Chinaunix首页 | 论坛 | 博客
  • 博客访问: 104622794
  • 博文数量: 19283
  • 博客积分: 9968
  • 博客等级: 上将
  • 技术积分: 196062
  • 用 户 组: 普通用户
  • 注册时间: 2007-02-07 14:28
文章分类

全部博文(19283)

文章存档

2011年(1)

2009年(125)

2008年(19094)

2007年(63)

分类: LINUX

2008-04-29 11:44:49

   来源:CentOS Pub   作者:陈超  

[4] 建立管理员组内一般用户

在 一般情况下,一般用户通过执行“su -”命令、输入正确的root密码,可以登录为root用户来对系统进行管理员级别的配置。但是,为了更进一步加强系统的安全性,有必要建立一个管理员的 组,只允许这个组的用户来执行“su -”命令登录为root用户,而让其他组的用户即使执行“su -”、输入了正确的root密码,也无法登录为root用户。在UNIX下,这个组的名称通常为“wheel”。

[root@sample ~]# usermod -G wheel centospub  ← 将一般用户 centospub 加在管理员组wheel组中

[root@sample ~]# vi /etc/pam.d/su  ← 打开这个配置文件

#auth required /lib/security/$ISA/pam_wheel.so use_uid   ← 找到此行,去掉行首的“#”
 ↓
auth required /lib/security/$ISA/pam_wheel.so use_uid  ← 变为此状态(大约在第6行的位置)

[root@sample ~]# echo "SU_WHEEL_ONLY yes" >> /etc/login.defs ← 添加语句到行末

以上操作完成后,可以再建立一个新用户,然后用这个新建的用户测试会发现,没有加入到wheel组的用户,执行“su -”命令,即使输入了正确的root密码,也无法登录为root用户。

[5] 建立PPPoE连接(非xDSL接入方式的用户可跳过此步骤)

 [root@sample ~]# adsl-setup  ← 建立ADSL连接

Welcome to the ADSL client setup. First, I will run some checks on
your system to make sure the PPPoE client is installed properly...

LOGIN NAME

Enter your Login Name (default root): ← 填入ADSL连接的用户名

INTERFACE

Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethX, where 'X' is a number.
(default eth0):
  ← 指定网络接入设备,一块网卡的情况下,一般为默认eth0

Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped. If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses. You may have some problems with demand-activated links.
Enter the demand value (default no):
  ← 直接按回车,接受默认设置

DNS

Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
Enter the DNS information here:
  ← 如果知道DNS服务器的信息在此填入。不知道的情况按回车跳过

PASSWORD

Please enter your Password: ← 输入ADSL的连接密码
Please re-enter your Password: ← 再次确认输入ADSL的连接密码

USERCTRL

Please enter 'yes' (two letters, lower-case.) if you want to allow
normal user to start or stop DSL connection (default yes):
no ← 填入no,不允许一般用户控制PPPoE的连接

FIREWALLING

Please choose the firewall rules to use. Note that these rules are
very basic. You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security. If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself. Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc. If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.

The firewall choices are:
0 - NONE: This script will not set any firewall rules. You are responsible
for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
for a LAN
Choose a type of firewall (0-2):
0 ← 输入0,不在这里使用防火墙

Start this connection at boot time

Do you want to start this connection at boot time?
Please enter no or yes (default no):
yes ← 填入yes,在系统启动时自动连接ADSL

** Summary of what you entered **

Ethernet Interface: eth0
User name: caun870293@ca.dti.ne.jp
Activate-on-demand: No
DNS: Do not adjust
Firewalling: NONE
User Control: no
Accept these settings and adjust configuration files (y/n)?
y ← 配置信息确认无误后,键入y同意设置
Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
(But first backing it up to /etc/ppp/chap-secrets.bak)
(But first backing it up to /etc/ppp/pap-secrets.bak)

?

Congratulations, it should be all set up!

Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'
to bring it down.
Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0'
to see the link status.

然后,启动ADSL连接。

 [root@sample ~]# adsl-start  ← 启动ADSL连接

[root@sample ~]#   ← 稍等片刻后若启动成功后出现提示符(无任何提示即意味着连接成功)

这时,通过“ifconfig”命令可以看到各网络接口的信息(IP地址等等)。

阅读(316) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~