Linux Shadow Password HOWTO Michael H. Jackson, mhjack@tscnet.com. (¹ø¿ªÀÚ) Á¶¿ëÀÏ, v1.3, 3 April 1996, ¹ø¿ªÀÏ 1997³â 2¿ù 1ÀÏ ÀÌ ¹®¼­´Â Linux Passwd Shadow Suite¸¦ ¾î¶»°Ô ¾ò°í, ¼³Ä¡ÇÏ°í, ÃʱâÈ­ÇÏ´Â ¹æ¹ýÀ» ¼³¸íÇÏ°í ÀÖ´Ù. ¶ÇÇÑ user password¸¦ ÇÊ¿ä·Î ÇÏ´Â net­ work daemonÀ̳ª software¸¦ ¾ò°í, À缳ġÇÏ´Â °Íµµ ´Ù·ç°í ÀÖ´Ù. ±×·± software´Â Shadow SuiteÀÇ ÀϺΰ¡ ¾Æ´ÏÁö¸¸, Shadow Suite¸¦ Áö¿øÇϵµ·Ï Àç compileÇÒ ÇÊ¿ä°¡ ÀÖ´Ù. ±ÛÁß¿¡´Â program¿¡ shadow¸¦ Áö¿øÇÏ´Â pro­ gramming exampleµµ ÀÖ´Ù. ÀÚÁÖ ¹¯´Â Áú¹®µé¿¡ ´ëÇÑ ´äÀÌ ±Û ¸»¹Ì¿¡ ÀÖ´Ù. ______________________________________________________________________ Â÷ ·Ê 1. µé¾î°¡¸é¼­. 1.1. ÀÌÀü ±Û°ú ´Ù¸¥ °Íµé. 1.2. ÀÌ ¹®¼­ÀÇ ÃÖ±Ù °ÍÀº... 1.3. Feedback. 2. ¿Ö passwd fileÀ» ¼û°Ü¾ß Çϴ°¡? 2.1. passwd fileÀ» ÀºÆóÇϱ⸦ ÁÖÀúÇմϱî? 2.2. /etc/passwd fileÀÇ Çü½Ä 2.3. shadow fileÀÇ Çü½Ä 2.4. crypt(3)¿¡ ´ëÇؼ­. 3. Shadow Suite ¾ò±â. 3.1. Linux¿ë Shadow SuiteÀÇ ¿ª»ç 3.2. ¾îµð¼­ Shadow Suite¸¦ ¾ò½À´Ï±î? 3.3. Shadow Suite¿¡´Â ¹º°¡ ÀÖ´Â °Í°°Àº µ¥... 4. programµé ¸¸µé±â. 4.1. ¾ÐÃàÇ®±â. 4.2. config.h fileÀ» °¡Áö°í ¼³Á¤ÇÕ´Ï´Ù. 4.3. ¿ø programÀÇ backup copyµéÀ» ¸¸µç´Ù. 4.4. make¸¦ ½ÇÇà 5. ¼³Ä¡ 5.1. ÀÏÀÌ À߸øµÅ¾î °¥ °æ¿ì¸¦ ´ëºñÇؼ­ boot disk¸¦ ÁغñÇսôÙ. 5.2. Áߺ¹µÈ man pageµéÀ» Á¦°ÅÇϱâ 5.3. make installÀ» ½ÇÇà 5.4. pwconv ½ÇÇà 5.5. npasswd¿Í nshadowÀÇ À̸§À» ¹Ù²Û´Ù. 6. patchÇϰųª upgradeÇÒ ÇÊ¿ä°¡ ÀÖ´Â ´Ù¸¥ programµé 6.1. Slackware adduser program 6.2. The wu_ftpd Server 6.3. Ç¥ÁØ ftpd 6.4. pop3d (Post Office Protocol 3) 6.5. xlock 6.6. xdm 6.7. sudo 6.8. imapd (E-Mail 6.9. pppd (Point-to-Point Protocol Server) 7. Shadow Suite »ç¿ëÇϱâ 7.1. »ç¿ëÀÚ°èÁ¤ Ãß°¡, ¼öÁ¤, »èÁ¦ 7.1.1. useradd 7.1.2. usermod 7.1.3. userdel 7.2. passwd ¸í·É°ú passwd ¼ö¸í Á¤Çϱâ. 7.3. The login.defs file. 7.4. Group passwords. 7.5. ÀÏ°ü¼º Á¡°Ë programµé 7.5.1. pwck 7.5.2. grpck 7.6. Dial-up passwords. 8. C program¿¡ Shadow¸¦ Áö¿øÇϵµ·Ï µ¡ºÙÀ̱â 8.1. Header files 8.2. libshadow.a library 8.3. Shadow ±¸Á¶Ã¼ 8.4. Shadow ÇÔ¼öµé 8.5. Example 9. ÀÚÁÖ ¹¯´Â Áú¹®µé. 10. ÀúÀ۱ǿ¡ °üÇؼ­. 11. °¨»ç¸»°ú ±× ¹Û¿¡... ______________________________________________________________________ 1. µé¾î°¡¸é¼­. ÀÌ°ÍÀº Linux Shadow-Password-HOWTOÀÌ´Ù. ÀÌ ±ÛÀº Linux system¿¡¼­ shadow password°¡ ¿Ö Áö¿øµÆ°í, ¾î¶² ½ÄÀ¸·Î Áö¿øÇÏ´ÂÁö ±â¼úÇÏ°í ÀÖ´Ù. Shadow SuiteÀÇ ¸î¸î ±â´ÉÀ» ¾î¶»°Ô ¾²´Â°¡¿¡ ´ëÇÑ ¿¹Á¦µéµµ Æ÷ÇÔÇÏ°í ÀÖ´Ù. Shadow Suite¸¦ ¼³Ä¡ÇÏ°í, ¸¹Àº utilityµéÀ» »ç¿ëÇÒ ¶§, ¹Ýµå½Ã root·Î loginÇØ¾ß ÇÑ´Ù. Shadow Suite¸¦ ¼³Ä¡ÇÒ ¶§, system software¿¡ º¯È­¸¦ ÁÖ¾î¾ß ÇÒ °ÍÀÌ´Ù. ±×¸®°í, Áö½ÃÇÏ´Â ´ë·Î programÀÇ backup º¹»çº»À» ¸¸µé¾î ³õ±â¸¦ °­·ÂÈ÷ ±Ç°íÇÑ´Ù. ¶ÇÇÑ, ½ÃÀÛÇϱâ Àü¿¡ ¾È³»¼­¸¦ Àаí ÀÌÇØÇϱ⸦ ±ÇÇÑ´Ù. 1.1. ÀÌÀü ±Û°ú ´Ù¸¥ °Íµé. µ¡ ºÙ¿©Áø °Íµé: shadow¸¦ ¿Ö ¼³Ä¡ÇÏÁö ¿øÇÏÁö ¾Ê´Â ÀÌÀ¯¿¡ ´ëÇÑ sub-section xdmÀ» updateÇÏ´Â °Í¿¡ ´ëÇÑ sub-section ÀÛ¾÷¿¡ Shadow SuiteÀÇ ±â´ÉÀ» Ãß°¡ÇÏ´Â ¹æ¹ý¿¡ ´ëÇÑ section ÀÚÁÖ ¹¯´Â Áú¹®¿¡ ´ëÇÑ section ¼öÁ¤ ¹× updateµÈ °Íµé: SunsiteÀÇ html ÂüÁ¶¸¦ Á¤Á¤ Makefile¿¡ -lshadow¸¦ µ¡ºÙÀ̵µ·Ï wu-ftp¿¡ ´ëÇÑ sectionÀÇ Á¤Á¤ öÀÚ¿Í ¼ö´Ù½º·¯¿òÀ» Á¤Á¤ ELF¸¦ Áö¿øÇϵµ·Ï wu-ftpd¿¡ ´ëÇÑ section º¯°æ ¿©·¯°¡Áö login programÀÇ º¸¾È ¹®Á¦¸¦ ¹Ý¿µÇϵµ·Ï update Marek MichalkiewiczÀÇ Linux Shadow Suite¸¦ ±ÇÇϵµ·Ï update 1.2. ÀÌ ¹®¼­ÀÇ ÃÖ±Ù °ÍÀº... ÀÌ ¹®¼­ÀÇ ÃÖ±ÙÆÇÀº anonymous FTPÀÎ sunsite.unc.edu /pub/Linux/docs/HOWTO/Shadow-Password-HOWTO ¶Ç´Â: /pub/Linux/docs/HOWTO/other-formats/Shadow-Password-HOWTO{-html.tar,ps,dvi}.gz ¿¡ ÀÖÀ¸¸ç, ¶Ç´Â Linux Documentation Project Web Server ¸¦ ÅëÇؼ­, Shadow-Password- HOWTO , ¶Ç´Â ³ª()¿¡°Ô Á÷Á¢ ¾òÀ» ¼ö ÀÖ´Ù. ÀÌ °ÍÀº newsgroup: comp.os.linux.answers¿¡ Ç×»ó °Ô½ÃµÈ´Ù. ÀÌ ¹®¼­´Â Shadow-YYDDMM package¿¡ Æ÷ÇԵȴÙ. 1.3. Feedback. ³ª(Michael H. Jackson )¿¡°Ô ¾î¶² ÀÇ°ß, »õ·Î¿î °Í, Á¦¾ÈÀ» º¸³»Áֱ⠹ٶõ´Ù. ³»°¡ »¡¸® ±×·¯ÇÑ °ÍµéÀ» ¹ÞÀ»¼ö·Ï, ÀÌ ¹®¼­¸¦ »¡¸® ÃֽŠÁ¤º¸¸¦ ´ã°í, À߸øÀ» ¹Ù·Î ÀâÀ» ¼ö ÀÖ´Ù. ¾î¶² ¹®Á¦°¡ ÀÖÀ» °æ¿ì¿¡´Â ³ª¿¡°Ô Á÷Á¢ ÀüÇØÁֱ⠹ٶõ´Ù. ¿Ö³ÄÇÏ¸é ³»°¡ newsgroup¿¡ ¸ÅÀÏ ¿Ã¶ó°¡Áö ¾Ê±â ¶§¹®ÀÌ´Ù. 2. ¿Ö passwd fileÀ» ¼û°Ü¾ß Çϴ°¡? ±âº»ÀûÀ¸·Î, ´ëºÎºÐÀÇ Linux ¹èÆ÷º»µéÀº ÁغñµÈ Shadow Suite¸¦ Æ÷ÇÔÇÏÁö ¾Ê´Â´Ù. Slackware 2.3, Slackware 3.0, ´Ù¸¥ Àß ¾Ë·ÁÁø ¹èÆ÷º»µéÀÌ ±×·¯ÇÏ´Ù. ÀÌ·¸°Ô ÇÏ´Â ÀÌÀ¯Áß Çϳª´Â ¿ø·¡ÀÇ Shadow Suite°¡ µ·À» ¹Þ°í Àç¹èÆ÷ÇÒ °æ¿ì¿¡ ´ëÇÑ ÀúÀÛ±ÇÀÌ ¸íÈ®ÇÏÁö ¾Ê±â ¶§¹®ÀÌ´Ù. Linux´Â »ç¿ëÇϱâ ÆíÇÏ°Ô Æ÷Àå(CD-ROM ¹èÆ÷ó·³)ÇÑ µÚ, ±×¿¡ ´ëÇÑ ´ñ°¡·Î µ·À» ¹Þ´Â °ÍÀ» Çã¿ëÇÏ´Â GNUÀÇ ÀúÀÛ±Ç(Copyleft¶ó°í ºÒ¸®¿ì±âµµ ÇÑ´Ù)¸¦ »ç¿ëÇÑ´Ù. Áö±Ý Shadow Suite¸¦ °ü¸®ÇÏ´Â Marek Michalkiewicz ¾¾´Â Àç¹èÆ÷¸¦ Çã¿ëÇÏ´Â BSDÀÇ ÀúÀÛ±ÇÀ» µû¸£´Â ÀúÀڷκÎÅÍ source code¸¦ ¹Þ¾Ò´Ù. µû¶ó¼­, Áö±ÝÀº ÀúÀÛ±Ç ¹®Á¦´Â ÇØ°áµÇ¾î¼­, ÀÌÈÄ¿¡ ³ª¿À´Â ¹èÆ÷º»¿¡´Â password¿¡ shadow°¡ ±âº»À¸·Î »ç¿ëµÉ ¼ö ÀÖÀ» °ÍÀÌ´Ù. ±×¶§±îÁö´Â ´ç½Å ½º½º·Î ¼³Ä¡ÇØ¾ß µÈ´Ù. CD-ROMÀ¸·ÎºÎÅÍ ¹èÆ÷º»À» ¼³Ä¡Çß´Ù¸é, ºñ·Ï ¹èÆ÷º»ÀÌ Shadow Suite¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´õ¶óµµ, CD-ROM¿¡¼­ Shadow Suite¸¦ ¿øÇÏ´Â ¸î¸î fileµéÀÌ ÀÖÀ» °ÍÀÌ´Ù. ¾î·µç, Shadow Suite 3.3.1, 3.3.1-2, shadow-mk´Â login program°ú suid root¸¦ ¾²´Â program¿¡ º¸¾È ÇãÁ¡ÀÌ ÀÖ°í, ´õ ÀÌ»ó ¾²Áö ¸»¾Æ¾ß ÇÑ´Ù. ¸ðµç ÇÊ¿äÇÑ fileµéÀº anonymous FTP³ª WWWÀ» ÅëÇؼ­ ¾òÀ» ¼ö ÀÖ´Ù. Shadow Suite¸¦ ±òÁö ¾ÊÀº Linux system¿¡¼­´Â, password¸¦ Æ÷ÇÔÇÑ »ç¿ëÀÚ Á¤º¸´Â /etc/passwd¿¡ º¸°üµÇ¾î ÀÖ´Ù. password´Â ¾ÏȣȭµÇ¾î¼­ (encrypted) ÀúÀåµÈ´Ù. ¸¸ÀÏ ¾ÏÈ£ÇÐÀÇ Àü¹®°¡¿¡°Ô ¹¯´Â´Ù¸é, ±×´Â password´Â encryptµÈ Çü½ÄÀ̶ó±â º¸´Ù´Â encodeµÈ Çü½ÄÀ¸·Î µÇ¾î ÀÖ´Ù. ÀÌÀ¯´Â crypt(3)À» Àû¿ëÇÒ ¶§, text´Â null·Î ÇÏ°í password¸¦ key·Î »ç¿ëÇϱ⠶§¹®À̶ó°í ÇÑ´Ù. µû¶ó¼­ ÀÌ ¹®¼­¿¡¼­´Â encodeµÈÀ̶ó´Â ¸»À» ¾µ °ÍÀÌ´Ù. (¿ªÀÚÁÖ : »çÀü¿¡´Â encode¿Í encrypt¸¦ °°Àº ¶æÀ¸·Î »ç¿ëÇÏ°í ÀÖÀ¾´Ï´Ù. - ¾ÏÈ£·Î ¹Ù²ã¾²´Ù - ¶ó´Â ¶æÀÔ´Ï´Ù¸¸, ¾ÏÈ£ÇÐÀ» Àü°øÇϽŠºÐµé¿¡°Ô´Â ´µ¾Ó½º°¡ ´Ù¸¦ °Í°°½À´Ï´Ù. ÀÌ¿¡ ´ëÇÑ º¸Ãæ ¹Ù¶ø´Ï´Ù.) password¸¦ encodeÇÏ´Â µ¥ »ç¿ëµÇ´Â algorithmÀº ±â¼úÀûÀ¸·Î´Â ´Ü¹æÇâ hash function°ú °°Àº ¹æ¹ýÀ¸·Î °£Áֵǰí ÀÖ´Ù. ÀÌ °ÍÀº ¼ø¹æÇâÀ¸·Î´Â °è»êÇϱâ ÆíÇÏ°Ô µÇ¾î ÀÖÁö¸¸ ¿ª¹æÇâÀº ¿¬»êÀÌ ¸Å¿ì Èûµé°Ô µÇ¾î ÀÖ´Ù. »ç¿ëµÈ algorithm¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ¼³¸íÀº section 2.4³ª crypt(3) manual page¿¡ ÀÖ´Ù. »ç¿ëÀÚ°¡ password¸¦ ¼±ÅÃÇϰųª ÇÒ´ç¹ÞÀ» ¶§, password´Â salt(¼Ò±Ý?)¶ó°í ºÒ¸®´Â ¹«ÀÛÀ§·Î »ý¼ºµÈ °ª°ú °°ÀÌ encodeµÈ´Ù. ÀÌ°ÍÀº ¾î¶² passwordµçÁö 4096°¡ÁöÀÇ ´Ù¸¥ ¹æ¹ýÀ¸·Î ÀúÀåµÉ ¼ö ÀÖ´Ù¶ó´Â ¾ê±â´Ù. salt °ªÀº encodeµÈ password¿Í °°ÀÌ ÀúÀåµÈ´Ù. »ç¿ëÀÚ°¡ loginÇÏ°í password¸¦ »ç¿ëÇϸé, salt´Â encodeµÇ¾î ÀúÀåµÈ password¿¡¼­ »ÌÇôÁ® ³ª¿Â´Ù. ±×´ÙÀ½ ÀÔ·ÂµÈ password¿Í salt°¡ °°ÀÌ encodeµÈ´Ù. ±×¸®°í, encodeµÇ¾î ÀúÀåµÈ password¿Í ºñ±³ÇÑ´Ù. ±× °á°ú, ¼­·Î °°´Ù¸é »ç¿ëÀÚ´Â ÀÎÁõµÈ´Ù. ¹«Áú¼­ÇÏ°Ô encodeµÈ password¸¦ ȹµæÇؼ­ ¿ø·¡ÀÇ password·Î µÇµ¹¸®´Â °ÍÀº °è»ê»óÀ¸·Î´Â Èûµé´Ù(±×·¯³ª ºÒ°¡´ÉÇÏÁö´Â ¾Ê´Ù). ±×·¯³ª, ÀûÁö ¾ÊÀº »ç¿ëÀÚ°¡ »ç¿ëÇÏ´Â systemÀ̶ó¸é, Àû¾îµµ ¸î¸î password´Â ÀÏ»ó´Ü¾î·Î ÀÌ·ç¾îÁ® ÀÖ´Ù (¶Ç´Â °£´ÜÇÑ º¯Á¾ÀÌ´Ù). system crackerµé´Â ÀÌ·± °ÍÀ» ¾Ë°í, ÀÚÁÖ ¾²ÀÌ´Â passwordµé°ú ´Ü¾îÀÇ »çÀü°ú °¡´ÉÇÑ 4096°¡Áö salt °ªÀ» »ç¿ëÇؼ­ encryptÀ» ÇàÇÒ °ÍÀÌ´Ù. ±×´ÙÀ½¿¡ ±×µéÀº ±×µéÀÇ database¿¡ ÀÖ´Â ´ç½ÅÀÇ /etc/passwd fileÀÇ encodeµÈ password¿Í ºñ±³ÇÒ °ÍÀÌ´Ù. ÀÏ´Ü Çϳª¶óµµ ÀÏÄ¡ÇÑ´Ù¸é ±×µéÀº ¶Ç´Ù¸¥ °èÁ¤ÀÇ password¸¦ °¡Áö°Ô µÇ´Â ¼ÀÀÌ´Ù. ÀÌ´Â dictionary attack(»çÀü °ø°Ý?)