
# ls -l /bin/cat
-r-sr-xr-x 1 root bin 10092 Jul 10 2000 /bin/cat
# su - blackbat
$ cat /etc/shadow (catÀÇ ½ÇÇàÀÚ°¡ ¾Æ´Ñ ÆÄÀϼÒÀ¯ÀÚÀÇ ±ÇÇÑÀ¸·Î Àд´Ù.)
root:L89niy4Uo6HtM:6445::::::
- setgid : setuid¿Í À¯»ç. setuid´Â ½ÇÇà ÆÄÀÏÀ» ¼ÒÀ¯ÇÑ »ç¿ëÀÚÀÇ ±ÇÇÑÀ» °¡ÁöÁö¸¸, setgid ´Â ½ÇÇà ÆÄÀÏÀ» ¼ÒÀ¯ÇÑ ±×·ì ¼ÒÀ¯ÁÖÀÇ ±ÇÇÑÀ» °¡Áø´Ù. Áï ÇÁ·Î¼¼½º°¡ ¸í·É¾î¸¦ ½ÇÇàÇÑ ¼ÒÀ¯ÀÚ°¡ ¼ÓÇÑ ±âº» ±×·ìÀÇ ±ÇÇÑÀ» °¡ÁöÁö ¾Ê°í ¸í·É¾îÀÇ ±×·ì ¼ÒÀ¯ÁÖ ±Ç ÇÑÀ» °¡Áö°Ô µÈ´Ù. setgid ±ÇÇÑÀ» ¸í½ÃÇÒ¶§´Â ±âÈ£ ¹æ¹ý¸¸À» »ç¿ëÇÑ´Ù.
setgid ±ÇÇÑÀÌ ¸í½ÃµÈ µð·ºÅ丮 ¹Ø¿¡ »õ·Î »ý¼ºµÇ´Â ¸ðµç ÇÏÀ§ µð·ºÅ丮³ª ÆÄÀÏ µµ setgid ±ÇÇÑÀ» °¡Áø´Ù.
$ id -a
uid=107(blackbat) gid=2002(users) groups=2002(users)
$ mkdir sgid
$ ls -ld sgid
drwxr-xr-x 2 blackbat users 512 Feb 20 17:18 sgid
$ cd sgid
$ mkdir dir1
$ touch file1
$ su
# id -a
uid=0(root)gid=1(other)groups=1(other),0(root),2(bin),3(sys),4(adm),5(uucp),6(mail),7(tty),8(lp),9(nuucp),12(daemon)
# chmod g+s sgid
# ls -ld sgid
drwxr-sr-x 3 blackbat users 512 Feb 20 17:20 sgid
# mkdir dir2
# touch file2
# ls -l
total 4
drwxr-xr-x 2 blackbat users 512 Feb 20 17:20 dir1
drwxr-sr-x 2 root users 512 Feb 20 17:21 dir2
-rw-r--r-- 1 blackbat users 0 Feb 20 17:20 file1
-rw-r--r-- 1 root users 0 Feb 20 17:21 file2
(¾î¶² »ç¿ëÀÚµçÁö »õ·Î ÆÄÀÏÀ̳ª µð·ºÅ丮¸¦ ¸¸µé¾îµµ setgid ±ÇÇÑÀÌ ¸í½ÃµÈ »óÀ§±×·ì°ú µ¿ÀÏÇÑ ±×·ì ¼ÒÀ¯ÀÚ¸¦ °¡Áø´Ù.)
- sticky bit : ÀϹÝÀûÀ¸·Î ¸ðµç »ç¿ëÀÚ¿¡°Ô º¯°æ ±ÇÇÑÀÌ ºÎ¿©µÈ µð·ºÅ丮ÀÌ´Ù.
½Ã½ºÅÛ¿¡ Á¸ÀçÇÏ´Â ¾î¶°ÇÑ »ç¿ëÀÚ¶óµµ ÇØ´ç µð·ºÅ丮 ¹Ø¿¡ ÆÄÀÏÀ̳ª ÇÏÀ§µð ·ºÅ丮¸¦ »ý¼ºÇÒ ¼ö ÀÖ°í, »èÁ¦°¡ °¡´ÉÇÏ´Ù. ÇÏÁö¸¸ »èÁ¦´Â ÆÄÀÏÀ̳ª µð·ºÅä ¸®ÀÇ ¼ÒÀ¯ÀÚ or root »ç¿ëÀÚ or º¯°æ±ÇÇÑÀÌ Çã¶ôÇÏ´Â °æ¿ì¿¡¸¸ °¡´ÉÇÏ´Ù.)
