Q9W5:DbVTtY7_nw
Warning:Original file contains whitespace invisible,do not edit casually,required Filetype:Markdown,Syntax:Markdown,Editor:Sublime Text.
MANUAL SECTIONS:
The standard sections of the manual include:
- 1 命令 User Commands
- 2 系统调用 System Calls
- 3 库函数 C Library Functions
- 4 特殊文件 Devices and Special Files
- 5 文件格式 File Formats and Conventions
- 6 游戏 Games et. Al.
- 7 杂项信息 Miscellanea
- 8 系统管理 System Administration tools and Daemons
How to search a command for specific information
you can man man to check follows:
man number command
man -f command = whatis command
man -k command = apropos command
info command
related command:
crypt(3)
dlopen(3)
syslog(3)
related file(directory):
/etc/passwd
/usr/lib/security
/lib/security
/lib64/security
/usr/include/security/ | grep types.h
/etc/security/access.conf
- if /etc/pam.d exists,PAM will ignore /etc/pam.conf
Linux-PAM deals with four separate types of management:
- authentication management
- account management
- session management
- password management
The format of /etc/pam.conf of each rule is a space separated collection of tokens,the first three being case-insensitive:
service type control module-path module-arguments
The syntax of each file in /etc/pam.d/ is similar to that of the /etc/pam.conf file and is made up of lines of the following form:
type control module-path module-arguments
The service is typically the familiar name of the corresponding application: login and su are good examples. The service-name, other, is reserved for giving default rules. Only lines that mention the current service (or in the absence of such, the other entries) will be associated with the given service-application.
The type is the management group that the rule corresponds to. It is used to specify which of the management groups the subsequent module is to be associated with. Valid entries are:
account
this module type performs non-authentication based account management. It is typically used to restrict/permit access to a service based on the time of day, currently available system resources (maximum number of users) or perhaps the location of the applicant user -- 'root' login only on the console.
auth
this module type provides two aspects of authenticating the user. Firstly, it establishes that the user is who they claim to be, by instructing the application to prompt the user for a password or other means of identification. Secondly, the module can grant group membership or other privileges through its credential granting properties.
password
this module type is required for updating the authentication token associated with the user. Typically, there is one module for each 'challenge/response' based authentication (auth) type.
session
this module type is associated with doing things that need to be done for the user before/after they can be given service. Such things include the logging of information concerning the opening/closing of some data exchange with a user, mounting directories, etc.
常用PAM模块介绍
PAM模块 管理类型 说明
pam_unix.so auth 提示用户输入密码,并与/etc/shadow文件相比对.匹配返回0
pam_unix.so account 检查用户的账号信息(包括是否过期等).帐号可用时,返回0.
pam_unix.so password 修改用户的密码. 将用户输入的密码,作为用户的新密码更新shadow文件
pam_shells.so (auth,account) 如果用户想登录系统,那么它的shell必须是在/etc/shells文件中
pam_deny.so (account,auth,password,session) 该模块可用于拒绝访问
pam_deny.so (account,auth,password,session)模块任何时候都返回成功
pam_securetty.so auth 如果用户要以root登录时,则登录的tty必须在/etc/securetty之中
pam_listfile.so (account,auth,password,session) 访问应用程的控制开关
pam_cracklib.so password 这个模块可以插入到一个程序的密码栈中,用于检查密码的强度
pam_limits.so session 定义使用系统资源的上限,root用户也会受此限制,可以通过/etc/security/limits.conf或/etc/security/limits.d/*.conf来设定
related topic
Filesystem Hierarchy Standard(FHS)