À̶ó °í ºÒ¸®¿ì°í, system¿¡ Çã°¡µÇÁö ¾ÊÀº Á¢¼ÓÀ» ¾òÀ» ¶§ ¾²´Â °¡Àå º¸ÆíÀûÀÎ ¹æ¹ýÁß ÇϳªÀÌ´Ù. »ý°¢Çغ¸¶ó, 8¹®ÀÚµÈ password°¡ 4096 * 13¹®ÀÚ¿­·Î encodeµÈ´Ù. ±×¸®°í, 400,000°³ÀÇ ÀÏ¹Ý ´Ü¾î, À̸§, password, ¾à°£ÀÇ º¯Çüµé·Î ÀÌ·ç¾îÁø »çÀüÀº 4G Byte hard¸¦ ½±°Ô ä¿ï °ÍÀÌ´Ù. °ø°ÝÀÚµéÀº ÀÌ·± Á¾·ùÀÇ °ÍÀÌ ÇÊ¿äÇÏ°í, ¸Â´Â Áö °Ë»çÇØ º¼ ÇÊ¿ä°¡ ÀÖ´Ù. ¸¸ÀÏ 10000 ´Þ·¯ÀÌÇÏ·Î ÀÌ·± 4G byteÂ¥¸® hard¸¦ °¡Áú ¼ö ÀÖ´Ù¸é, ´ëºÎºÐÀÇ system crackerµé¿¡°Ô´Â ÃæºÐÇÏ´Ù. ¶ÇÇÑ, cracker°¡ ´ç½ÅÀÇ /etc/passwd fileÀ» ÀÌ¹Ì °¡Áö°í ÀÖ´Ù¸é, ±×µéÀº /etc/passwd file¿¡ Æ÷ÇԵǾî ÀÖ´Â salt °ª¸¸ °¡Áö°í »çÀüÀ» encodeÇÏ¸é µÈ´Ù. ÀÌ ¹æ¹ýÀº 200 MegabyteÀÇ °ø°£°ú 486±Þ computer¸¦ °¡Áö°í ÀÖ´Â º¸Åë û¼Ò³âÀ̸é ÀÌ¿ëÇÒ ¼ö ÀÖ´Ù. ½ÉÁö¾î ¸¹Àº °ø°£¾øÀÌ, crack(1)°ú °°Àº utilityµéÀº ÃÖ¼ÒÇÑ ÃæºÐÈ÷ ¸¹Àº »ç¿ëÀÚ¸¦ È®º¸ÇÏ°í ÀÖ´Â systemÀÇ password¸¦ 2°³Á¤µµ´Â ±ý ¼ö ÀÖ´Ù (user°¡ ÀÚ±â ÀÚ½ÅÀÇ password¸¦ °í¸¦ ¼ö ÀÖ´Â systemÀ̶ó°í ÇÑ´Ù¸é). /etc/passwd fileÀº user ID¿Í group ID¿Í °°Àº ´ëºÎºÐÀÇ system program¿¡¼­ ¾²´Â Á¤º¸¸¦ °¡Áö°í ÀÖ´Ù. °Ô´Ù°¡ /etc/passwd fileÀº "¸ðµÎ Àб⠰¡´É"À¸·Î ³²¾Æ ÀÖ¾î¾ß ÇÑ´Ù. /etc/passwd fileÀ» ¾Æ¹«µµ º¸Áö ¸øÇÏ°Ô Çϸé, Á¦ÀÏ ¸ÕÀú ls -l ¸í·ÉÀÌ ÀÌÁ¦ user À̸§´ë½Å user ID¸¦ Ãâ·ÂÇÏ´Â °ÍÀ» º¸°Ô µÉ °ÍÀÌ´Ù! Shadow Suite´Â password¸¦ ´Ù¸¥ file(´ë°³ /etc/shadow)¿¡ À§Ä¡½ÃÅ´À¸·Î½á ÀÌ ¹®Á¦¸¦ ÇØ°áÇÑ´Ù. /etc/shadow fileÀº ¾î´À ´©±¸µµ º¼ ¼ö ¾øµµ·Ï µÇ¾î ÀÖ´Ù. root¸¸ÀÌ /etc/shadow¸¦ º¼ ¼ö ÀÖ°í, ¾µ ¼ö ÀÖ´Ù. ¾î¶² program (xlock °°Àº)Àº password¸¦ ¹Ù²Ü ¼ö ÀÖ´Â ±Ç¸®¸¦ ¿øÇÏÁö ¾Ê´Â´Ù. password¸¦ È®ÀÎÇÒ ¼ö ÀÖÀ¸¸é µÈ´Ù. ÀÌ·± programµéÀº suid root·Î ½ÇÇàµÇ°Å³ª, /etc/shadow¸¦ Àб⸸ ÇÒ ¼ö ÀÖ´Â shadow·Î groupÀ» ¹Ù²Ù¾î ÁÖ¸é µÈ´Ù. ±×·¯¸é programÀº sgid shadow·Î ½ÇÇà½Ãų ¼ö ÀÖ´Ù. password¸¦ /etc/shadow file·Î ¿Å°Ü ÁÜÀ¸·Î½á, dictionary attack¸¦ Çϱâ À§Çؼ­ encodeµÈ passwordµé¿¡ Á¢±ÙÇÏ´Â °ø°ÝÀÚµéÀº È¿°úÀûÀ¸·Î ¹æÇØÇÒ ¼ö ÀÖ´Ù. Ãß°¡ÀûÀ¸·Î Shadow Suite´Â ¸î°¡Áö ±¦ÂúÀº ±â´ÉÀ» ´õ °¡Áö°í ÀÖ´Ù: o login ±âº»»çÇ×(/etc/login.defs)µéÀÌ ÁغñµÈ configuration file o user °èÁ¤ ¹× groupÀ» Ãß°¡, ¼öÁ¤, »èÁ¦ÇÏ´Â utilityµé o passwordÀÇ À¯È¿±â°£ ¼³Á¤°ú °æ°úÈÄ Ãë¼Ò o °èÁ¤ ¹«È¿¿Í µ¿°á o group passwordµéÀÇ shadow (¼±ÅûçÇ×) o 2¹è ±æÀ̸¦ °¡Áö´Â passwrd (16¹®ÀÚ password) (±ÇÇÏÁö ¾ÊÀ½) o user°¡ password¸¦ °í¸¦ ¶§, ÀûÀýÇÑ ÅëÁ¦ o ÀüÈ­Á¢¼Ó¿ë password o º¸Á¶ ÀÎÁõ program (±ÇÇÏÁö ¾ÊÀ½) Shadow Suite¸¦ ¼³Ä¡ÇÏ´Â °ÍÀº Á» ´õ º¸¾ÈÀÌ °­È­µÈ systemÀ¸·Î ¸¸µé¾î ÁØ´Ù. ±×·¯³ª, Linux systemÀÇ º¸¾ÈÀ» °­È­½ÃÄÑÁÖ´Â ´Ù¸¥ ¸¹Àº °ÍµéÀÌ ÀÖ°í, µû¶ó¼­ ±Ã±ØÀûÀ¸·Î ´Ù¸¥ º¸¾È µµ±¸³ª °ü·ÃµÈ »ç¾ÈÀ» ´Ù·ç´Â Linux Security HOWTO series°¡ »ý±æ °ÍÀÌ´Ù. ¾Ë·ÁÁø Ãë¾àÁ¡À» Æ÷ÇÔÇÑ Linux º¸¾È ¹®Á¦¿¡ ´ëÇÑ Á¤º¸¸¦ ¾òÀ¸·Á¸é Linux Security home page ¸¦ ¹æ¹®Çϱ⠹ٶõ´Ù. 2.1. passwd fileÀ» ÀºÆóÇϱ⸦ ÁÖÀúÇմϱî? ´ÙÀ½°ú °°Àº ȯ°æµé¿¡¼­´Â, Shadow Suite°¡ ÁÁÀº ´ë¾ÈÀÌ µÉ ¼ö ¾ø´Ù: o systemÀÌ »ç¿ëÀÚ °èÁ¤À» °¡Áö°í ÀÖÁö ¾Ê´Ù. o ´ç½ÅÀÇ systemÀÌ LANÀ§¿¡¼­ ¿î¿µµÇ°í ÀÖ°í, network»óÀÇ ´Ù¸¥ ±â°è¿¡ »ç¿ëÀÚ À̸§°ú password¸¦ ¾ò±â À§Çؼ­ NIS(Network Information Services)¸¦ »ç¿ëÇÑ´Ù. (ÀÌ °Í¸¸À¸·Î Àß ¿î¿µµÇ°í ÀÖ°í, - ±× ÀÌ»óÀº ÀÌ ¹®¼­ÀÇ ¹üÀ§¸¦ ³Ñ´Â´Ù - º¸¾ÈÀ» ±×´ÙÁö ¸¹ÀÌ °­È­½ÃÅ°±â¸¦ ¿øÇÏÁö ¾Ê´Â´Ù.) o ´ç½ÅÀÇ ±â°è°¡ NFS(Network File System), NIS ¶Ç´Â ´Ù¸¥ ¹æ¹ýÀ» ÅëÇØ »ç¿ëÀÚ¸¦ È®ÀÎÇϱâ À§ÇÑ terminal server·Î »ç¿ëµÇ°í ÀÖ´Ù. o »ç¿ëÀÚ¸¦ È®ÀÎÇÏ´Â ´Ù¸¥ software¸¦ »ç¿ëÇÏ°í ÀÖ°í, ¾µ ¼ö ÀÖ´Â shadow versionÀÌ ¾ø´Ù. ±×¸®°í, source codeµµ °®°í ÀÖÁö ¾Ê´Ù. 2.2. /etc/passwd fileÀÇ Çü½Ä shadowÀÇ ¼¼·Ê¸¦ ¹ÞÁö ¾ÊÀº /etc/passwd fileÀº ´ÙÀ½°ú °°ÀÌ ±¸¼ºµÇ¾î ÀÖ´Ù. username:passwd:UID:GID:full_name:directory:shell °¢¿ä¼Ò´Â: username »ç¿ëÀÚ (login) À̸§ passwd encodeµÈ password UID ¼ýÀÚ·Î µÈ user ID GID ¼ýÀÚ·Î µÈ ±âº» group ID full_name userÀÇ ½ÇÁ¦ À̸§ - ½ÇÁö·Î ÀÌ field´Â GECOS (General Electric Comprehensive Operating System: ÀÏ¹Ý ÀüÀÚÀû Á¾ÇÕ ¿î¿µ ü°è?) field¶ó°í ºÒ¸®¿ì¸ç, ´ÜÁö ½ÇÁ¦ À̸§º¸´Ù´Â ´Ù¸¥ Á¤º¸¸¦ °¡Áú ¼ö ÀÖ´Ù. Shadow ¸í·Éµé°ú manual page´Â ÀÌ field¸¦ comment·Î ´Ù·é´Ù. directory »ç¿ëÀÚÀÇ home directory (Full pathname) shell »ç¿ëÀÚÀÇ login shell (Full pathname) ¿¹¸¦ µé¸é: username:Npge08pfz4wuk:503:100:Full Name:/home/username:/bin/sh Np´Â saltÀ̸ç, ge08pfz4wuk´Â encodeµÈ passwordÀÌ´Ù. encodeµÈ salt/password´Â kbeMVnZM0oL7I°¡ µÉ ¼öµµ ÀÖ°í, µÑÀº °°Àº password¸¦ °¡¸®Å²´Ù. °°Àº password¿¡ ´ëÇؼ­ 4096°³ÀÇ ´Ù¸¥ encodingÀÌ Á¸ÀçÇÒ ¼ö ÀÖ´Ù. (¿¹¸¦ µç password´Â 'password'À̸ç, »ó´çÈ÷ ³ª»Û passwordÀÌ´Ù). shadow suite°¡ ¼³Ä¡µÇ¸é, /etc/passwd fileÀº ´ÙÀ½Ã³·³ ¹Ù²ï´Ù: username:x:503:100:Full Name:/home/username:/bin/sh µÎ¹ø° fieldÀÇ x´Â ¾Æ¹« °Íµµ ¾Æ´Ï´Ù. (°ø°£¸¸ Â÷ÁöÇÏ°í ÀÖÀ» »ÓÀÌ´Ù.) /etc/passwd fileÀÇ Çü½ÄÀº ÀüÇô ¹Ù²îÁö ¾Ê¾Ò´Ù. ´ÜÁö encodeµÈ password¸¦ Æ÷ÇÔÇÏÁö ¾ÊÀ» »ÓÀÌ´Ù. ÀÌ´Â /etc/passwd fileÀ» Àб⸸ ÇÒ »Ó password¸¦ °Ë»çÇÏÁö ¾ÊÀº programÀº ¾Æ¹« ÀÌ»ó¾øÀÌ µ¹¾Æ°£´Ù´Â °ÍÀ» ÀǹÌÇÑ´Ù. ÀÌÁ¦ password°¡ shadow file(´ëºÎºÐ /etc/shadow file)·Î Àç¹èÄ¡µÈ´Ù. 2.3. shadow fileÀÇ Çü½Ä /etc/shadow fileÀº ´ÙÀ½°ú °°Àº Á¤º¸¸¦ °®°í ÀÖ´Ù: username:passwd:last:may:must:warn:expire:disable:reserved °¢ ¿ä¼Ò´Â: username »ç¿ëÀÚ À̸§ passwd encodeµÈ password last ÃÖ±ÙÀÇ password¸¦ ¹Ù²Û ³¯ (1970, 1, 1ÀϺÎÅÍ °è»êÇÑ ³¯¼ö) may password¸¦ ¹Ù²Û ´ÙÀ½, ¶Ç ¹Ù²Ù±â À§ÇØ ±â´Ù¸®´Â ³¯¼ö (´ÙÀ½ password·ÎÀÇ º¯°æ À¯¿¹±â°£) must ´ÙÀ½ password·Î ¹Ù²Ü¾î¾ß ÇÒ ¶§±îÁöÀÇ ±â°£ (Çö password À¯È¿±â°£) warn password°¡ ¸¸·áµÇ±â Àü¿¡ user¿¡°Ô ¹Ù²Ü °ÍÀ» °æ°íÇÏ´Â ±â°£ expire password°¡ ¸¸·áµÈ µÚ, user °èÁ¤ »ç¿ëÀÌ ºÒ°¡´ÉÇϱâ±îÁö ±â°£ disable °èÁ¤ÀÌ »ç¿ë ºÒ°¡´ÉÇÏ°Ô µÈ ³¯(1970, 1, 1ÀϺÎÅÍ °è»êÇÑ ³¯¼ö) reserved ³²°ÜµÒ ÀüÀÇ ¿¹Á¦ °æ¿ì ´ÙÀ½°ú °°´Ù: username:Npge08pfz4wuk:9479:0:10000:::: 2.4. crypt(3)¿¡ ´ëÇؼ­. crypt(3) manual ÆäÀÌÁö¿¡ ÀÇÇϸé: "crypt´Â password¸¦ encryptÇÏ´Â ÇÔ¼öÀÌ´Ù. ÀÌ´Â Data Encryption Standard algorithm¸¦ ±â¹ÝÀ¸·Î, (¹«¾ùº¸´Ù) key¸¦ ã´Â ±â°èÀûÀÎ ¹æ¹ýÀÌ ÀÌ¿ëµÇ±â Èûµéµµ·Ï ¾à°£ÀÇ º¯ÇüÀÌ °¡ÇØÁ® ÀÖ´Ù. key´Â »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ passwordÀÌ´Ù. encodeµÇ´Â stringÀ» ÀüºÎ NULLÀÌ´Ù. saltÀº a-zA-Z0-9./·Î ÀÌ·ç¾îÁø ÁýÇÕÀ¸·ÎºÎÅÍ °í¸¥ µÎ¹®ÀÚ·Î ÀÌ·ç¾îÁø ¹®ÀÚ¿­ÀÌ´Ù. ÀÌ ¹®ÀÚ¿­Àº 4096°³ °æ¿ìÁßÀÇ Çϳª·Î algorithmÀÌ È¥¶õ½º·´°Ô º¸ÀÌ·Á´Â ¸ñÀûÀ¸·Î ¾²ÀδÙ. keyÀÇ °¢ ¹®ÀÚÀÇ ÇÏÀ§ 7 bitÀ» ÃëÇÔÀ¸·Î½á, 56-bit key°¡ ÁÖ¾îÁø´Ù. ÀÌ 56-bit key´Â ÀÏÁ¤ÇÑ ¹®ÀÚ¿­À», ¹Ýº¹Çؼ­ encryptÇÏ´Â µ¥ ¾²ÀδÙ. °á°ú´Â 13°³ ASCII ¹®ÀÚ¿­·Î, encryptµÈ password¸¦ °¡¸®Å²´Ù (óÀ½ µÎ°³ ¹®ÀÚ´Â salt ±× ÀÚ½ÅÀÌ´Ù). °á°ú°ªÀº ¸Å¹ø È£ÃâµÉ ¶§¸¶´Ù ´Ù½Ã ¾²ÀÌ´Â °íÁ¤µÈ data¸¦ °¡¸®Å²´Ù. °æ°í: key space´Â 2**56, Áï 7.2e16 °¡´ÉÇÑ °ªÀ¸·Î ÀÌ·ç¾îÁ® ÀÖ´Ù. key space¸¦ »ô»ôÀÌ µÚÁö´Â °ÍÀº °Å´ëÇÑ º´·Ä computer¸¦ »ç¿ëÇÏ¸é °¡´ÉÇÒ °ÍÀÌ´Ù. crack(1)¿Í °°Àº, ´ëºÎºÐÀÇ »ç¶÷µéÀÌ password·Î »ï´Â key spaceÀÇ Æ¯Á¤ ºÎºÐÀ» ã´Â software°¡ ÀÖ´Ù. µû¶ó¼­, ÃÖ¼ÒÇÑ password¸¦ ¼±ÅÃÇÒ ¶§, ÀÚÁÖ ¾²ÀÌ´Â ´Ü¾î³ª À̸§Àº ÇÇÇϱ⠹ٶõ´Ù. passwd programÀ» »ç¿ëÇÏ¿©, ã±â ½¬¿î password¸¦ ¼±ÅÃÇÏ´Â Áö °Ë»çÇϱ⸦ ¹Ù¶õ´Ù. DES algorithm, ±× ÀÚü´Â °¡²û crypt(3) interface¸¦ »ç¿ëÇÏ´Â °ÍÀÌ ´Ù¸¥ password ÀÎÁõÀ» À§ÇÑ ¾î¶² °Íº¸´Ù ´õ ³ª»Û ¼±ÅÃÀ¸·Î ¸¸µé¾î ¹ö¸®´Â °æÇâÀÌ ÀÖ´Ù. º¸¾È °­È­¸¦ À§Çؼ­ crypt(3)¸¦ »ç¿ëÇÏ·Á°í ÇÑ´Ù¸é, DES¸¸ »ç¿ëÇÏÁö ¸¶¶ó: encryption¿¡ ´ëÇÑ ÁÁÀº Ã¥°ú ³Î¸® ¾²ÀÌ´Â DES libraryµéÀ» ±¸Ç϶ó." (¿ªÀÚÁÖ : ¿ø¹®Àº The DES algorithm itself has a few quirks which make the use of the crypt(3) interface a very poor choice for anything other than password authentication. If you are planning on using the crypt(3) interface for a cryptography project, don't do it: get a good book on encryption and one of the widely available DES libraries." ÀÔ´Ï´Ù. ±×Áß¿¡¼­ don't do it: get ...