用户和组ID的主要用途有:
1. 确定各种系统资源的所有权;
2. 对赋予进程访问上述资源的权限加以控制
密码文件:/etc/passwd
针对系统中的每一个用户账号,这个文件都会有一行数据进行描述,每一行包含7个field,之间用冒号分割,如下:
-
abc:x:1000:100:Michael Kerrisk:/home/abc:/bin/bash
这7个field分别表示:
1. 登录名
2. 经过加密的密码(一版都启用shadow密码,这个字段会是字符x)
3. 用户id,UID
4. 组id, GID
5. 注释
6. 主目录
7. 登录shell
在单机系统中,所有密码信息都存储在/etc/passwd文件中。然而,如果使用了NIS或LDAP在网络环境中分发密码,那么部分密码信息可能会由远端系统保存,但对应用程序来说都是透明的。
shadow密码文件/etc/shadow
其理念是:用户的所有非敏感信息存放于“人人可读”的密码文件中,而经过加密处理的用户密码则由shadow密码文件单独维护,仅供拥有特权的程序读取
shadow密码文件包含有登录名、经过加密的密码、以及其他若干与安全性相关的字段
组文件:/etc/group
系统中每个组在族文件/etc/group中都对应着一条记录,每条记录包含4个字段,之间以冒号分隔,分别表示为:1. 组名;2. 经过加密处理的密码;3. 组id, 用户列表
获取用户和组的信息:
-
#include <pwd.h>
-
struct passwd *getpwnam(const char *name);
-
struct passwd *getpwuid(uid_t uid);
-
/*both return a pointer on success, or NULL on error;找不到时不设置errno*/
返回指针指向如下结构体,各个字段分别对应上述7个字段:
-
struct passwd{
-
char *pw_name;
-
char *pw_passwd;
-
uid_t pw_uid;
-
gid_t pw_gid;
-
char *pw_gecos;
-
char *pw_dir;
-
char *pw_shell;
-
};
返回的指针指向一个静态分配的结构,而其中包含的指针也是指向静态分配的信息,用法如下:
-
struct passwd *pwd;
-
errno = 0;
-
pwd = getpwnam(name);
-
if(pwd == NULL){
-
if (errno == 0)
-
/*not found*/;
-
else
-
/*error*/;
-
}
在组文件中获取记录同上:
-
#include <grp.h>
-
struct group *getgrnam(const char *name);
-
struct group *getgrgid(gid_t gid);
-
/*both return a pointer on success, or NULL on error*/
-
struct group{
-
char *gr_name;
-
char *gr_passwd;
-
gid_t gr_gid;
-
char **gr_mem;
-
};
扫描密码文件和组文件中的所有记录:
-
#include <pwd.h>
-
struct passwd *getpwent(void);
-
/*returns pointer on success, or NULL on end of stream or error*/
-
void setpwent(void);/*重返文件起始处*/
-
void endpwent(void);/*关闭相应资源*/
-
-
-
struct passwd *pwd;
-
while((pwd = getpwent()) != NULL)
-
printf("%-8s %5ld\n",pwd->pw_name, (long)pwd->pw_uid);
-
endpwent();
-
#include <grp.h>
-
struct group *getgrent(void);
-
/*returns pointer on success, or NULL on end of stream or error*/
-
void setgrent(void);/*重返文件起始处*/
-
void endgrent(void);/*关闭相应资源*/
从shadow密码文件中获取记录
-
#include <shadow.h>
-
struct spwd *getspnam(const char *name);
-
/*returns pointer on success, or NULL on not found or error*/
-
struct spwd *getspent(void);
-
/*returns pointer on success, or NULL on end of stream or error*/
-
void setspent(void);
-
void endspent(void);
-
-
struct spwd{
-
char *sp_namep;/*login name*/
-
char *sp_pwdp;/*encrypted password*/
-
long sp_lstchg;/*time of last password change (days since 1 Jan 1970)*/
-
long sp_min;/*min number of days between password changes*/
-
long sp_max;/*max number of days before change required*/
-
long sp_warn;/*number of days beforehand that user is warned of upcoming password expiration*/
-
long sp_inact;/*number of days after expiration that account is considered inactive and locked*/
-
long sp_expire;/*date when account expires*/
-
unsigned long sp_flag;/*reserved for future use*/
-
};
密码加密和用户认证:
-
#define _XOPEN_SOURCE
-
#include <unistd.h>
-
/*最长8字符key, salt指向一个两字符的字符串*/
-
char *crypt(const char *key, const char *salt);
-
/*returns pointer to statically allocated string containing encrypted password on success, or NULL on error*/
-
-
#define _BSD_SOURCE
-
#include <unistd.h>
-
char *getpass(const char *prompt);
-
/*returns pointer to statically allocated input password string on success, or NULL on error*/
登录账号以及系统标识:
-
struct utmp{
-
char ut_line[8];/*tty line: "ttyh0", "ttyd0", "ttyp0", ...*/
-
char ut_name[8];/*login name*/
-
long ut_time; /*seconds since Epoch*/
-
};
-
-
#include <sys/utsname.h>
-
int uname(struct utsname *name);
-
/*returns non-negative value if ok, -1 on error*/
-
-
struct utsname{
-
char sysname[];/*name of the os*/
-
char nodename[];/*name of this node*/
-
char release[];/*current release of os*/
-
char version[];/*current version of this release*/
-
char machine[];/*name of hardware type*/
-
};
阅读(9750) | 评论(0) | 转发(0) |