# mkdir sticky
# chmod 1777 sticky
drwxrwxrwt 2 root other 512 Feb 20 17:33 sticky
- setuid, setgid list È®ÀÎ
# find / -type f -perm 6000 > setuidgid.list
# find / -type f -perm 4000 > setuid.list
# find / -type f -perm 2000 > setgid.list
- ACL(Access Control List) :
»ç¿ëÀÚ°¡ °³°³ÀÎÀÇ ±ÇÇÑÀ̳ª ±×·ìÀÇ ±ÇÇÑÀ» ¼³Á¤ÇÏ´Â ¹æ¹ý.
# setfacl -m u:blackbat:rw- /etc/shadow
# setfacl -m m:rw- /etc/shadow
# getfacl /etc/shadow
# file: /etc/shadow
# owner: root
# group: sys
user::r--
user:blackbat:rw- #effective:rw-
group::--- #effective:---
mask:rw-
other:---
# su - blackbat
$ more /etc/shadow
root:L89niy4Uo6HtM:6445::::::
$ su
# setfacl -d u:blackbat:--- /etc/shadow
# ls -l /etc/shadow
-r-------- 1 root sys 339 Feb 18 18:41 /etc/shadow
# su - blackbat
$ more /etc/shadow
/etc/shadow: Permission denied
setfacl :
ÆÄÀÏ¿¡ »õ·Î¿î ACLÀ» Ãß°¡Çϰųª, ±âÁ¸¿¡ ¼³Á¤µÈ ACLÀ» ¹Ù²Ù°Å³ª, »õ·Î¿î ACL·Î ´ëüÇϰųª, ±âÁ¸¿¡ ¼³Á¤µÈ ACLÀ» »èÁ¦ÇÏ´Â ¿ëµµ·Î »ç¿ëÇÏ´Â ¸í·É¾î.
chmod ¸í·É¾î¿¡¼ ºÎ¿©ÇÒ ¼ö ÀÖ´Â ±ÇÇÑ À̿ܿ¡ ¿©·¯ »ç¿ëÀÚ¿Í ±×·ì¿¡ ´ëÇÑ ±ÇÇÑÀ» ÀüÅëÀûÀÎ ±ÇÇѰú´Â º°°³·Î ¸í½ÃÇÒ ¼ö ÀÖ´Ù. setfacl ¸í·É¾î¸¦ »ç¿ëÇϱâ À§Çؼ´Â ÆÄÀÏÀÇ ¼ÒÀ¯ÀÚÀ̰ųª root »ç¿ëÀÚÀÇ ±ÇÇÑÀ» °¡Áö°í ÀÖ¾î¾ß ÇÑ´Ù.
ACL Çü½Ä |
ÀÇ ¹Ì |
u::perms |
ÆÄÀÏ ¼ÒÀ¯ÀÚÀÇ ±ÇÇÑÀ» ¸í½Ã |
g::perms |
ÆÄÀÏ ±×·ì ¼ÒÀ¯ÀÚÀÇ ±ÇÇÑÀ» ¸í½Ã |
o::perms |
±× ¿Ü »ç¿ëÀÚÀÇ ±ÇÇÑÀ» ¸í½Ã |
m::perms |
ACLÀ» »ç¿ëÇØ¼ Ãß°¡ÇÑ »ç¿ëÀÚ³ª ±×·ìÀÌ °¡Áú ¼ö ÀÖ´Â ÃÖ´ë ±ÇÇÑ ¸í½Ã
mask¿¡¼ ¸í½ÃÇÏÁö ¾ÊÀº ±ÇÇÑÀ» »ç¿ëÀÚ³ª ±×·ìÀÌ °¡Áú °æ¿ì À¯È¿ ±ÇÇÑ¿¡´Â ºüÁ® ÀÖÀ¸¹Ç·Î ½ÇÁúÀûÀÎ ±ÇÇÑÀº Çà»ç ÇÒ ¼ö ¾ø°Ô µÈ´Ù. ACL mask´Â º°µµ·Î ¸í½Ã ÇÏÁö ¾ÊÀ» °æ¿ì ÆÄÀÏÀÇ ±×·ì ¼ÒÀ¯ÀÚ°¡ °¡Áö´Â ±ÇÇÑÀÌ ACL mask·Î »ç¿ëµÈ´Ù. |
u:uid:perms |
ÆÄÀÏ ¼ÒÀ¯ÀÚ¸¦ Á¦¿ÜÇÑ ³ª¸ÓÁö »ç¿ëÀÚµéÀÇ ±ÇÇÑÀ» °¢ »ç¿ëÀÚº°·Î ¸í½ÃÇÒ ¼ö ÀÖ´Ù. |
g:gid:perms |
ÆÄÀÏÀÇ ±×·ì¼ÒÀ¯ÀÚ¸¦ Á¦¿ÜÇÑ ³ª¸ÓÁö ±×·ìµéÀÌ ÆÄÀÏ¿¡ ´ëÇØ °¡Áú ¼ö ÀÖ´Â ±ÇÇÑÀ» °³º°ÀûÀÎ ±×·ì¿¡ ´ëÇØ µû·Îµû·Î ¸í½ÃÇÒ ¼ö ÀÖ´Ù. |
¿É¼Ç
¿É ¼Ç |