ºÎºÐÀÌ ¸Å¿ì ¾Ö¸ÅÇÕ´Ï´Ù. itÀÌ ¹«¾ó °¡¸®Å°´Â °ÇÁö ¸íÈ®ÇÏÁö ¾Ê½À´Ï´Ù. ÀÏ´Ü, get ...À» ±ÇÀ¯ÇÏ´Â °ÍÀ¸·Î ÃßÃøÇÏ°í ¹ø¿ªÀ» Çß´Â µ¥...) ´ëºÎºÐ Shadow SuiteµéÀº passwordÀÇ ±æÀ̸¦ 16¹®ÀÚ·Î ´ÃÀÌ´Â code¸¦ Æ÷ÇÔÇÑ´Ù. desÀÇ Àü¹®°¡µéÀº À̸¦ ±ÇÇÏÁö´Â ¾Ê´Â´Ù. ¿Ö³ÄÇϸé Àü¹ÝºÎ¸¦ encodingÇÑ µÚ, ±ä passwordÀÇ ÈĹݺθ¦ encodingÇÏ´Â ´Ü¼øÇÑ ¹æ¹ýÀ̱⠶§¹®ÀÌ´Ù. cryptÀÇ ¹æ½Ä´ë·Î¶ó¸é, ±ä password¸¦ »ç¿ëÇÏÁö ¾Ê´Â °Íº¸´Ù ´õ Ãë¾àÇÑ password¸¦ ¸¸µé ¼ö ÀÖ´Ù. ´õ¿ì±â, »ç¿ëÀÚ°¡ 16¹®ÀÚ³ª µÇ´Â password¸¦ ±â¾ïÇϱâ Èûµé´Ù´Â Ãø¸éµµ ÀÖ´Ù. crypt ¹æ¹ý°ú ȣȯ¼ºÀ» Áö´Ï¸é¼­, ±ä password¸¦ Áö¿øÇÏ°í ´õ °­È­µÈ ÀÎÁõ(ƯÈ÷, MD5 algorithm)À» ÇÒ ¼ö ÀÖ´Â ¹æ¹ýÀÌ ¿¬±¸ÁßÀÌ´Ù. encryption¿¡ ´ëÇÑ Ã¥À¸·Î ´ÙÀ½À» ±ÇÇÑ´Ù: "Applied Cryptography: Protocols, Algorithms, and Source Code in C" by Bruce Schneier ISBN: 0-471-59756-2 3. Shadow Suite ¾ò±â. 3.1. Linux¿ë Shadow SuiteÀÇ ¿ª»ç ÀÌ SECTION¿¡¼­ ¼Ò°³ÇÏ´Â PACKAGE¸¦ »ç¿ëÇÏÁö ¸»¶ó. ¹®Á¦Á¡ÀÌ ¹ß°ßµÇ¾ú´Ù ÃÖÃÊ·Î Shadow Suite¸¦ ¸¸µç »ç¶÷Àº John F. Haugh IIÀÌ´Ù. Linux system¿¡¼­ »ç¿ëµÇ´Â °ÍÀ¸·Î´Â ´ÙÀ½°ú °°Àº °ÍµéÀÌ ÀÖ´Ù. o shadow-3.3.1°¡ ¿øº»ÀÌ´Ù. o shadow-3.3.1-2´Â Florian La Roche ¾¾¿¡ ÀÇÇؼ­ Linux¿¡ ¸Â°Ô °íÃÄÁ³°í, Á» ´õ ³ª¾ÆÁø °ÍÀÌ ÀÖ´Ù. o shadow-mk´Â Linux¿¡ ¸ÂÃß¾î ±¸¼ºµÇ¾î ÀÖ´Ù. shadow-mk package´Â shadow-3.3.1-2 patch°¡ Àû¿ëµÈ, John F. Haugh II¾¾¿¡ ÀÇÇØ ¹èÆ÷µÈ shadow-3.3.1 package¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Ù. °Å±â¿¡ Á» ´õ ¼³Ä¡°¡ ½±°Ô Mohan Kokal ¾¾²²¼­ Á¶±Ý °íÄ¡°í, Joseph R.M. Zbiciak¾¾²²¼­ /bin/loginÀÇ -f, -h º¸¾È ±¸¸ÛÀ» Á¦°ÅÇÑ login1.c (login.secure)°¡ µ¡ ºÙ¿©Áö°í, ¸î¸î ´Ù¸¥ Àâ´ÙÇÑ patch°¡ Àû¿ëµÇ¾î ÀÖ´Ù. shadow.mk package´Â ÇöÀç login program¿¡ º¸¾È»ó ÇãÁ¡°¡ ÀÖ¾î Á¶¸¸°£ ´ëüµÉ °ÍÀÌ´Ù. Shadow 3.3.1, 3.3.1-2, shadow-mk´Â login program¿¡ º¸¾È»ó ÇãÁ¡ÀÌ ÀÖ´Ù. ÀÌ login bug´Â login nameÀÇ ±æÀ̸¦ °Ë»çÇÏÁö ¾Ê´Â °ÍÀ» Æ÷ÇÔÇÏ°í ÀÖ´Ù. ÀÌ °ÍÀº Ãæµ¹ ¶Ç´Â ´õ ³ª»Û °ÍÀ» À¯¹ß½ÃÅ°´Â buffer overflow¸¦ ¹ß»ý½ÃŲ´Ù. ÀÌ buffer overflow°¡, ÀÌ bug¿Í ÇÔ²² shared library¸¦ »ç¿ëÇÏ´Â system¿¡¼­ ¾î¶² »ç¿ëÀÚ¿¡°Ô root ±ÇÇÑÀ» Áشٴ ¼Ò¹®ÀÌ ÀÖ¾î ¿Ô´Ù. ³ª´Â ¾î¶»°Ô ÀÌ·± ÀÏÀÌ °¡´ÉÇÑÁö ±¸Ã¼ÀûÀ¸·Î °Å·ÐÇÏÁö ¾Ê°Ú´Ù. ±× ÀÌÀ¯´Â ÀÌ·± (bug°¡ ÀÖ´Â) Shadow Suite¸¦ ¼³Ä¡Çؼ­ ÇÇÇظ¦ ÀÔÀ» ¼ö ÀÖ´Â Linux systemÀÌ ¸¹°í, Shadow SuiteÀÌ ¾ø´Â ELF-ÀÌÀü ¹èÆ÷ÆÇ¿¡°Ôµµ À§ÇèÇϱ⠶§¹®ÀÌ´Ù. ÀÌ ¹®Á¦¿Í ´Ù¸¥ Linux º¸¾È°ü·Ã ¹®Á¦¿¡ ´ëÇØ ´õ ÀÚ¼¼È÷ ¾Ë°í ½Í´Ù¸é, Linux Security home page (Shared Libraries and login Program Vulnerability) ¸¦ ÂüÁ¶Ç϶ó. 3.2. ¾îµð¼­ Shadow Suite¸¦ ¾ò½À´Ï±î? ±ÇÇÒ¸¸ÇÑ Shadow SuiteÀº ¾ÆÁ÷ BETA testingÁßÀÌ´Ù. ¾î·µç ÃÖ±Ù versionÀÌ ¾ÈÀüÇϸç, Ãë¾àÇÑ login programÀ» Æ÷ÇÔÇÏÁö ¾Ê´Â´Ù. package´Â ´ÙÀ½°ú °°Àº ¸í¸í±ÔÄ¢À» °®´Â´Ù: shadow-YYMMDD.tar.gz YYMMDD´Â Suite°¡ ¹ßÇ¥µÈ ³¯Â¥ÀÌ´Ù. ÀÌ versionÀº Beta testingÀÌ ³¡³ª¸é, °á±¹ Version 3.3.3ÀÌ µÉ°ÍÀÌ°í, Marek Michalkiewicz ¿¡ ÀÇÇؼ­ À¯Áöº¸¼ö µÇ°í ÀÖ´Ù. shadow-current.tar.gz ¿¡¼­ ¾òÀ» ¼ö ÀÖ´Ù. ¶ÇÇÑ, ´ÙÀ½¿¡ ³ª¿À´Â mirror siteµé¿¡¼­ ¾òÀ» ¼ö ÀÖ´Ù: o ftp://ftp.icm.edu.pl/pub/Linux/shadow/shadow-current.tar.gz o ftp://iguana.hut.fi/pub/linux/shadow/shadow-current.tar.gz o ftp://ftp.cin.net/usr/ggallag/shadow/shadow-current.tar.gz o ftp://ftp.netural.com/pub/linux/shadow/shadow-current.tar.gz ÇöÀç ³ª¿ÍÀÖ´Â versionÀ» »ç¿ëÇϱ⠹ٶõ´Ù. shadow-960129º¸´Ù ÀÌÀü¿¡ ³ª¿Â versionÀ» ¾²Áö ¸»±â ¹Ù¶õ´Ù: ¾Õ¿¡¼­ ³íÀÇÇÑ login º¸¾È ÇãÁ¡ÀÌ ÀÖ´Ù. ÀÌ ¹®¼­¿¡¼­ Shadow Suite¶ó°í ¸»ÇÏ´Â °ÍÀº ÀÌ versionÀ» °¡¸®Å²´Ù. ¶ÇÇÑ, ´ç½ÅÀÌ »ç¿ëÇÏ°í ÀÖ´Â package¶ó°í °¡Á¤ÇÑ´Ù. Âü°íÀûÀ¸·Î, ¼³Ä¡ ¾È³»¼­¸¦ ÀÛ¼ºÇÏ´Â µ¥, shadow-960129¸¦ »ç¿ëÇß´Ù. ÀÌÀü¿¡ shadow-mk¸¦ »ç¿ëÇß´Ù¸é, ÀÌ versionÀ¸·Î upgrade¸¦ ÇÏ°í, ÀÌÀü¿¡ compileÇß´ø °ÍÀ» ´Ù½Ã Çϱ⠹ٶõ´Ù. 3.3. Shadow Suite¿¡´Â ¹º°¡ ÀÖ´Â °Í°°Àº µ¥... Shadow Suite´Â ´ÙÀ½ programÀÇ ´ëüǰÀ» °¡Áö°í ÀÖ´Ù: su, login, passwd, newgrp, chfn, chsh, id ¶ÇÇÑ, »õ·Î¿î programµéµµ ÀÖ´Ù: chage, newusers, dpasswd, gpasswd, useradd, userdel, usermod, groupadd, groupdel, groupmod, groups, pwck, grpck, lastlog, pwconv, pwunconv µ¡ºÙ¿©, library: libshadow.a°¡ »ç¿ëÀÚ password¿¡ Á¢±ÙÇÏ´Â programÀ» ÀÛ¼ºÇϰųª compileÇϱâ À§ÇØ Æ÷ÇԵǾî ÀÖ´Ù. ¶ÇÇÑ, programµéÀ» À§ÇÑ manual pageµµ ÀÖ´Ù. /etc/login.defs·Î ¼³Ä¡µÇ´Â login programÀÇ ¼³Á¤ fileµµ ÀÖ´Ù. 4. programµé ¸¸µé±â. 4.1. ¾ÐÃàÇ®±â. package¸¦ ¹ÞÀ» µÚ óÀ½ ÇÒ ÀÏÀº Ç®¾î Á¦Ä¡´Â °ÍÀÌ´Ù. package´Â gzipÀ¸·Î ¾ÕÃàµÈ tar (tape archive) Çü½ÄÀ¸·Î µÇ¾î ÀÖÀ¸¹Ç·Î, /usr/src·Î ¿Å±ä µÚ: tar -xzvf shadow-current.tar.gz ±×·¯¸é, /usr/src/shadown-YYMMDD¶ó´Â directory¿¡ Ç®¸± °ÍÀÌ´Ù. 4.2. config.h fileÀ» °¡Áö°í ¼³Á¤ÇÕ´Ï´Ù. ù°, Makefile°ú config.h¸¦ º¹»çÇÑ´Ù: cd /usr/src/shadow-YYMMDD cp Makefile.linux Makefile cp config.h.linux config.h ±×¸®°í config.h¸¦ º¸¶ó. ÀÌ fileÀº ¸î¸î ¼³Á¤ »çÇ׿¡ ´ëÇÑ Á¤ÀǸ¦ ´ã°í ÀÖ´Ù. ¸¸ÀÏ ±Ç°íÇÑ package¸¦ °¡Áö°í ÀÖ´Ù¸é, ÀÏ´Ü group shadow Áö¿øÀ» »ç¿ëÇÏÁö ¾Êµµ·Ï Çϱ⸦ ±ÇÇÑ´Ù. ±âº»À¸·Î, shadowµÈ group passwordµéÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. À̸¦ ¹Ù²Ù±â À§Çؼ­ config.hÀÇ #define SHADOWGRP¸¦ #undef SHADOWGRP·Î ¹Ù²Û´Ù. ³ª´Â ±×µéÀ» »ç¿ëÇÏÁö ¾Ê°í ½ÃÀÛÇÒ °ÍÀ» ¿øÇÑ´Ù. ³ªÁß¿¡ Àý½ÇÈ÷ group password¿Í group °ü¸®ÀÚ¸¦ ¿øÇÑ´Ù¸é, ´Ù½Ã »ç¿ë°¡´ÉÇϵµ·Ï ÇÑ µÚ ÀçcompileÇÏ¸é µÈ´Ù. ¸¸ÀÏ »ç¿ë°¡´ÉÀ¸·Î ³²°ÜµÐ´Ù¸é, ¹Ýµå½Ã /etc/gshadow fileÀ» ¸¸µé¾î¾ß ÇÑ´Ù. ±ä password »ç¿ëÀ» ÇÏ´Â °ÍÀº ¾Õ¿¡¼­ ¾ê±âÇÑ´ë·Î ±ÇÇÏÁö ¾Ê´Â´Ù. #undef AUTOSHADOW¶ó°í ÇÑ °ÍÀ» ¹Ù²ÙÁö ¸»¶ó. AUTOSHADOW ¼±ÅûçÇ×Àº shadow¸¦ ¹«½ÃÇÏ´Â programµéÀÌ °è¼Ó ÀÛµ¿Çϵµ·Ï ÇÏ·Á´Â ¸ñÀûÀ¸·Î ÁغñµÈ °ÍÀ̾ú´Ù. ÀÌ À̾߱â´Â À̷лóÀ¸·Î´Â ±¦ÂúÁö¸¸, Á¦´ë·Î ±â´ÉÇÏÁö ¾Ê´Â´Ù. ÀÌ optionÀ» Çã¿ëÇÏ°í root·Î½á programÀ» ½ÇÇà½ÃÅ°¸é, ±× ³ðÀº getpwnam()¸¦ root±ÇÇÑÀ¸·Î ºÎ¸£°í, ÈÄ¿¡ /etc/passwd file¿¡ ¼öÁ¤µÈ ³»¿ëÀ» ´Ù½Ã ¾²°Ô µÈ´Ù (´õÀÌ»ó shadowµÇÁö ¾ÊÀº ä·Î). ±×·± program¿¡´Â chfn°ú chsh°¡ ÀÖ´Ù. (getpwnam()¸¦ È£ÃâÇϱâ Àü¿¡, ½ÇÁ¦ uid¿Í À¯È¿ uid¸¦ ¹Ù²Û´ÙÇصµ À̸¦ ȸÇÇÇÒ ¼ö ¾ø´Ù. ¿Ö³ÄÇϸé rootµµ chfn°ú chsh¸¦ »ç¿ëÇÒ °ÍÀ̱⶧¹®ÀÌ´Ù. (¿ªÀÚÁÖ: ¸ðÈ£Çϳ׿ä. system programming¿¡ °üÇÑ ³»¿ë°°´Â µ¥... ¾Æ½Ã´Â ºÐÀÇ ¼³¸í ¹Ù¶ø´Ï´Ù.)) libc¸¦ ¸¸µé ¶§µµ °°Àº °æ¿ì°¡ ÀÖ´Ù. SHADOW_COMPAT optionÀÌ ±× °ÍÀÌ´Ù. ±× °ÍÀº ¾²¸é ¾È µÈ´Ù! /etc/passwd·ÎºÎÅÍ encodeµÈ password¸¦ ¾ò±â ½ÃÀÛÇÑ´Ù´Â °ÍÀÌ ¹®Á¦´Ù. Áö±Ý »ç¿ëÇÏ°í ÀÖ´Â libc versionÀÌ 4.6.27ÀÌÀüÀ̶ó¸é, config.h¿Í MakefileÀ» °íÄ¥ °ÍÀÌ ´õ ÀÖ´Ù. config.h¿¡¼­ ¹Ù²Ü °ÍÀº: #define HAVE_BASENAME À» #undef HAVE_BASENAME À¸·Î. ±×¸®°í Makefile¿¡¼­´Â: SOBJS = smain.o env.o entry.o susetup.o shell.o \ sub.o mail.o motd.o sulog.o age.o tz.o hushed.o SSRCS = smain.c env.c entry.c setup.c shell.c \ pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \ tz.c hushed.c À» SOBJS = smain.o env.o entry.o susetup.o shell.o \ sub.o mail.o motd.o sulog.o age.o tz.o hushed.o basename.o SSRCS = smain.c env.c entry.c setup.c shell.c \ pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \ tz.c hushed.c basename.c À¸·Î. ÀÌ °íħÀº libc 4.6.27À̳ª ±× ÀÌÈÄ¿¡ Æ÷ÇÔµÈ basename.c¿¡ ÀÖ´Â code¸¦ µ¡ºÙÀδÙ. 4.3. ¿ø programÀÇ backup copyµéÀ» ¸¸µç´Ù. shadow suite°¡ ´ëü½Ãų programµéÀ» ÃßÀûÇؼ­ backupÀ» ¸¸µå´Â °Íµµ ÁÁÀº »ý°¢ÀÌ´Ù. Slackware 3.0¿¡´Â ´ÙÀ½°ú °°´Ù: o /bin/su o /bin/login o /usr/bin/passwd o /usr/bin/newgrp o /usr/bin/chfn o /usr/bin/chsh o /usr/bin/id BETA package´Â Makefile¿¡ backupÀ» ¸¸µé ¸ñ·ÏÀÌ ÀÖÁö¸¸, ´Ù¸¥ ¹èÆ÷ÆÇ¿¡¼­ ´Ù¸¥ À§Ä¡¿¡ ³õ¿© ÀÖÀ» ¼ö Àֱ⿡ ¼³¸íÀ¸·Î 󸮵Ǿî ÀÖ´Ù. ¶ÇÇÑ /etc/passwd fileÀ» backup¹Þ±â¸¦ ¹Ù¶õ´Ù. ±×·¯³ª, °°Àº directory¿¡ ¸¸µé ¶§, passwd ¸í·ÉÀ¸·Î µ¤¾î ¾²Áö ¸øÇϵµ·Ï, À̸§À» Á¤ÇÒ ¶§ Á¶½ÉÇضó. 