1. 일반 사용자 및 root 의 접근을 제한하는 설정 파일
/etc/default/su
/etc/default/login
/etc/default/passwd
# vi /etc/default/su
1 #ident "@(#)su.dfl 1.6 93/08/14 SMI" /* SVr4.0 1.2 */
2
3 # SULOG determines the location of the file used to log all su attempts
4 #
5 SULOG=/var/adm/sulog 
누가 언제 su 명령어를 썼는지 보기
6
7 # CONSOLE determines whether attempts to su to root should be logged
8 # to the named device
9 #
10 #CONSOLE=/dev/console 
# 을 제거하면 root 로 switch user 한 경우만 console 로 dispaly 한다
11
12 # PATH sets the initial shell PATH variable
13 #
14 #PATH=/usr/bin:
15
16 # SUPATH sets the initial shell PATH variable for root
17 #
18 #SUPATH=/usr/sbin:/usr/bin
19
20 # SYSLOG determines whether the syslog(3) LOG_AUTH facility should be used
21 # to log all su attempts. LOG_NOTICE messages are generated for su's to
22 # root, LOG_INFO messages are generated for su's to other users, and LOG_CRIT
23 # messages are generated for failed su attempts.
24 #
25 SYSLOG=YES
# vi /etc/default/login
1 #ident "@(#)login.dfl 1.11 00/10/19 SMI"
2 #
3 # Copyright (c) 1989-2000 by Sun Microsystems, Inc.
4 # All rights reserved.
5
6 # Set the TZ environment variable of the shell.
7 #
8 #TIMEZONE=EST5EDT
9
10 # ULIMIT sets the file size limit for the login. Units are disk blocks.
11 # The default of zero means no limit.
12 #
13 #ULIMIT=0
14
15 # If CONSOLE is set, root can only login on that device.
16 # Comment this line out to allow remote login by root.
17 #
18 #CONSOLE=/dev/console
|
CONSOLE → root 사용자가 login 할 수 있는 terminal 지정 변수 #CONSOLE=/dev/console → network 등 다른 terminal 로도 가능 |
19
20 # PASSREQ determines if login requires a password.
21 #
22 PASSREQ=YES
23
24 # ALTSHELL determines if the SHELL environment variable should be set
25 #
26 ALTSHELL=YES
27
28 # PATH sets the initial shell PATH variable
29 #
30 #PATH=/usr/bin:
31
32 # SUPATH sets the initial shell PATH variable for root
33 #
34 #SUPATH=/usr/sbin:/usr/bin
35
36 # TIMEOUT sets the number of seconds (between 0 and 900) to wait before
37 # abandoning a login session.
38 #
39 #TIMEOUT=300
40
41 # UMASK sets the initial shell file creation mode mask. See umask(1).
42 #
43 #UMASK=022
44
45 # SYSLOG determines whether the syslog(3) LOG_AUTH facility should be used
46 # to log all root logins at level LOG_NOTICE and multiple failed login
47 # attempts at LOG_CRIT.
48 #
49 SYSLOG=YES
50
51 # SLEEPTIME controls the number of seconds that the command should
52 # wait before printing the "login incorrect" message when a
53 # bad password is provided. The range is limited from
54 # 0 to 5 seconds.
55 #
56 #SLEEPTIME=4 login 시 잘못된 입력을 했을경우 다음 prompt 가 생기는 delay time
57
58 # DISABLETIME If present, and greater than zero, the number of seconds
59 # login will wait after RETRIES failed attempts or the PAM framework returns
60 # PAM_ABORT. Default is 20. Minimum is 0. No maximum is imposed.
61 #
62 #DISABLETIME=20
63
64 # RETRIES determines the number of failed logins that will be
65 # allowed before login exits.
66 #
67 #RETRIES=5 
login 실패시 terminate 되는 회수
68 #
69 # The SYSLOG_FAILED_LOGINS variable is used to determine how many failed
70 # login attempts will be allowed by the system before a failed login
71 # message is logged, using the syslog(3) LOG_NOTICE facility. For example,
72 # if the variable is set to 0, login will log -all- failed login attempts.
73 #
74 #SYSLOG_FAILED_LOGINS=5 login 
실패시 syslogd 에 message 전송
# vi /etc/default/passwd
"/etc/default/passwd" [Read only] 4 lines, 74 characters
1 #ident "@(#)passwd.dfl 1.3 92/07/14 SMI"
2 MAXWEEKS=
3 MINWEEKS=
4 PASSLENGTH=6
'Note > UNIX/LINUX 노트' 카테고리의 다른 글
| 솔라리스에서 디스크 추가 (0) | 2013.03.28 |
|---|---|
| Special File Permission (0) | 2013.03.28 |
| 솔라리스 Putty 연결 설정 (0) | 2013.03.27 |
| 패스워드 에이징 (password aging) (0) | 2013.03.27 |
| 솔라리스에서 사용할 수 있는 다양한 쉘의 절대 경로명 (0) | 2013.03.27 |