¼³ ¸í |
-m |
»õ·Î¿î ACLÀ» Ãß°¡Çϰųª, ±âÁ¸ÀÇ ACL º¯°æ. |
-s |
±âÁ¸ÀÇ ACLÀ» »õ·Ó°Ô ¸í½ÃÇÑ ACL·Î ´ëü. Ãß°¡ÇÏ´Â °³º° »ç¿ëÀÚ³ª ±×·ìÀº ACL¿¡ ÀÌ¹Ì Á¤ÀÇµÈ »ç¿ëÀÚ³ª ±×·ìÀº ¸í½Ã°¡ ºÒ°¡´ÉÇÏ´Ù. |
-d |
ÇÊ¿ä¾ø´Â ACL Á¦°Å. |
-f |
ACL ¸í·É¾î¿Í ÇÔ²² ÀÔ·ÂÇÏÁö ¾Ê°í, ÆÄÀÏ¿¡ ÀúÀå ³»¿ëÀ» ÂüÁ¶Çؼ ¼³Á¤ ÇÒ ¼ö ÀÖ´Ù. ´ëºÎºÐÀÇ °æ¿ì ÀÌ¹Ì ´Ù¸¥ ÆÄÀÏ¿¡ ¼³Á¤µÈ ACL°ú µ¿ÀÏÇÏ°Ô ACLÀ» ¼³Á¤ÇÏ´Â ¿ëµµ·Î »ç¿ëÇÑ´Ù.
# touch file1
# setfacl -m u:blackbat:rwx file1
# touch file2
# getfacl file1 | setfacl -f - file2
# ls -l file*
-rw-r--r--+ 1 root other 0 Feb 20 20:30 file1
-rw-r--r--+ 1 root other 0 Feb 20 20:31 file2 |
-r |
ÆÄÀÏ¿¡ Á¤ÀÇµÈ ¸ðµç »ç¿ëÀÚ³ª ±×·ìÀÇ ACLÀ» ¹ÙÅÁÀ¸·Î ÇÊ¿äÇÑ ¸ðµç ±ÇÇÑÀ» °¡Áø »õ·Î¿î ACL mask¸¦ ¸¸µé±â ¶§¹®¿¡, ACL·Î Ãß°¡·Î ±ÇÇÑÀ» °¡Áö´Â ¸ðµç »ç¿ëÀÚ¿Í ±×·ìÀº ÀÚ½ÅÀÇ ±ÇÇÑÀ» Á¤ÀÇµÈ ±×´ë·Î »ç¿ë ÇÒ ¼ö ÀÖ´Ù.
# setfacl -m u:yang:rwx shadow
# getfacl shadow
# file: shadow
# owner: root
# group: other
user::r--
user:ljs:rw- #effective:r--
user:yang:rwx #effective:r--
group::--- #effective:---
mask:r--
other:---
# setfacl -r -m u:blackbat:rwx shadow
# getfacl shadow
# file: shadow
# owner: root
# group: other
user::r--
user:blackbat:rwx #effective:rwx
user:ljs:rw- #effective:rw-
user:yang:rwx #effective:rwx
group::--- #effective:---
|
3) ½Ã½ºÅÛ Á¤º¸ º¸±â
# showrev -a (°¡´ÉÇÑ ¸ðµç Á¤º¸ º¸±â)
# showrev -p (patch Á¤º¸ º¸±â)
# hostid (È£½ºÆ®ÀÇ 16Áø¼ö Ç¥±â)
# hostname
# /usr/platform/sun4u/sbin/prtdiag -v (½Ã½ºÅÛÀÇ ÀüüÀûÀÎ ÇöȲ º¸±â)
# prtconf | grep Memory (½Ã½ºÅÛ ¸Þ¸ð¸®¾ç º¸±â)
# vi /etc/motd (·Î±×Àνà º¸¿©ÁÙ ¸Þ½ÃÁö ¼öÁ¤ °¡´É)
- ¾ÐÃà À¯Æ¿¸®Æ¼
# tar cvf file.tar file1 file2 file3 (file.tar·Î ¾ÐÃà)
# tar tvf file.tar (file.tarÀÇ ³»¿ëº¸±â)
# tar rvf file.tar file4 (file4¸¦ Ãß°¡)
# tar xvf file.tar (¾ÐÃà ÇØÁ¦)
# compress file.tar
# uncompress file.tar.Z
# zcat file.tar.gz | tar xvf-
# gzip file.tar
# gzip -d file.tar.gz
# gunzip file.tar.gz