4.4. make¸¦ ½ÇÇà °ÅÀÇ ´ëºÎºÐÀÇ ¼³Ä¡°úÁ¤¿¡¼­ ´ç½ÅÀÌ root ±ÇÇÑÀ» Áö´Ò ÇÊ¿ä°¡ ÀÖ´Ù. package¸¦ compileÇϱâ À§ÇØ makeÀ» ½ÇÇà½ÃŲ´Ù: make all ´ÙÀ½°ú °°Àº °æ°í¹®°¡ ³ª¿À´Â °æ¿ì°¡ ÀÖ´Ù: rcsid defined but not used (rcsid°¡ Á¤ÀǵǾî ÀÖÁö¸¸ »ç¿ëµÇÁö ¾Ê½À´Ï´Ù). ±¦Âú´Ù, ÀÌ °Ç ÀúÀÚ°¡ version control package¸¦ »ç¿ëÇϱ⿡ ³ª¿À´Â °ÍÀÌ´Ù. 5. ¼³Ä¡ 5.1. ÀÏÀÌ À߸øµÅ¾î °¥ °æ¿ì¸¦ ´ëºñÇؼ­ boot disk¸¦ ÁغñÇսôÙ. ¹º°¡ À߸øµÇ¾î °£´Ù¸é, boot disk¸¦ ÁغñÇØ¾ß µÉ °ÍÀÌ´Ù. ¼³Ä¡½Ã boot/root disk¸¦ »ç¿ëÇß´Ù¸é, ±× °É·Î ÃæºÐÇÏ´Ù. ±×·¸Áö ¾Ê´Ù¸é, Bootdisk-HOWTO ¿¡ booting°¡´ÉÇÑ disk¸¦ ¸¸µå´Â ¹ýÀÌ ÀûÇôÀÖÀ¸´Ï ÂüÁ¶Ç϶ó. 5.2. Áߺ¹µÈ man pageµéÀ» Á¦°ÅÇϱ⠶ÇÇÑ, ´ëüµÉ manual pageµéÀ» ¿Å±â±æ ¹Ù¶õ´Ù. ½ÉÁö¾î backup¾øÀÌ Shadow Suite¸¦ ¼³Ä¡ÇÒ Á¤µµ·Î ¹«¸ðÇÒÁö´õ¶óµµ, ¿©ÀüÈ÷ ¿¾ manual pageµéÀº Á¦°ÅÇϱ⸦ ¿øÇÒ °ÍÀÌ´Ù. ´ë°³ ¿¾ manual page°¡ ¾ÐÃàµÇ¾î º¸°üµÇ¾î ÀÖÀ¸¹Ç·Î, »õ °ÍµéÀº ÀÌÀü °Í¿¡ µ¤¾î¾²Áö ¸øÇÒ ¼ö ÀÖ´Ù. Á¦°Å ¶Ç´Â ¿Å±æ ÇÊ¿ä°¡ ÀÖ´Â manual page¸¦ ã±â À§ÇØ man -aW command³ª locate command¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù. make installÀ» ½ÇÇà½ÃÅ°±â Àü¿¡ ±×·± ½ÄÀ¸·Î ¿¾ pageµéÀ» ã´Â °ÍÀÌ ÀϹÝÀûÀ¸·Î ´õ ½±´Ù. Slackware 3.0 ¹èÆ÷ÆÇÀ» »ç¿ëÇÑ´Ù¸é, Á¦°ÅÇØ¾ß ÇÒ man pageµéÀº: o /usr/man/man1/chfn.1.gz o /usr/man/man1/chsh.1.gz o /usr/man/man1/id.1.gz o /usr/man/man1/login.1.gz o /usr/man/man1/passwd.1.gz o /usr/man/man1/su.1.gz o /usr/man/man5/passwd.5.gz ¶Ç, /var/man/cat[1-9]ÀÇ subdirectory¿¡ »èÁ¦ÇØ¾ß ÇÒ °Í°ú °°Àº À̸§À» Áö´Ñ ³ðµéÀÌ ÀÖ´Ù. 5.3. make installÀ» ½ÇÇà ÀÌÁ¦ Áغñ°¡ ³¡³µ´Ù: (root·Î¼­ ÀÌ ÀÏÀ» ÇսôÙ) make install ÀÌ ÀÏÀº »õ °ÍÀ» ±ò°Å³ª, ¿¾ °Í°ú ´ëüÇϸç file permissionÀ» °íÄ£´Ù. ¶Ç, man pageµµ ¼³Ä¡ÇÑ´Ù. ±×¸®°í, /usr/include/shadow¿¡ Shadow Suite¿¡ ÀÖ´Â include fileÀ» ¼³Ä¡ÇØÁØ´Ù. BETA package¸¦ ¾´´Ù¸é, Á÷Á¢ login.defs¸¦ /etc¿¡ º¹»çÇÏ°í, root¸¸ÀÌ À̸¦ ¹Ù²Ü ¼ö ÀÖµµ·Ï ÇØÁÖ¾î¾ß ÇÑ´Ù. cp login.defs /etc chmod 700 /etc/login.defs ÀÌ fileÀº login programÀÇ ¼³Á¤ fileÀÌ´Ù. ³»¿ëÀ» ´Ù½Ã º¸°í, ´ç½ÅÀÇ system¿¡ ¸Â°Ô °íÄ¡±â ¹Ù¶õ´Ù. ÀÌ°ÍÀº root·Î loginÇÒ ¼ö ÀÖ´Â tty¸¦ °áÁ¤ÇÏ°í, ´Ù¸¥ º¸¾È °ü·Ã settingÀ» °áÁ¤ÇÑ´Ù(password Ãë¼Ò¿¡ ´ëÇÑ ±âº»°ª°°Àº). 5.4. pwconv ½ÇÇà ´ÙÀ½ ÀÏÀº pwconv¸¦ ½ÇÇà½ÃÅ°´Â °ÍÀÌ´Ù. ¹Ýµå½Ã root·Î¼­ ÀÌ ÀÏÀ» ÇØ¾ß µÉ »Ó¸¸ ¾Æ´Ï¶ó, /etc directory¿¡¼­ ÇÏ¸é ±Ý»ó÷ȭ´Ù: cd /etc /usr/sbin/pwconv pwconv´Â /etc/passwd¿Í ±× ¾È¿¡¼­ ¸î¸î fieldÀ» °¡Á®¿Í ´ÙÀ½ µÎ fileÀ» ¸¸µç´Ù: /etc/npasswd ¿Í /etc/nshadow. pwunconv programÀº /etc/passwd¿Í /etc/shadow·ÎºÎÅÍ Æò¹üÇÑ /etc/passwd fileÀ» ¸¸µé °æ¿ì¿¡ ´ëºñÇØ ÁÖ¾îÁø´Ù. 5.5. npasswd¿Í nshadowÀÇ À̸§À» ¹Ù²Û´Ù. ÀÌÁ¦ pwconv¸¦ ½ÇÇà½ÃÄѼ­ /etc/npasswd¿Í /etc/nshadow¸¦ ¾ò¾ú´Ù. ÀÌ °ÍµéÀ» /etc/passwd¿Í /etc/shadow·Î µ¤¾î¾µ ÇÊ¿ä°¡ ÀÖ´Ù. ¿ì¸®´Â ¿ø /etc/passwd¸¦ backupÀ» ¹Þ±â¸¦ ¿øÇÏ°í, root¸¸ ÀÐÀ» ¼ö ÀÖ°Ô ÇÑ´Ù. ±×¸®°í backupÀ» rootÀÇ home directory·Î ¿Å±ä´Ù: cd /etc cp passwd ~passwd chmod 600 ~passwd mv npasswd passwd mv nshadow shadow fileÀÇ ¼ÒÀ¯¿Í permission¿¡ °üÇÑ °ÍÀ» Á¤È®ÇÏ°Ô Çضó. X-Windows¸¦ ¾µ »ý°¢À̶ó¸é, xlock¿Í xdm programÀº shadow fileÀ» ÀÐÀ» ¼ö ÀÖ°Ô ÇÑ´Ù (¾²´Â °ÍÀº ¸»°í). ÀÌ ÀÏÀ» °¡´ÉÇÏ°Ô ÇÏ´Â ¹æ¹ýÀº µÎ°¡Áö´Ù. xlock¿¡ suid root¸¦ ¼³Á¤ÇØ ÁÙ ¼ö ÀÖ´Ù(xdm°¡ rootÀÇ ±ÇÇÑÀ¸·Î ½ÇÇàµÉ ¼ö ÀÖ´Ù). ¶Ç´Â shadow fileÀ» shadow groupÀÇ root°¡ ¼ÒÀ¯ÇÑ °ÍÀ¸·Î ¸¸µå´Â °ÍÀÌ´Ù. ±×·¯³ª µÎ ¹ø° Á¦¾ÈÀ» Çϱâ Àü¿¡ shadow group(/etc/group¸¦ º¸¶ó)ÀÌ ÀÖ´Â Áö È®½ÇÈ÷ Çضó. ÇöÀç systemÀÇ ¾î¶² »ç¿ëÀÚµµ shadow group¿¡ ¼ÓÇØÀÖÀ¸¸é ¾ÈµÈ´Ù. chown root.root passwd chown root.shadow shadow chmod 0644 passwd chmod 0640 shadow ÀÌÁ¦ systemÀ» shadowµÈ password fileÀ» °¡Áö°Ô µÇ¾ú´Ù. ´Ù¸¥ °¡»ó terminalÀ» ¶ç¿ì°í, loginÇÒ ¼ö ÀÖ´Â Áö Á¡°ËÇÏ´Â °ÍÀÌ ÁÁÀ» °ÍÀÌ´Ù. Áö±Ý Çضó! ¾È µÅ¸é, ¹º°¡ À߸øµÈ°Å´Ù! shadowµÇÁö ¾ÊÀº »óÅ·Πµ¹¾Æ°¡±â À§Çؼ­ ´ÙÀ½Ã³·³ ÇÑ´Ù: cd /etc cp ~passwd passwd chmod 644 passwd ±×¸®°í ³ª¼­, ÀÌÀü¿¡ ÀÖ´ø Àå¼Ò·Î ¸ðµç fileÀ» µÇµ¹·Á ³õ¾Æ¾ß ÇÒ °ÍÀÌ´Ù. 6. patchÇϰųª upgradeÇÒ ÇÊ¿ä°¡ ÀÖ´Â ´Ù¸¥ programµé password·Î Á¢±ÙÀ» ÇÊ¿ä·Î ÇÏ´Â ´ëºÎºÐ programµéÀÇ ´ëÄ¡Ç°ÀÌ shadow suite¿¡ Æ÷ÇԵǾî ÀÖ´Ù°í Çصµ, ´ëºÎºÐ system¿¡¼­ password Á¢±ÙÀ» ÇÊ¿ä·Î ÇÏ´Â ´Ù¸¥ programµéÀÌ ÀÖ´Ù. Debian ¹èÆ÷ÆÇÀ» ¾²°í ÀÖ´Ù¸é (¶Ç´Â ¾²°í ÀÖÁö ¾Ê´õ¶óµµ), ftp://ftp.debian.org/debian/stable/source/·ÎºÎÅÍ ´Ù½Ã ¸¸µé¾î¾ß µÉ programµéÀÇ Debian source¸¦ ¾òÀ» ¼ö ÀÖ´Ù. ÀÌ sectionÀÇ ³ª¸ÓÁö ºÎºÐÀº adduser, wu_ftpd, ftpd, pop3d, xlock, xdm, sudo°°Àº programµéÀÌ shadow suite¸¦ Áö¿øÇϵµ·Ï upgradeÇÏ´Â ¹ý¿¡ ´ëÇØ ´Ù·ç°í ÀÖ´Ù. shadow suite¿¡ ´ëÇÑ Áö¿øÀ» ¾î¶»°Ô program¿¡ ³Ö´Â°¡ÇÏ´Â ¹®Á¦´Â section ``C program¿¡ Shadow¸¦ Áö¿øÇϵµ·Ï µ¡ºÙÀ̱â''¸¦ º¸¶ó (±×¸®°í³ª¼­ programÀÌ shadow fileÀ» Á¢±ÙÇÒ ¼ö ÀÖµµ·Ï SUID root³ª SGID shadow·Î ½ÇÇàÇØ¾ß µÇÁö¸¸) 6.1. Slackware adduser program Slackware ¹èÆ÷ÆÇ( ´Ù¸¥ °ÍµéÁß¿¡¼­µµ)Àº /sbin/adduser¶ó°í ºÒ¸®¿ì´Â »ç¿ëÀÚ¸¦ Ãß°¡ÇÒ ¶§ ¾²´Â ´ëÈ­½Ä programÀ» Æ÷ÇÔÇÏ°í ÀÖ´Ù. ÀÌ programÀÇ shadow versionÀº ftp://sunsite.unc.edu/pub/Linux/system/Admin/accounts/adduser.shadow-1.4.tar.gz¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Ù. ³ª´Â slackwareÀÇ adduser´ë½Å¿¡ Shadow Suite¿¡ ÀÖ´Â programµé (useradd, usermod, userdel)À» »ç¿ëÇÒ °ÍÀ» ±ÇÇÑ´Ù. ±×µéÀ» ÀÍÈ÷´Â µ¥ ´Ù¼Ò ½Ã°£ÀÌ °É¸®Áö¸¸, ±×¸¸ÇÑ °ª¾îÄ¡¸¦ ÇÑ´Ù. ¿Ö³ÄÇÏ¸é ´ç½ÅÀº Á»´õ ÀÚ¼¼È÷ controlÇÒ ¼ö ÀÖ°í, /etc/passwd¿Í /etc/shadow¿¡ ¾Ë¸ÂÀº file lockingÀ» ÇàÇØÁֱ⠶§¹®ÀÌ´Ù (adduser´Â ¾Æ´Ï´Ù). Á¾ ´õ ÀÚ¼¼ÇÑ °É ¾Ë°í ½ÍÀ¸¸é ``Shadow Suite »ç¿ëÇϱâ''¸¦ ÂüÁ¶Çϵµ·Ï. ÇÏÁö¸¸, °¡Áö°í ÀÖ´Ù¸é ´ÙÀ½Ã³·³ Çضó: tar -xzvf adduser.shadow-1.4.tar.gz cd adduser make clean make adduser chmod 700 adduser cp adduser /sbin 6.2. The wu_ftpd Server ´ëºÎºÐ Linux systemÀº wu_ftpd server¸¦ ¾²°í ÀÖ´Ù. ¹èÆ÷ÆÇÀ¸·ÎºÎÅÍ shadow¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é, ´ç½ÅÀÇ wu_ftpd´Â shadow Áö¿øÀ» Çϵµ·Ï compileµÇÁö ¾Ê¾Ò´Ù. wu_ftpd´Â root process·Î½á ½ÇÇàµÇ´Â inetd/tcpd·ÎºÎÅÍ ½ÃÀ۵ȴÙ. ¾ÆÁ÷µµ ³°Àº wu_ftpd deamonÀ» ¾²°í ÀÖ´Ù¸é, ±× ³ðÀº root °èÁ¤À» À§ÅÂ·Ó°Ô ÇÏ´Â bug¸¦ Áö´Ï°í Àֱ⿡ ¹«Á¶°Ç upgrade¸¦ ÇØ¾ß µÈ´Ù (Linux security home page ¸¦ ÂüÁ¶). ´ÙÇàÈ÷ source code¸¦ °¡Á®¿Í shadow°¡ °¡´ÉÇϵµ·Ï ÀçcompileÇϱ⸸ ÇÏ¸é µÈ´Ù. ¾²°í ÀÖ´Â °ÍÀÌ ELF systemÀÌ ¾Æ´Ï¶ó¸é, wu_ftp server´Â sunsiteÀÇ wu- ftp-2.4-fixed.tar.gz ¸¦ ¾²¸é µÈ´Ù. ÀÏ´Ü °¡Á®¿Í¼­ /usr/src¿¡ ³õÀº µÚ: cd /usr/src tar -xzvf wu-ftpd-2.4-fixed.tar.gz cd wu-ftpd-2.4-fixed cp ./src/config/config.lnx.shadow ./src/config/config.lnx ±×·±´ÙÀ½ ./src/makefiles/Makefile.lnxÀ» ¼öÁ¤ÇÑ´Ù: LIBES = -lbsd -support ¸¦: LIBES = -lbsd -support -lshadow À¸·Î. ÀÌÁ¦ script¸¦ ¸¸µé°í ¼³Ä¡Çϱâ À§ÇÑ Áغñ°¡ ³¡³µ´Ù: cd /usr/src/wu-ftpd-2.4-fixed /usr/src/wu-ftp-2.4.fixed/build lnx cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old cp ./bin/ftpd /usr/sbin/wu.ftpd ÀÌ´Â Linux shadow ¼³Á¤ fileÀ» »ç¿ëÇؼ­ compileÇÏ°í server¸¦ ¼³Ä¡ÇÑ´Ù. ³» Slackware 2.3 system¿¡¼­´Â build¸¦ ½ÇÇà½ÃÅ°±â Àü¿¡ ´ÙÀ½°ú °°Àº ÀÏÀ» ÇØ¾ß Çß´Ù: cd /usr/include/netinet ln -s in_systm.h in_system.h cd - ELF system¿¡¼­ ÀÌ package¸¦ compileÇÏ´Â µ¥ ¸î°¡Áö ¹®Á¦Á¡µéÀÌ º¸°í µÇ¾úÁö¸¸, ´ÙÀ½ releaseÀÇ Beta version¿¡¼­´Â Àß µÈ´Ù. ±×°ÍÀº wu- ftp-2.4.2-beta-10.tar.gz ÀÌ´Ù. ÀÏ´Ü °¡Á®¿Í¼­ /usr/src¿¡ ³õÀº µÚ: cd /usr/src tar -xzvf wu-ftpd-2.4.2-beta-9.tar.gz cd wu-ftpd-beta-9 cd ./src/config ±×·± µÚ config.lnx¸¦ ¼öÁ¤ÇÑ´Ù: #undef SHADOW.PASSWORD À»: #define SHADOW.PASSWORD À¸·Î. ±×¸®°í cd ../Makefiles Makefile.lnx¸¦ ¼öÁ¤ÇÑ´Ù: LIBES = -lsupport -lbsd # -lshadow ¸¦: LIBES = -lsupport -lbsd -lshadow À¸·Î. ¸¶Áö¸·À¸·Î ¸¸µé°í ¼³Ä¡: cd .. build lnx cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old cp ./bin/ftpd /usr/sbin/wu.ftpd ´ç½ÅÀÇ wu.ftpd server°¡ ½ÇÁ¦·Î ¾îµð ÀÖ´Â Áö È®ÀÎÇϱâ À§ÇØ /etc/inetd.conf¸¦ Á¡°ËÇØ º¸¶ó. ¾î¶² ¹èÆ÷ÆÇ¿¡¼­´Â server deamonÀ» ´Ù¸¥ Àå¼Ò¿¡ µÎ°í, ƯÈ÷ wu.ftpd´Â ´Ù¸¥ À̸§À» ÇÏ°í ÀÖ´Ù´Â ¸»ÀÌ ÀÖ´Ù. 6.3. Ç¥ÁØ ftpd Ç¥ÁØ ftpd server¸¦ ¾²°í ÀÖ´Ù¸é wu_ftpd server¸¦ ¾²µµ·Ï ±ÇÇÑ´Ù. À§¿¡¼­ ¾ê±âÇÑ bug¿Ü¿¡´Â ÀϹÝÀûÀ¸·Î ´õ ¾ÈÀüÇÑ °ÍÀ¸·Î ¾Ë·ÁÁ® ÀÖ´Ù. Ç¥ÁØÀ» °è¼Ó °í¼öÇϰųª NISÀ» Áö¿øÇÒ ÇÊ¿ä°¡ ÀÖ´Ù¸é, Sunsite¿¡ ftpd- shadow-nis.tgz °¡ ÀÖ´Ù. 6.4. pop3d (Post Office Protocol 3) POP3°¡ ÇÊ¿äÇϸé, pop3d programÀ» ÀçcompileÇØ¾ß ÇÑ´Ù. pop3d´Â root ±ÇÇÑÀ¸·Î inetd/tcpd¿¡ ÀÇÇØ ½ÇÇàµÈ´Ù. Sunsite¿¡ µÎ°¡Áö versionÀÌ ÀÖ´Ù: pop3d-1.00.4.linux.shadow.tar.gz ¿Í pop3d+shadow+elf.tar.gz µÑ ´Ù ¼³Ä¡±îÁö ¼ö¿ùÇÏ°Ô ÁøÇàµÈ´Ù. 6.5. xlock shadow suite¸¦ ¼³Ä¡ÇÏ°í, X Windows System°ú upgradeÇÏÁö ¾Ê°í xlockÀ¸·Î screen¿¡ lockÀ» °Ç´Ù¸é, Ctrl-Atl-Fx¸¦ ´­·¯ ´Ù¸¥ tty·Î loginÇÑ µÚ xlock process¸¦ Á׿© ÇÒ °ÍÀÌ Æ²¸²¾ø´Ù (¶Ç´Â Ctrl-Alt-BS·Î X server¸¦ Á×ÀÌ´ø°¡). ´ÙÇàÈ÷ xlock programÀ» upgradeÇÏ´Â °ÍÀº ½±´Ù. XFree86 3.x.x¸¦ ¾²°í ÀÖ´Ù¸é, ¾Æ¸¶µµ xlockmore (lock±â´É¿¡ ÈǸ¢ÇÑ screen-saver±îÁö ÀÖ´Â)¸¦ ¾²°í ÀÖÀ» °ÍÀÌ´Ù. ÀÌ package´Â shadow¿Í ÇÔ²² ÀçcompileÇÒ ¼ö ÀÖµµ·Ï µÇ¾î ÀÖ´Ù. ³°Àº xlock¸¦ ¾²°í ÀÖ´Ù¸é, ÀÌ °É·Î upgradeÇϵµ·Ï ±ÇÇÑ´Ù. xlockmore-3.7.tgz´Â ¿¡ ÀÖ´Ù. ´ë°³, ÀÌ°Ô ±¸¹Ì¿¡ µü ¸ÂÀ» °ÍÀÌ´Ù. xlockmore-3.7.tgzÀ» ±¸ÇÑ ´ÙÀ½, /usr/src¿¡ Ǭ´Ù: tar -xzvf xlockmore-3.7.tgz /usr/X11R6/lib/X11/config/linux.cf fileÀÇ ´ÙÀ½ lineÀ» ¹Ù²Ù¸é µÈ´Ù: #define HasShadowPasswd NO ¸¦ ´ÙÀ½Ã³·³ #define HasShadowPasswd YES ±×¸®°í ³ª¼­ ½ÇÇà fileÀ» ¸¸µéÀÚ: cd /usr/src/xlockmore xmkmf make depend make ¸¶Áö¸·À¸·Î ¸ðµÎ Á¦ÀÚ¸®¿¡, ¹Ù¸¥ permissionÀ» Áö´Ï°Ô ÇÏ¸é ³¡ÀÌ´Ù: cp xlock /usr/X11R6/bin/ cp XLock /var/X11R6/lib/app-defaults/ chown root.shadow /usr/X11R6/bin/xlock chmod 2755 /usr/X11R6/bin/xlock chown root.shadow /etc/shadow chmod 640 /etc/shadow ÀÌÁ¦ xlockÀº Àß µ¹¾Æ°¥ °ÍÀÌ´Ù. 6.6. xdm xdm´Â X-Windows»ó¿¡¼­ÀÇ login screenÀ» º¸¿©ÁØ´Ù. ¾î¶² systemÀº ƯÁ¤ level·Î °¡µµ·Ï ÁöÁ¤Çϸé xdmÀ» ½Ãµ¿½ÃŲ´Ù(/etc/inittab¸¦ º¸µµ·Ï). Shadow Suite°¡ ¼³Ä¡µÇ¸é xdmµµ updateµÉ ÇÊ¿ä°¡ ÀÖ´Ù. ÀÌ´Â ¸Å¿ì ½±´Ù. xdm.tar.gz´Â ¿¡ ÀÖ´Ù. xdm.tar.gz¸¦ ±¸ÇÑ ´ÙÀ½, /usr/src¿¡¼­ Ǭ´Ù: tar -xzvf xdm.tar.gz /usr/X11R6/lib/X11/config/linux.cf¿¡¼­ ´ÙÀ½ lineÀ» °íÄ£´Ù: #define HasShadowPasswd NO ¸¦ ´ÙÀ½Ã³·³ #define HasShadowPasswd YES ±×¸®°í ³ª¼­ ½ÇÇà fileÀ» ¸¸µéÀÚ: cd /usr/src/xdm xmkmf make depend make ¸ðµç °É Á¦ÀÚ¸®·Î...: cp xdm /usr/X11R6/bin/ xdmÀº root ±ÇÇÑÀ¸·Î ½ÇÇàµÇ±â¿¡ permissionÀ» ¹Ù²Ü ÇÊ¿ä´Â ¾ø´Ù. 6.7. sudo sudo´Â ½Ã½ºÅÛ °ü¸®ÀÚ°¡ »ç¿ëÀÚ·Î ÇÏ¿©±Ý Á¤»óÀûÀ¸·Î root ±ÇÇÑÀ» °¡Áö°í programµéÀ» ½ÇÇàÇÒ ¼ö ÀÖ°Ô Çϵµ·Ï Çã¿ëÇØÁØ´Ù. ÀÌ °ÍÀº drive¸¦ mountÇÏ´Â °Í°ú °°Àº ÀÏÀ» »ç¿ëÀÚ°¡ ÇÒ ¼ö ÀÖµµ·Ï Çã¿ëÇÔÀ¸·Î½á, system °ü¸®ÀÚ°¡ root °èÁ¤À¸·Î Á¢¼ÓÇÒ Çʿ並 ¾ïÁ¦ÇÒ ¼ö ÀÖ´Ù´Â ¸é¿¡¼­ °£ÆíÇÏ´Ù. sudo´Â ½ÇÇàµÉ ¶§ »ç¿ëÀÚ password¸¦ È®ÀÎÇϱ⠶§¹®¿¡ password¸¦ ÀÐÀ» ÇÊ¿ä°¡ ÀÖ´Ù. sudo´Â ÀÌ¹Ì SUID root»óÅ·Πµ¿À۵DZ⿡ /etc/shadow file¿¡ Á¢±ÙÇÏ´Â µ¥ ¹®Á¦´Â ¾ø´Ù. shadow suite¿¡ ¸Â´Â sudo´Â ¿¡ ÀÖ´Ù. °æ°í: sudo¸¦ ¼³Ä¡ÇÒ ¶§, ±âÁ¸ÀÇ /etc/sudoers´Â ±âº» ¼³Á¤À¸·Î ´ëüµÈ´Ù. ±×·¯¹Ç·Î ±âº» ¼³Á¤ÀÌ¿ÜÀÇ °ÍÀ» ¾²°í ÀÖ´Ù¸é backupÀ» Çϱ⠹ٶõ´Ù (¶Ç´Â, Makefile¿¡¼­ ±âº» ¼³Á¤ fileÀ» /etc·Î º¹»çÇϵµ·Ï Áö½ÃÇÏ´Â lineÀ» Á¦°ÅÇÏ¸é µÈ´Ù). ÀÌ package´Â ÀÌ¹Ì shadow¸¦ ¾µ ¼ö ÀÖ°Ô ¼³Á¤µÇ¾î ÀÖÀ¸¹Ç·Î, ÀçcompileÇϱ⸸ ÇÏ¸é µÈ´Ù (/usr/src¿¡ ³Ö°í): cd /usr/src tar -xzvf sudo-1.2-shadow.tgz cd sudo-1.2-shadow make all make install 6.8. imapd (E-Mail pine package) imapd´Â pop3d¿Í À¯»çÇÑ E-mail serverÀÌ´Ù. imapd´Â Pine E-mail°ú °°ÀÌ ÀÖ´Ù. package¿¡ µé¾î ÀÖ´Â ¹®¼­´Â linux system¿¡¼­ shadow¸¦ Áö¿øÇϵµ·Ï ÇÏ´Â °ÍÀÌ ±âº» ¼³Á¤À̶ó°í Çϳª, »ç½ÇÀÌ ¾Æ´Ñ °ÍÀ¸·Î ³ª´Â ¾Ë°í ÀÖ´Ù. ´õ¿ì±â ÀÌ packageÀÇ build script/Makefile Á¶ÇÕÀº libshadow.alibrary¸¦ compileÇÒ ¶§ µ¡ºÙÀ̱â Èûµé°Ô ÇÑ´Ù. °í·Î ³ª´Â imapd¿¡ shadow¸¦ Áö¿øÇϵµ·Ï °íÄ¥ ¼ö ¾ø¾ú´Ù. Ȥ½Ã ÀÌ ÀÏÀ» Çس½ »ç¶÷ÀÌ ÀÖÀ¸¸é ³»°Ô E-mailÀ» º¸³»±â ¹Ù¶õ´Ù. ±×·¯¸é ³ª´Â ÀÌ °÷¿¡ ÇØ°á¹ýÀ» Æ÷ÇÔ½ÃÅ°°Ú´Ù. 6.9. pppd (Point-to-Point Protocol Server) pppd server´Â ¿©·¯°¡Áö ¹æ½ÄÀ¸·Î ÀÎÁõÇÒ ¼ö ÀÖ°Ô ¼³Á¤ÇÒ ¼ö ÀÖ´Ù: Password Authentication Protocol (PAP)¿Í Cryptographic Handshake Authentication Protocol (CHAP). ´ë°³ pppd server´Â /etc/ppp/chap- secrets¿Í/¶Ç´Â /etc/ppp/pap-secrets¿¡ ÀÖ´Â password¸¦ Àд´Ù. ÀÌ·± ½ÄÀ¸·Î pppd¸¦ ¾´´Ù¸é, pppd¸¦ ´Ù½Ã ¼³Ä¡ÇÒ ÇÊ¿ä°¡ ¾ø´Ù. (¿ªÀÚÁÖ: ppp¿ë password¸¦ µû·Î µÐ´Ù´Â ¶æÀÎ µí...) pppd´Â login parameter¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù (command lineÀÌ°Ç, option fileÀ̳ª ¼³Á¤À» ÅëÇؼ­°Ç). login optionÀÌ ÁÖ¾îÁö¸é, pppd´Â PAP¸¦ À§ÇØ /etc/passwd¿¡ ÀÖ´Â username°ú password¸¦ »ç¿ëÇÒ °ÍÀÌ´Ù. ¹°·Ð ÀÌ °æ¿ì¿¡ shadowµÈ password fileÀº ¾µ¸ð¾ø´Ù. pppd-1.2.1d¿¡¼­ shadow¸¦ Áö¿øÇϵµ·Ï code¸¦ µ¡ºÙ¿©¾ß µÈ´Ù. ´ÙÀ½ section¿¡¼­ pppd-1.2.1d¿¡ shadow¸¦ Áö¿øÇϵµ·Ï ÇÏ´Â ¿¹¸¦ º¸ÀÏ °ÍÀÌ´Ù (pppdÀÇ ¿¾ version). pppd-2.2.0´Â ÀÌ¹Ì shadow°¡ Áö¿øµÈ´Ù. 7. Shadow Suite »ç¿ëÇϱâ ÀÌ sectionÀº system¿¡ Shadow SuiteÀ» ±ò°í ³ª¼­ ¾Ë°í ½ÍÀº ¸î¸î ÁÖÁ¦¸¦ ´Ù·é´Ù. ´õ ÀÚ¼¼ÇÑ °ÍÀº °¢ ¸í·ÉÀÇ manual page¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù. 7.1. »ç¿ëÀÚ°èÁ¤ Ãß°¡, ¼öÁ¤, »èÁ¦ Shadow Suite´Â »ç¿ëÀÚ °èÁ¤À» °ü¸®ÇÏ´Â, ´ÙÀ½°ú °°Àº ¸í·ÉµéÀ» Ãß°¡Çß´Ù. ÀÌ¹Ì adduser programÀº ±×Àü¿¡ ¼³Ä¡µÇ¾î ÀÖ¾úÀ» °ÍÀÌ´Ù. 7.1.1. useradd useradd ¸í·ÉÀº »ç¿ëÀÚ¸¦ Ãß°¡ÇÑ´Ù. ¶ÇÇÑ, ±âº» ¼³Á¤À» ¹Ù²Ù±â À§ÇØ ÀÌ ¸í·ÉÀ» ½ÇÇàÇÒ ¼ö ÀÖ´Ù. óÀ½ ÇØ¾ß ÇÒ ÀÏÀº ±âº» ¼³Á¤À» È®ÀÎÇÏ°í, system¿¡ ¸Â°Ô °íÄ¡´Â °ÍÀÌ´Ù: useradd -D ______________________________________________________________________ GROUP=1 HOME=/home INACTIVE=0 EXPIRE=0 SHELL= SKEL=/etc/skel ______________________________________________________________________ ±âº» ¼³Á¤Ä¡´Â ¾Æ¸¶ ¸¾¿¡ µéÁö ¾ÊÀ» °ÍÀÌ´Ù. µû¶ó¼­ Áö±Ý »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ·Á¸é, °¢°¢ »ç¿ëÀÚ¿¡°Ô °øÅëµÇ´Â ¸ðµç Á¤º¸¸¦ Á¤ÇØ¾ß ÇÑ´Ù. ¾î·µç ¿ì¸®´Â ±âº» ¼³Á¤Ä¡¸¦ ¹Ù²Ù°í µ¡ºÙÀÏ°Å´Ù. ³» system¿¡¼­´Â: o ±âº» groupÀº 100ÀÌ´Ù. o password´Â 60Àϸ¶´Ù Çѹø¾¿ ¹Ù²Û´Ù. o password°¡ Ãë¼ÒµÉ ¼ö ÀÖÀ¸¹Ç·Î °èÁ¤ÀÌ °íÁ¤µÇÁö ¾Ê±â¸¦ ¹Ù¶õ´Ù. o ±âº» shellÀº /bin/bashÀÌ´Ù. ÀÌ·¸°Ô ¹Ù²Ù±â À§Çؼ­: useradd -D -g100 -e60 -f0 -s/bin/bash ÀÌÁ¦ useradd -D¸¦ Ä¡¸é: ______________________________________________________________________ GROUP=100 HOME=/home INACTIVE=0 EXPIRE=60 SHELL=/bin/bash SKEL=/etc/skel ______________________________________________________________________ ÀÌ·¯ÇÑ ±âº»Ä¡µéÀº /etc/default/useradd¿¡ ÀúÀåµÈ´Ù. ÀÌÁ¦ useradd¸¦ ½á¼­ system¿¡ »ç¿ëÀÚ¸¦ Ãß°¡ÇÒ ¼ö ÀÖ´Ù. ¿¹¸¦ µé¾î, fred¶ó´Â »ç¿ëÀÚ¸¦ ±âº»Ä¡¸¸ Àû¿ëÇؼ­ Ãß°¡ÇÑ´Ù¸é: useradd -m -c "Fred Flintstone" fred /etc/passwd file¿¡ ´ÙÀ½°ú °°Àº ¸íºÎ(?)°¡ »ý¼ºµÈ´Ù: fred:*:505:100:Fred Flintstone:/home/fred:/bin/bash ±×¸®°í, /etc/shadow file¿¡´Â: fred:!:0:0:60:0:0:0:0 fredÀÇ home directory°¡ ¸¸µé¾îÁö°í, -m switch°¡ ¾²¿´À¸¹Ç·Î /etc/skel Àüü°¡ ±× °÷À¸·Î º¹»çµÈ´Ù. ¶ÇÇÑ, Ưº°È÷ UID¸¦ ÁöÁ¤ÇÏÁö ¾Ê¾ÒÀ¸·Î, ÀÌ¹Ì »ç¿ëµÈ UID ´ÙÀ½ °ÍÀÌ ¾²¿´´Ù. fredÀÇ °èÁ¤ÀÌ »ý°åÀ¸³ª, ¿ì¸®°¡ °èÁ¤À» Ç®¾îÁÖ±â Àü±îÁö´Â fred´Â loginÇÒ ¼ö ¾ø´Ù. °èÁ¤À» Ç®¾îÁÖ±â À§Çؼ­´Â password¸¦ ¹Ù²Ù¾î ÁÖ¾î¾ß ÇÑ´Ù. passwd fred ______________________________________________________________________ Changing password for fred Enter the new password (minimum of 5 characters) Please use a combination of upper and lower case letters and numbers. New Password: ******* Re-enter new password: ******* ______________________________________________________________________ ÀÌÁ¦ /etc/shadow´Â ´ÙÀ½°ú °°À» °ÍÀÌ´Ù: fred:J0C.WDR1amIt6:9559:0:60:0:0:0:0 ±×¸®°í, fred´Â loginÇؼ­ systemÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. Shadow Suite¿¡ ÀÖ´Â ´Ù¸¥ programµé°ú °°ÀÌ useradd°¡ ÁÁÀº Á¡Àº /etc/passwd¿Í /etc/shadow fileÀÇ ³»¿ëÀ» ¹Ù²Ü ¶§ ¹æÇعÞÁö ¾Ê´Â´Ù´Â Á¡ÀÌ´Ù. µû¶ó¼­ µ¿½Ã¿¡ ´ç½ÅÀº »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ°í, ´Ù¸¥ ÀÌ¿ëÀÚ´Â ÀÚ½ÅÀÇ password¸¦ ¹Ù²Û´ÙÇصµ, µÑ ´Ù Á¦´ë·Î ÀÌÇàµÈ´Ù. (¿ªÀÚÁÖ: mutex lock, race condition°°Àº °É »ý°¢ÇÏ¸é µÉ °Í°°½À´Ï´Ù.) /etc/passwd, /etc/shadow¸¦ Á÷Á¢ ÆíÁýÇÏ´Â °Íº¸´Ù ÀÌ·± ¸í·ÉÀ» ¾²´Â °ÍÀÌ ´õ ÁÁ´Ù. ¸¸ÀÏ ´ç½ÅÀÌ /etc/shadow fileÀ» ÆíÁýÇÏ°í ÀÖ°í, ±× ¿ÍÁß¿¡ ÇÑ »ç¿ëÀÚ°¡ password¸¦ ¹Ù²Ù°í, ±×¸®°í³ª¼­ ´ç½ÅÀÌ ÆíÁýÀ» ³¡³»°í ÀúÀåÇϸé, ±× »ç¿ëÀÚ°¡ ÇÑ ÀÏÀ» ÀÒ¾î¹ö¸®°Ô µÈ´Ù. ¿©±â¿¡ useradd¿Í passwd¸¦ »ç¿ëÇÑ °£´ÜÇÑ ´ëÈ­Çü script°¡ ÀÖ´Ù: ______________________________________________________________________ #!/bin/bash # # /sbin/newuser - Shadow SuiteÀÇ useradd¿Í passwd ¸í·ÉÀ» ÀÌ¿ëÇؼ­ # »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ´Â script # # Linux Shadow Password HowtoÀÇ ¿¹Á¦·Î½á Mike Jackson ¿¡ # ÀÇÇØ ÀÛ¼ºµÆÀ½. »ç¿ë°ú ¼öÁ¤À» Ưº°È÷ Çã°¡ÇÔ. # # ÀÌ °ÍÀº SlackwareÀÇ Adduser programó·³ ±âº»Ä¡¸¦ º¸¿©ÁÖ°í, ¼öÁ¤ÇÒ ¼ö ÀÖµµ·Ï # ¹Ù²Ü ¼ö ÀÖ¾ú´Ù. ¶ÇÇÑ ¸ÛûÇÑ ÀÔ·ÂÀ» °ÅºÎÇϵµ·Ï ¹Ù²ð ¼ö ÀÖ¾ú´Ù. # (Áï, ´õ ³ªÀº ¿À·ù °Ë»çµî...) # ## # useradd ¸í·ÉÀÇ ±âº» ¼³Á¤Ä¡µé ## GROUP=100 # ±âº» Group HOME=/home # Home directory À§Ä¡ (/home/username) SKEL=/etc/skel # Skeleton(°øÅëÀûÀÎ ³»¿ëÀ» Áö´Ñ fileµé?) Directory INACTIVE=0 # password°¡ ±âÇÑÀÌ Áö³­ µÚ »ç¿ëÀÚ °èÁ¤ÀÌ ¹«È¿°¡ # µÇ±â±îÁöÀÇ ±â°£ (0=±×·¸°Ô ÇÏ°í ½ÍÁö ¾ÊÀ½) EXPIRE=60 # password À¯È¿±â°£ SHELL=/bin/bash # ±âº» Shell (full path) ## # passwd ¸í·ÉÀÇ ±âº» ¼³Á¤Ä¡µé ## PASSMIN=0 # password¸¦ ¹Ù²Û´ÙÀ½ ¶Ç ¹Ù²Ù±â À§ÇÑ À¯¿¹±â°£ PASSWARN=14 # passwordÀÇ ±âÇÑÀÌ Áö³ª±âÀü¿¡ °æ°íÇÏ´Â ±â°£ ## # script¸¦ ½ÇÇàÇÏ´Â »ç¿ëÀÚ°¡ rootÀÎÁö È®ÀÎ ## WHOAMI=`/usr/bin/whoami` if [ $WHOAMI != "root" ]; then echo "You must be root to add news users!" exit 1 fi ## # »ç¿ëÀÚ ID(username)¿Í ½ÇÁ¦ À̸§(Full name) ¹¯±â ## echo "" echo -n "Username: " read USERNAME echo -n "Full name: " read FULLNAME # echo "Adding user: $USERNAME." # # $FULLNAME ÁÖº¯¿¡ ""°¡ ÇÊ¿äÇÏ´Ù´Â °Í¿¡ ÁÖÀÇÇÒ °Í. ÀÌÀ¯´Â ÀÌ field´Â # ¹Ýµå½Ã °ø¶õÀÌ»óÀÇ ¹«¾ùÀΰ¡¸¦ Æ÷ÇÔÇϸç, "¸¦ ¾øÀÌ useradd command¸¦ # ½ÇÇà½ÃŲ´Ù¸é, ´ÙÀ½¿¡ À̾îÁö´Â parameterµéµµ ±× field¿¡ ÀϺκÐÀ¸·Î # ÀνĵȴÙ. # /usr/sbin/useradd -c"$FULLNAME" -d$HOME/$USERNAME -e$EXPIRE \ -f$INACTIVE -g$GROUP -m -k$SKEL -s$SHELL $USERNAME ## # password¿¡ ´ëÇÑ ±âº» ¼³Á¤Ä¡¸¦ Á¤ÇÑ´Ù. ## /bin/passwd -n $PASSMIN -w $PASSWARN $USERNAME >/dev/null 2>&1 ## # passwd¸¦ ½ÇÇà½ÃÄÑ password¸¦ ÀԷ¹޴´Ù. ## /bin/passwd $USERNAME ## # °á°ú¸¦ º¸¿©ÁÜ. ## echo "" echo "Entry from /etc/passwd:" echo -n " " grep "$USERNAME:" /etc/passwd echo "Entry from /etc/shadow:" echo -n " " grep "$USERNAME:" /etc/shadow echo "Summary output of the passwd command:" echo -n " " passwd -S $USERNAME echo "" ______________________________________________________________________ »õ·Î¿î »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ´Â µ¥ script¸¦ ¾²´Â °ÍÀº /etc/passwd¿Í /etc/shadow¸¦ Á÷Á¢ ÆíÁýÇÏ´Â °Å³ª SlackwareÀÇ adduser¸¦ ¾²´Â °Íº¸´Ù ÈÎ ³´´Ù. ´ç½ÅÀÇ Æ¯º°ÇÑ system¿¡ ¾Ë¸Â·Î·Ï ÀÚÀ¯·Ó°Ô °íÄ¡±â ¹Ù¶õ´Ù. useradd¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¸¦ º¸½Ã±æ... 7.1.2. usermod usermod´Â »ç¿ëÀÚ¿¡ ´ëÇÑ Á¤º¸¸¦ °íÄ£´Ù. optionÀº useradd¿Í ºñ½ÁÇÏ´Ù. ¾ÕÀÇ fredÀÇ shellÀ» ¹Ù²Ù°í ½ÍÀ¸¸é, ´ÙÀ½°ú °°ÀÌ ÀÔ·ÂÇÑ´Ù: usermod -s /bin/tcsh fred ÀÌÁ¦ fredÀÇ /etc/passwd file¿¡ ÀÖ´Â ³»¿ëÀº ´ÙÀ½Ã³·³ ¹Ù²î¾î ÀÖ´Ù: fred:*:505:100:Fred Flintstone:/home/fred:/bin/tcsh À̹ø¿¡´Â fredÀÇ °èÁ¤ÀÌ 97³â 9¿ù 15ÀϱîÁö¸¸ ¾²µµ·Ï ÇÏÀÚ: usermod -e 09/15/97 fred ±×·¯¸é fredÀÇ /etc/shadow file¿¡ ÀÖ´Â ³»¿ëÀº: fred:J0C.WDR1amIt6:9559:0:60:0:0:10119:0 usermod¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¸¦... 7.1.3. userdel userdel´Â Á¤È®È÷ ´ç½ÅÀÌ ¿øÇÑ °Í - »ç¿ëÀÚ °èÁ¤ Á×À̱â - ¸¦ ÇØÄ¡¿î´Ù. userdel -r username ¶ó°í Ä¡¸é µÈ´Ù. -rÀº »ç¿ëÀÚÀÇ home directory¿¡ ÀÖ´Â ¸ðµç fileµé°ú ÇÔ²² directory ÀÚü¸¦ Áö¿î´Ù. ´Ù¸¥ °÷¿¡ ÀÖ´Â fileµéÀº ÀÏÀÏÀÌ Ã£¾Æ¼­ Áö¿ö¾ß ÇÑ´Ù. »èÁ¦º¸´Ù °èÁ¤À» ¾²Áö ¸øÇÏ°Ô ÇÒ °Å¶ó¸é, passwd ¸í·ÉÀ» ¾²±â ¹Ù¶õ´Ù. 7.2. passwd ¸í·É°ú passwd ¼ö¸í Á¤Çϱâ. passwd´Â ¸» ±×´ë·Î password¸¦ ¹Ù²Ù´Â µ¥ »ç¿ëµÈ´Ù. ´õ¿ì±â, root´Â ´ÙÀ½°ú °°Àº ÀÏÀ» ÇÒ ¼ö ÀÖ´Ù: o °èÁ¤ Àá±Ý(lock)°ú Ç®¸²(unlock)(-l¿Í -u) o password À¯È¿±â°£(-x) o password¸¦ ´Ù½Ã ¹Ù²Ù±â À§ÇØ ±â´Ù·Á¾ß ÇÏ´Â ±â°£(-n) o password À¯È¿±â°£ ¸¸·áÀÓÀ» ¾Ë¸®´Â °æ°í´Â ¸îÀÏÀü¿¡ ÇÒ °ÍÀΰ¡(-w) o password À¯È¿±â°£ÀÌ Áö³­ µÚ °èÁ¤À» Àá±×±â(lock)Çϱâ±îÁöÀÇ ±â°£(-i) o °èÁ¤¿¡ ´ëÇÑ Á¤º¸¸¦ ´õ ÀÚ¼¼È÷ º¸´Â °ÍÀ» Çã¿ëÇÔ(-S) ´Ù½Ã fredÀÇ ¿¹·Î µ¹¾Æ°¡¸é passwd -S fred fred P 03/04/96 0 60 0 0 ÀÌ°ÍÀº fredÀÇ password°¡ À¯È¿ÇÏ°í, 96³â 3¿ù 4ÀÏ¿¡ ¸¶Áö¸·À¸·Î ¹Ù²Ù¾ú°í, ¾ðÁ¦µçÁö ¹Ù²Ü ¼ö ÀÖ´Ù. ±×¸®°í, 60Àϵ¿¾È password¸¦ ¹Ù²ÙÁö ¾ÊÀ¸¸é ±×ÈÄ¿¡´Â ¸ø¾²°í, ±× ÀÌÀü¿¡ fred´Â ¾Æ¹«·± °æ°í¸¦ ¹ÞÁö ¾ÊÀ» °ÍÀ̸ç, password¸¦ ¸ø¾²´õ¶óµµ °èÁ¤Àº À¯È¿ÇÏ´Ù. Áï, fredÀÇ password°¡ ¹«È¿°¡ µÈ µÚ µé¾î¿À¸é, »õ·Î¿î password¸¦ ÀçÃ˹ÞÀ» °ÍÀÌ´Ù. fred¿¡°Ô password°¡ Ãë¼ÒµÇ±â 14ÀÏÀü¿¡ °æ°í¸¦ ÇÏ°í, Ãë¼ÒµÈ µÚ 14ÀÏÈÄ ±×ÀÇ °èÁ¤À» µ¿°á½ÃÅ°·Á¸é: passwd -w14 -i14 fred ±×·¯¸é ´ÙÀ½Ã³·³ fred¿¡ ´ëÇÑ ³»¿ëÀÌ ¹Ù²ï´Ù: fred P 03/04/96 0 60 14 14 passwd¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¿¡... 7.3. The login.defs file. /etc/login fileÀº login program, ÀüüÀûÀ¸·Î Shadow Suite¿¡ ´ëÇÑ ¼³Á¤À» ´ã°í ÀÖ´Ù. /etc/loginÀº prompt°¡ ¾î¶² ¸ð½ÀÀ» ÇÏ°í ÀÖ´Â °¡ºÎÅÍ »ç¿ëÀÚ°¡ password¸¦ ¹Ù²Ù¸é ±âº» À¯È¿±â°£Àº ¾î¶»°Ô µÉ °ÍÀΰ¡¿¡ ´ëÇÑ ¼³Á¤±îÁö ´ã°í ÀÖ´Ù. /etc/login.defs fileÀº ³»ºÎ¿¡ ÀÖ´Â ¼ö¸¹Àº commentµé·Î Àß ¹®¼­È­µÇ¾î ÀÖ´Ù. ÀÖ´Â °ÍÀ» °£´ÜÈ÷ ¼³¸íÇϸé: o ¹ß»ýÇÏ´Â logÀÇ ¾ç(?)À» °áÁ¤ÇÏ´Â on/off¹æ½ÄÀÇ flagµé. o ´Ù¸¥ ¼³Á¤ fileÀ» °¡¸®Å°´Â pointerµé. o password À¯È¿±â°£ ¼³Á¤°°Àº ±âº» ¼³Á¤Ä¡µé. À§¿¡¼­ º¸µí ÀÌ ³ðÀº »ó´çÈ÷ Áß¿äÇÑ fileÀÌ´Ù. µû¶ó¼­, Áö±Ý ÀÖ´ÂÁö È®ÀÎÇÏ°í, system°ú ´ç½Å ÃëÇâ¿¡ ¸Â´Â Áö Á¡°ËÇÒ °Í. 7.4. Group passwords. /etc/groups fileÀº »ç¿ëÀÚ°¡ ƯÁ¤ groupÀÇ È¸¿øÀÌ µÉ ¼ö ÀÖµµ·Ï Çã¿ëÇÏ´Â password¸¦ ´ã°í ÀÖ´Ù. ÀÌ ±â´ÉÀº /usr/src/shadow-YYMMDD/config.hÀÇ SHADOWGRP »ó¼ö¸¦ Á¤ÀÇÇÒ °æ¿ì ÀÛµ¿µÈ´Ù. ¸¸ÀÏ ÀÌ ±â´ÉÀ» ¾´´Ù¸é, /etc/gshadow fileÀ» ¸¸µé¾î, group password¿Í group °ü¸®ÀÚ¿¡ ´ëÇÑ Á¤º¸¸¦ ´ãÀ» ¼ö ÀÖµµ·Ï Ç϶ó. /etc/shadow¸¦ ¸¸µé ¶§, ´ç½ÅÀº pwconv¸¦ ½èÁö¸¸, /etc/gshadow¸¦ ¸¸µå´Â µ¥¿¡´Â ±×·± programÀÌ ¾ø´Ù. ÇÏÁö¸¸ °ÆÁ¤¸»¶ó. ¾Ë¾Æ¼­ Çϴϱî. óÀ½ /etc/gshadow¸¦ ¸¸µé±â À§Çؼ­ ´ÙÀ½Ã³·³ Çضó: touch /etc/gshadow chown root.root /etc/gshadow chmod 700 /etc/gshadow ´ç½ÅÀÌ »õ·Î¿î groupÀ» ¸¸µç´Ù¸é, ÀÚµ¿ÀûÀ¸·Î /etc/group¿Í /etc/gshadow file¿¡ ±×µéÀÌ µ¡ºÙ¿©Áø´Ù. group¿¡ »ç¿ëÀÚ¸¦ Ãß°¡Çϰųª »èÁ¦, ¶Ç´Â group password¸¦ ¹Ù²Ù¸é, /etc/gshadow fileÀº µû¶ó¼­ ¹Ù²ð °ÍÀÌ´Ù. groups, groupadd, groupmod, groupdel programÀÌ groupÀ» °íÄ¡´Â µµ±¸·Î½á Shadow Suite¿¡ Æ÷ÇÔµÇ¾î °ø±ÞµÈ´Ù. /etc/group fileÀÇ Çü½ÄÀº ´ÙÀ½°ú °°´Ù: groupname:!:GID:member,member,... °¢ ¿ä¼Ò´Â: groupname group À̸§ ! ÀÌ field´Â password¶õÀÌÁö¸¸ /etc/gshadow file·Î ¿Å°ÜÁ³´Ù. GID group ID number member group memberÀÇ list ÀÌ´Ù. /etc/gshadow file ÀÇ Çü½ÄÀº ´ÙÀ½°ú °°´Ù: groupname:password:admin,admin,...:member,member,... °¢ ¿ä¼Ò´Â: groupname group À̸§ password encodeµÈ group password. admin group °ü¸®ÀÚ list member group member list ÀÌ´Ù. gpasswd ¸í·ÉÀº groupÀÇ »ç¿ëÀÚ³ª °ü¸®ÀÚ¸¦ Ãß°¡, ¶Ç´Â »èÁ¦ÇÒ ¶§ ¾´´Ù. root¶Ç´Â °ü¸®ÀÚ¸¸ÀÌ group member¸¦ Ãß°¡, »èÁ¦ÇÒ ¼ö ÀÖ´Ù. group password´Â root³ª group °ü¸®ÀÚ¿¡ ÀÇÇØ passwd ¸í·ÉÀ¸·Î ¹Ù²Ü ¼ö ÀÖ´Ù. gpasswd¿¡ ´ëÇÑ manual page°¡ ÇöÀç Á¦°øµÇ¾î ÀÖÁö ¾ÊÁö¸¸, ¾Æ¹«·± parameter¾øÀÌ gpasswd¸¦ Ä¡¸é option¿¡ ´ëÇÑ list°¡ ³ª¿À¹Ç·Î, file format°ú °³³ä¸¸ Àß ÀÌÇØÇÏ¸é »ç¿ë¹ýÀ» ½±°Ô ÀÍÈú ¼ö ÀÖ´Ù. 7.5. ÀÏ°ü¼º Á¡°Ë programµé 7.5.1. pwck pwck programÀº /etc/passwd¿Í /etc/shadow file°£¿¡ Ʋ¸° Á¡ÀÌ ¾ø´Â Áö Á¡°ËÇÑ´Ù. ÀÌ °ÍÀº °¢°¢ »ç¿ëÀÚ¿¡ ´ëÇØ ´ÙÀ½°ú °°Àº »çÇ×À» Á¡°ËÇÑ´Ù: o fieldÀÇ °¹¼ö´Â ¸Â´Â°¡ o »ç¿ëÀÚ À̸§Àº À¯ÀÏÇÑ°¡ o »ç¿ëÀÚ¿Í group id o ±âº» group o home directory o login shell ¶ÇÇÑ, password°¡ ¾ø´Â °èÁ¤¿¡ ´ëÇØ °æ°í¸¦ ÁØ´Ù. Shadow SuiteÀ» ±ñ µÚ, pwck¸¦ ½ÇÇà½ÃÅ°´Â °ÍÀº ÁÁÀº »ý°¢ÀÌ´Ù. ÁÖ³ª ¿ù´ÜÀ§µî ÁÖ±âÀûÀ¸·Î ½ÇÇà½ÃÅ°±â¸¦ ±ÇÇÑ´Ù. -r optionÀ» ¾´´Ù¸é, cronÀ¸·Î ÇÏ¿©±Ý Á¤±âÀûÀ¸·Î ½ÇÇàÇÏ°í °á°ú¸¦ º¸°íÇϵµ·Ï ÇÒ ¼ö ÀÖ´Ù. 7.5.2. grpck grpck programÀº /etc/group¿Í /etc/gshadow file°£¿¡ Ʋ¸° Á¡ÀÌ ¾ø´Â Áö Á¡°ËÇÑ´Ù. ÀÌ°ÍÀº ´ÙÀ½°ú °°Àº »çÇ×À» Á¡°ËÇÑ´Ù: o fieldÀÇ °¹¼ö´Â ¸Â´Â°¡ o »ç¿ëÀÚ À̸§Àº À¯ÀÏÇÑ°¡ o »ç¿ëÀÚ¿Í °ü¸®ÀÚÀÇ list°¡ ¸Â´Â°¡ ÀÚµ¿ º¸°í¼­¸¦ À§ÇØ -r optionÀÌ ÀÖ´Ù. 7.6. Dial-up passwords. Dial-up password´Â ÀüÈ­Á¢¼ÓÀ» Çã¿ëÇÏ´Â system¿¡°Ô´Â ¶Ç ÇϳªÀÇ ¹æ¾î¼±ÀÌ´Ù. ´ç½ÅÀº Á÷Á¢À̵ç network¸¦ ÅëÇؼ­°Ç ¸¹Àº »ç¶÷µéÀÌ system¿¡ Á¢¼ÓÇÏ°Ô ÇÒ ¼ö ÀÖÁö¸¸, ÀüÈ­Á¢¼ÓÀ» ÇÒ ¼ö ÀÖ´Â »ç¶÷À» Á¦ÇÑÇÏ°í ½Í´Ù¸é, dial-up password´Â ÁÁÀº ÇØ°áÃ¥ÀÌ´Ù. dial-up password¸¦ ¾²°í ½Í´Ù¸é, /etc/login.defsÀÇ DIALUPS_CHECK_ENAB¸¦ yes·Î ¹Ù²Ù¸é µÈ´Ù. µÎ fileÀÌ ÀüÈ­Á¢¼Ó¿¡ ´ëÇÑ Á¤º¸¸¦ ´ã°í ÀÖ´Ù. /etc/dialups´Â ttys¿¡ ´ëÇÑ ³»¿ëÀÌ´Ù ("/dev/"´Â Á¦°ÅµÈ ä·Î line´ç Çϳª¾¿). tty°¡ list¿¡ ¿Ã¶ó¿ÍÀÖ´Ù¸é dial-up °Ë»ç°¡ ¼öÇàµÈ´Ù(?). µÎ¹ø°´Â /etc/d_passwdÀÌ´Ù. ÀÌ file¿¡´Â password¿Í shellÀÇ ¿ÏÀüÇÑ pathnameÀÌ µé¾î ÀÖ´Ù. tty¸¦ ÅëÇؼ­ logÇÏ´Â »ç¿ëÀÚ°¡ /etc/dialups¿¡, ±×ÀÇ shellÀÌ /etc/d_passwd¿¡ ÀÖ´Ù¸é, ±×´Â Á¦´ë·Î password¸¸ ÀÔ·ÂÇÏ¸é µÈ´Ù. dial-up passwordÀÇ ¶Ç ´Ù¸¥ ÀÌ¿ë¹ý´Â ÇÑ line¿¡ ¾î¶² Á¢¼Ó À¯Çü(´ë°³ PPP³ª UUCP Á¢¼Ó)À» Çã¿ëÇÒ °ÍÀΰ¡¸¦ Á¤ÇÏ´Â °ÍÀÌ´Ù. »ç¿ëÀÚ°¡ ´Ù¸¥ À¯ÇüÀÇ Á¢¼Ó(ƯÈ÷, ÀÏ·ÃÀÇ shell·Î½á)À» ½ÃµµÇÏ°íÀÚ ÇÑ´Ù¸é, lineÀ» »ç¿ëÇÒ ¼ö ÀÖ´Â password¸¦ ¾Ë°í ÀÖ¾î¾ß ÇÑ´Ù. dial-up ±â´ÉÀ» »ç¿ëÇϱâ Àü¿¡, fileµéÀ» ¸¸µé¾î¾ß ÇÑ´Ù. dpasswd ¸í·ÉÀº password¿Í /etc/d_passwd¿¡ ÀÖ´Â shellÀ» ¿¬°áÇØÁØ´Ù. ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¿¡... 8. C program¿¡ Shadow¸¦ Áö¿øÇϵµ·Ï µ¡ºÙÀ̱â C program¿¡ Shadow¸¦ Áö¿øÇϵµ·Ï µ¡ºÙÀÌ´Â °ÍÀº ½ÇÁ¦ÀûÀ¸·Î ¸Å¿ì °£´ÜÇÏ´Ù. ´ÜÁö ¹®Á¦´Â /etc/shadow file¿¡ Á¢±ÙÇϱâ À§Çؼ­´Â programÀÌ root(¶Ç´Â SUID root)·Î ½ÇÇàµÇ¾î¾ß ÇÑ´Ù´Â °ÍÀÌ´Ù. ÀÌ °ÍÀº Ä¿´Ù¶õ ¹®Á¦ Çϳª¸¦ ¿ì¸®¿¡°Ô °­¿äÇÑ´Ù: SUID programÀ» ¸¸µé ¶§, ¸Å¿ì Á¶½É½º·´°Ô programmingÇÏ´Â ½À°üÀÌ µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù. ¿¹¸¦ µé¾î, programÀÌ shell Å»Ãâ±â´ÉÀ» °¡Áö°í ÀÖ°í ÀÌ programÀÌ SUID root¶ó¸é, ÀÌ ±â´ÉÀÌ root ±ÇÇÑÀ» Á־´Â ¾ÈµÈ´Ù. password¸¦ °Ë»çÇØ ÇÒ ¼ö ÀÖÁö¸¸ ´Ù¸¥ °æ¿ì´Â root±ÇÇÑÀ¸·Î ½ÇÇàÇÒ ÇÊ¿ä°¡ ¾ø´Â program¿¡ shadow Áö¿ø ±â´ÉÀ» µ¡ºÙÀÓÀ¸·Î½á, SUID programº¸´Ù ÈξÀ ¾ÈÀüÇÑ programÀ» ¸¸µé ¼ö ÀÖ°Ô ÇÑ´Ù. xlock programÀÌ ±× ÇÑ ¿¹ÀÌ´Ù. ¾Æ·¡ ¿¹¿¡¼­, pppd-1.2.1d´Â ÀÌ¹Ì SUID root·Î ½ÇÇàÇÏ°í ÀÖÀ¸¹Ç·Î, shadow Áö¿ø ±â´ÉÀ» µ¡ºÙÀÌ´Â °ÍÀº programÀÌ ´õ Ãë¾àÇÏ°Ô ¸¸µéÁö ¾ÊÀ» °ÍÀÌ´Ù. 8.1. Header files header fileµéÀº /usr/include/shadow¿¡ ÀÖ´Ù. ¶ÇÇÑ, /usr/include/shadow.hµµ ÀÖ´Ù. ±×·¯³ª, ÀÌ°ÍÀº /usr/include/shadow/shadow.h¿¡ ´ëÇÑ symbolic linkÀÏ °ÍÀÌ´Ù. shadow Áö¿ø ±â´ÉÀ» Ãß°¡Çϱâ À§ÇØ, header fileÀ» ³ÖÀÚ: #include #include shadow code¸¦ »óȲ¿¡ µû¶ó compileÇϵµ·Ï compiler directive(Áö½ÃÀÚ)¸¦ ¾²´Â °ÍÀº Á¾Àº ¹æ¹ýÀÌ´Ù (¾Æ·¡ ¿¹¿¡¼­ º¸µµ·Ï). 8.2. libshadow.a library Shadow SuiteÀ» ¼³Ä¡ÇÒ ¶§, libshadow.a fileÀº /usr/lib¿¡ ³õÀδÙ. shadow Áö¿ø±â´ÉÀ» program¿¡ ³ÖÀ»·Á¸é, linker¿¡°Ô libshadow.a¸¦ °°ÀÌ linkÇϵµ·Ï Áö½ÃÇØÁÖ¾î¾ß ÇÑ´Ù. ´ÙÀ½Ã³·³: gcc program.c -o program -lshadow ¾î·µç, ¾Æ·¡ ¿¹¿¡¼­ º¸´Ù½ÃÇÇ, ´ëºÎºÐ °Å´ëÇÑ programµéÀº MakefileÀ» »ç¿ëÇÏ°í, ¿ì¸®°¡ °íÄ¥ LIBS=...¶ó´Â º¯¼ö¸¦ ´ë°³ ¾´´Ù. 8.3. Shadow ±¸Á¶Ã¼ libshadow.a library´Â /etc/shadow file·ÎºÎÅÍ ¾ò´Â Á¤º¸¸¦ spwd¶ó´Â ±¸Á¶Ã¼¿¡ ´ã´Â´Ù. spwd ±¸Á¶Ã¼¿¡ ´ëÇÑ Á¤ÀÇ´Â /usr/include/shadow/shadow.h file¿¡ ÀÖ´Ù: ______________________________________________________________________ struct spwd { char *sp_namp; /* »ç¿ëÀÚ À̸§ */ char *sp_pwdp; /* encryptµÈ password */ sptime sp_lstchg; /* ÃÖ±Ù data ¼öÁ¤ÀÏ */ sptime sp_min; /* ¼öÁ¤ÀÛ¾÷°£ÀÇ ÃÖ¼Ò ³¯Â¥(°á±¹ Çѹø ¼öÁ¤ÇÑ ´ÙÀ½ ¾ðÁ¦ ¼öÁ¤ÀÌ °¡´ÉÇÑ°¡¿¡ ´ëÇÑ ´ë´ä) */ sptime sp_max; /* ¼öÁ¤ÀÛ¾÷°£ÀÇ ÃÖ´ë ³¯Â¥(password À¯È¿±â°£) */ sptime sp_warn; /* password°¡ ¹«È¿°¡ µÇ±â Àü °æ°íÇÏ´Â ±â°£ */ sptime sp_inact; /* password°¡ ¹«È¿µÈ µÚ, °èÁ¤ÀÌ »ç¿ëºÒ´ÉÀÌ µÉ ¶§±îÁöÀÇ ±â°£. */ sptime sp_expire; /* ³¯Â¥(°èÁ¤»ç¿ëºÒ´É - 1/1/70) */ unsigned long sp_flag; /* ³ªÁßÀ» À§ÇØ ºñ¿öµÒ */ }; ______________________________________________________________________ Shadow Suite´Â sp_pwdp field¿¡ encodeµÈ passwd¿Í ÇÔ²² ´Ù¸¥ °É ³ÖÀ» ¼ö ÀÖ´Ù. password field´Â ´ÙÀ½Ã³·³ µÉ ¼ö ÀÖ´Ù: username:Npge08pfz4wuk;@/sbin/extra:9479:0:10000:::: ÀÌ´Â password¿¡ µ¡ºÙ¿©, /sbin/extra programÀÌ ´õ ½ÉÈ­µÈ ÀÎÁõÀ» À§ÇØ È£ÃâµÈ´Ù´Â °ÍÀ» ÀǹÌÇÑ´Ù. È£ÃâµÇ´Â programÀº username, È£ÃâÀÌÀ¯¸¦ ¾Ë·ÁÁÖ´Â switch¸¦ ¹ÞÀ» ¼ö ÀÖ¾î¾ß µÉ °ÍÀÌ´Ù. ÀÚ¼¼ÇÑ °É ¾Ë°í ½Í´Ù¸é, /usr/include/shadow/pwauth.h¿Í pwauth.c¸¦ º¸±â ¹Ù¶õ´Ù. ÀÌ°ÍÀÌ ÀǵµÇÏ´Â ¹Ù´Â -µÎ¹ø »ç¿ëÀÚ È®ÀÎÇÏ´Â µ¥ »ç¿ëÇÒ ¼öµµ ÀÖ´Â- ´Ù¸¥ ÇöÁ¸ÇÏ´Â(actual) »ç¿ëÀÚ È®ÀÎ ¹æ¹ýÀ» ¼öÇàÇÒ ¼ö ÀÖµµ·Ï pwauth ±â´ÉÀ» ¾²´Â °ÍÀÌ´Ù. Shadow SuiteÀÇ ÀúÀÚ´Â ÇöÁ¸ÇÏ´Â ´ëºÎºÐÀÇ programµéÀÌ ÀÌ ±â´ÉÀ» ¾²°í ÀÖÁö ¾ÊÀ½Àº ÁöÀûÇϸ鼭, Shadow Suite Â÷±â version¿¡´Â »ç¶óÁö°Å³ª, ¹Ù²ð °ÍÀ̶ó°í ÇÑ´Ù. 8.4. Shadow ÇÔ¼öµé shadow.h fileÀº libshadow.a library¿¡ ÀÖ´Â ÇÔ¼öµéÀÇ ±âº»ÇüÀ» Æ÷ÇÔÇÏ°í ÀÖ´Ù: ______________________________________________________________________ extern void setspent __P ((void)); extern void endspent __P ((void)); extern struct spwd *sgetspent __P ((__const char *__string)); extern struct spwd *fgetspent __P ((FILE *__fp)); extern struct spwd *getspent __P ((void)); extern struct spwd *getspnam __P ((__const char *__name)); extern int putspent __P ((__const struct spwd *__sp, FILE *__fp)); ______________________________________________________________________ ¿¹Á¦¿¡¼­ ¾µ ÇÔ¼ö´Â: getspnam - spwd ±¸Á¶Ã¼¿¡¼­ »ç¿ëÀÚ À̸§À» °¡Á®¿À´Â ÇÔ¼ö - ÀÌ´Ù. 8.5. Example ÀÌ°ÍÀº shadow Áö¿ø±â´ÉÀÌ ÇÊ¿äÇÏÁö¸¸ ±âº»¼³Á¤À¸·Î µÇ¾î ÀÖÁö ¾ÊÀº program¿¡ ±×°ÍÀ» Ãß°¡ÇÏ´Â ¿¹Á¦ÀÌ´Ù. º» ¿¹Á¦·Î, PAPÀ̳ª CHAP´ë½Å /etc/passwd file¿¡ ÀÖ´Â »ç¿ëÀÚÀ̸§°ú password¸¦ »ç¿ëÇÏ¿© PAP ÀÎÁõÀ» ¼öÇàÇÏ´Â mode¸¦ Áö´Ñ, Point-to-Point Protocol Server (pppd-1.2.1d)¸¦ µé°í ÀÖ´Ù. pppdÀÇ ÀÌ·± ±â´ÉÀº ±×¸® ÀÚÁÖ ¾²ÀÌ°í ÀÖÁö ¾Ê´Ù. ±×·¯³ª Shadow Suite°¡ ¼³Ä¡µÇ¸é ÀÌ ±â´ÉÀº ¸ø ¾²°Ô µÉ °ÍÀÌ´Ù. ¿Ö³ÄÇϸé password´Â ´õ ÀÌ»ó /etc/passwd¿¡ ÀÖÁö ¾Ê±â ¶§¹®ÀÌ´Ù. ppad-1.2.1d¿¡¼­ »ç¿ëÀÚ ÀÎÁõÇÏ´Â code´Â /usr/src/pppd-1.2.1d/pppd/auth.c file¿¡ ÀÖ´Ù. ´ÙÀ½ code´Â #include Áö½ÃÀÚ°¡ À§Ä¡ÇÏ´Â fileÀÇ À­ºÎºÐ¿¡ µ¡´î ÇÊ¿ä°¡ ÀÖ´Ù. ¿ì¸®´Â Á¶°ÇÁö½ÃÀÚ(conditional directive)·Î #include¸¦ µÑ·¯½Õ´Ù (Ưº°È÷ shadow Áö¿ø±â´ÉÀ» ³Ö¾î compileÇÒ ¶§¸¸ Æ÷ÇÔÇϵµ·Ï) ______________________________________________________________________ #ifdef HAS_SHADOW #include #include #endif ______________________________________________________________________ ´ÙÀ½Àº ½ÇÁ¦ code¸¦ °íÄ¡´Â ÀÏÀÌ´Ù. ¾ÆÁ÷µµ auth.c fileÀ» °íÄ¡°í ÀÖ´Ù. °íÄ¡±â ÀüÀÇ auth.c´Â: ______________________________________________________________________ /* * login - Check the user name and password against the system * password database, and login the user if OK. * * returns: * UPAP_AUTHNAK: Login failed. * UPAP_AUTHACK: Login succeeded. * In either case, msg points to an appropriate message. */ static int login(user, passwd, msg, msglen) char *user; char *passwd; char **msg; int *msglen; { struct passwd *pw; char *epasswd; char *tty; if ((pw = getpwnam(user)) == NULL) { return (UPAP_AUTHNAK); } /* * XXX If no passwd, let them login without one. */ if (pw->pw_passwd == '\0') { return (UPAP_AUTHACK); } epasswd = crypt(passwd, pw->pw_passwd); if (strcmp(epasswd, pw->pw_passwd)) { return (UPAP_AUTHNAK); } syslog(LOG_INFO, "user %s logged in", user); /* * Write a wtmp entry for this user. */ tty = strrchr(devname, '/'); if (tty == NULL) tty = devname; else tty++; logwtmp(tty, user, ""); /* Add wtmp login entry */ logged_in = TRUE; return (UPAP_AUTHACK); } ______________________________________________________________________ »ç¿ëÀÚ password´Â pw->pw_passwd¿¡ À§Ä¡ÇÑ´Ù. µû¶ó¼­ ÇÒ ÀÏÀº getspnam ÇÔ¼ö¸¦ Ãß°¡ÇÏ´Â °ÍÀÌ ÀüºÎ´Ù. ÀÌ ÇÔ¼ö´Â spwd->sp_pwdp¿¡ password¸¦ ÇÒ´çÇÑ´Ù. ¿ì¸®´Â ´Ù¸¥ ÇöÁ¸ÇÏ´Â(actual) »ç¿ëÀÚ È®ÀÎ ÀÛ¾÷À» ¼öÇàÇϵµ·Ï pwauth ÇÔ¼ö¸¦ ³ÖÀ» °ÍÀÌ´Ù. ÀÌ´Â shadow file¿¡ ¼³Á¤µÇ¾î ÀÖÀ¸¸é ÀÚµ¿ÀûÀ¸·Î µÎ¹ø° ÀÎÁõÀ» ¼öÇàÇÑ´Ù. shadow¸¦ Áö¿øÇϵµ·Ï °íÄ£ auth.c´Â: ______________________________________________________________________ /* * login - Check the user name and password against the system * password database, and login the user if OK. * * This function has been modified to support the Linux Shadow Password * Suite if USE_SHADOW is defined. * * returns: * UPAP_AUTHNAK: Login failed. * UPAP_AUTHACK: Login succeeded. * In either case, msg points to an appropriate message. */ static int login(user, passwd, msg, msglen) char *user; char *passwd; char **msg; int *msglen; { struct passwd *pw; char *epasswd; char *tty; #ifdef USE_SHADOW struct spwd *spwd; struct spwd *getspnam(); #endif if ((pw = getpwnam(user)) == NULL) { return (UPAP_AUTHNAK); } #ifdef USE_SHADOW spwd = getspnam(user); if (spwd) pw->pw_passwd = spwd->sp-pwdp; #endif /* * XXX If no passwd, let NOT them login without one. */ if (pw->pw_passwd == '\0') { return (UPAP_AUTHNAK); } #ifdef HAS_SHADOW if ((pw->pw_passwd && pw->pw_passwd[0] == '@' && pw_auth (pw->pw_passwd+1, pw->pw_name, PW_LOGIN, NULL)) || !valid (passwd, pw)) { return (UPAP_AUTHNAK); } #else epasswd = crypt(passwd, pw->pw_passwd); if (strcmp(epasswd, pw->pw_passwd)) { return (UPAP_AUTHNAK); } #endif syslog(LOG_INFO, "user %s logged in", user); /* * Write a wtmp entry for this user. */ tty = strrchr(devname, '/'); if (tty == NULL) tty = devname; else tty++; logwtmp(tty, user, ""); /* Add wtmp login entry */ logged_in = TRUE; return (UPAP_AUTHACK); } ______________________________________________________________________ ÁÖÀÇÇؼ­ º¸¸é ¿ì¸®°¡ ÇÑ ´Ù¸¥ º¯È­¸¦ º¼ ¼ö ÀÖÀ» °ÍÀÌ´Ù. /etc/passwd file¿¡ password°¡ ¾ø´Ù¸é, ¿ø versionÀº UPAP_AUTHACK¸¦ µ¹·ÁÁÖ°í Á¢¼ÓÀ» Çã¿ëÇß´Ù. ÀÌ°Ç ¾È ÁÁ´Ù. ¿Ö³ÄÇϸé, ÀÌ login±â´ÉÀÇ ÀϹÝÀûÀÎ ¿ëµµ´Â PPP process¿¡ Á¢±ÙÇÑ ´ÙÀ½, PAP¿¡ ÀÇÇØ Áö¿øµÇ´Â »ç¿ëÀÚ À̸§°ú password¸¦ /etc/passwd¿¡ ÀÖ´Â »ç¿ëÀÚ À̸§°ú /etc/shadow¿¡ ÀÖ´Â password¿Í ¸Â´ÂÁö Á¡°ËÇϵµ·Ï Çã¿ëÇÏ´Â, ÇÑ °èÁ¤À» »ç¿ëÇÏ´Â °ÍÀ̱⠶§¹®ÀÌ´Ù. µû¶ó¼­, ¿ø versionÀÌ »ç¿ëÀÚ(ƯÈ÷, ppp)¸¦ À§ÇØ shellÀ» ½ÇÇà½ÃÅ°µµ·Ï ¼³Á¤Çß´Ù¸é, ´©±¸µçÁö ±×µéÀÇ PAP¸¦ »ç¿ëÀÚÀ̸§À» ppp, password¸¦ null·Î ÇÔÀ¸·Î½á ppp ¿¬°áÀ» ȹµæÇÒ ¼ö ÀÖ¾ú´Ù. ¿ì¸®´Â ÀÌ°ÍÀ» password°¡ ¾ø´Ù¸é UPAP_AUTHACK´ë½Å UPAP_AUTHNAK¸¦ µÇµ¹·ÁÁÖµµ·Ï °íÃÆ´Ù. Èï¹Ì·Ó°Ôµµ pppd-2.2.0·Î °°Àº ¹®Á¦¸¦ Áö´Ï°í ÀÖ´Ù. ´ÙÀ½Àº µÎ°¡Áö ÀÏÀÌ ÀϾ ¼ö ÀÖµµ·Ï MakefileÀ» °íÁö´Â °ÍÀÌ´Ù: USE_SHADOW°¡ ¼±¾ðµÇ¾î ÀÖ¾î¾ß ÇÏ°í, libshadow.a°¡ linkµÇµµ·Ï ÇÒ ÇÊ¿ä°¡ ÀÖ´Ù. Makefile¿¡¼­´Â: LIBS = -lshadow ±×¸®°í³ª¼­ ´ÙÀ½ ÁÙÀ»: COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t ¿¡¼­: COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t -DUSE_SHADOW ·Î ¹Ù²Û´Ù. ÀÌÁ¦ ¸¸µé¾î¼­ ¼³Ä¡Ç϶ó. 9. ÀÚÁÖ ¹¯´Â Áú¹®µé. Áú: /etc/securettys file¸¦ ½á¼­ root°¡ µé¾î°¥ ¼ö ÀÖ´Â tty¸¦ Á¶Á¤ÇØ¿ÔÀ¾´Ï´Ù¸¸, ÀÌÁ¦´Â ¾È µË´Ï´Ù. ¹¹°¡ À߸øÀϱî¿ä? ´ä: /etc/securettys fileÀº Shadow SuiteÀÌ ¼³Ä¡µÈ µÚ¿¡´Â ´õÀÌ»ó ¾µ ¼ö ¾øÀ¾´Ï´Ù. login ¼³Á¤ fileÀÎ /etc/login.defs¿¡¼­ root°¡ ¾µ ¼ö ÀÖ´Â tty¸¦ Á¤ÇÒ ¼ö ÀÖÀ¾´Ï´Ù. ÀÌ fileÀÇ Ç׸ñÀº ¶Ç ´Ù¸¥ fileÀ» °¡¸£Å³ ¼ö ÀÖÀ¾´Ï´Ù. Áú: Shadow SuiteÀ» ¼³Ä¡Çß´õ´Ï, loginÇÒ ¼ö ¾øÀ¾´Ï´Ù. ³»°¡ ¹«¾ó »© ¸Ô¾úÁö¿ä? ´ä: ¾Æ¸¶ Shadow programµéÀ» ¼³Ä¡ÇßÁö¸¸, pwconv¸¦ ½ÇÇà½ÃÅ°Áö ¾Ê¾Ò´øÁö, /etc/npasswd¿Í /etc/nshadow¸¦ /etc/passwd¿Í /etc/shadow·Î º¹»çÇÏ´Â °ÍÀ» ÀؾúÀ» °Ì´Ï´Ù. ¶ÇÇÑ login.defs¸¦ /etc·Î º¹»çÇØ¾ß µË´Ï´Ù. Áú: xlock section¿¡¼­, /etc/shadowÀÇ group ¼ÒÀ¯ÀÚ¸¦ shadow·Î ¹Ù²Ù¶ó°í ÇÕ´Ï´Ù. ³ª´Â shadow groupÀ» °¡Áö°í ÀÖÁö ¾Ê½À´Ï´Ù. ¹» ÇؾߵÇÁö¿ä? ´ä: Ãß°¡ÇÏ½Ã¸é µË´Ï´Ù. °£´ÜÈ÷ /etc/group file¿¡ ÇÑÁÙ Ãß°¡ÇÏ¸é µË´Ï´Ù. ´Ù¸¥ groupÀ¸·Î ¾²ÀÌ°í ÀÖÁö ¾ÊÀº group number·Î ÇÒ´çÇؼ­ nogroup Ç׸ñÀü¿¡ »ðÀÔÇÏ¸é µË´Ï´Ù. ¶Ç´Â xlock¸¦ SUID root·Î ÇÏ¸é µË´Ï´Ù. Áú: Linux Shadow Password Suite¿¡ ´ëÇÑ mailing list°¡ ÀÖÀ¾´Ï±î? ´ä: ¿¹, ÇÏÁö¸¸ ´ÙÀ½ Linux Shadow SuiteÀÇ beta test¿Í °³¹ßÀ» À§ÇÑ °Ì´Ï´Ù. shadow-list-request@neptune.cin.net¿¡ Á¦¸ñ(subject)À» subscribe·Î Çؼ­ mail·Î º¸³»½Ã¸é list¿¡ Ãß°¡µÇ½Ç ¼ö ÀÖÀ¾´Ï´Ù. ÀÌ list´Â ½ÇÁö·Î Linux shadow-YYMMSS series¿¡ ´ëÇؼ­ Åä·ÐÇÏ°í ÀÖÀ¾´Ï´Ù. ¸¸ÀÏ °³¹ß¿¡ Âü°¡ÇÏ°í ½Í°Å³ª, ´ç½ÅÀÇ system¿¡ Suite¸¦ ±ò°í ÃÖ±Ù release¿¡ ´ëÇÑ Á¤º¸¸¦ ¾ò°í ½Í´Ù¸é, Âü°¡Çϼŵµ µË´Ï´Ù. Áú: Shadow Suite¸¦ ¼³Ä¡ÇßÀ¾´Ï´Ù. ±×·±µ¥, userdel ¸í·ÉÀ» »ç¿ëÇÒ ¶§¸¶´Ù, "userdel: cannot open shadow group file"À̶õ message¸¦ ¹Þ½À´Ï´Ù. ¹» À߸øÇßÁö¿ä? ´ä: Shadow Suite¸¦ SHADOWGRP option°¡´ÉÀ¸·Î compileÇßÁö¸¸, /etc/gshadow fileÀÌ ¾ø´Â °ÍÀÔ´Ï´Ù. config.h¸¦ ÆíÁýÇؼ­ ´Ù½Ã compileÇϰųª, /etc/group fileÀ» ¸¸µå½Ê½Ã¿ä. shadow group¿¡ ´ëÇÑ sectionÀ» ÂüÁ¶ÇϽñ⠹ٶø´Ï´Ù. Áú: Shadow SuiteÀ» ¼³Ä¡ÇßÁö¸¸, Áö±Ý /etc/passwd¿¡ encodeµÈ password°¡ ÀÖÀ¾´Ï´Ù. ¹¹°¡ À߸øµÆÁö¿ä? ´ä: Shadow config.h file¿¡ AUTOSHADOW option °¡´ÉÇÏ°Ô Ç߰ųª, libc¸¦ SHADOW_COMPAT optionÀ» ÁÖ°í compileÇßÀ» °Ì´Ï´Ù. ¾î´À ¹®Á¦ÀÎÁö È®ÀÎÇؼ­ ´Ù½Ã compileÇϽʽÿä. 10. ÀúÀ۱ǿ¡ °üÇؼ­. The Linux Shadow Password HOWTO is Copyright (c) 1996 Michael H. Jackson. ¸ðµç »çº»¿¡ ÀúÀÛ±Ç¿Í ÀÌ Çã°¡ Åë°í°¡ Á¦°øµÇ´Â ÀÌ ¹®¼­ÀÇ µ¿ÀÏÇÑ »çº»À» ¸¸µé°í ¹èÆ÷ÇÏ´Â °ÍÀ» Çã°¡ÇÕ´Ï´Ù. À§¿¡ ¸í±âµÈ µ¿ÀÏÇÑ »çº»¿¡ ´ëÇÑ Á¶°ÇÇÏ¿¡¼­, ¹®¼­°¡ ¼öÁ¤µÈ °ÍÀ̶ó´Â ¸í¹éÇÑ Åë°í°¡ ¼öÁ¤µÈ ¹®¼­¿¡ ¶ÇÇÑ Æ÷ÇԵǾî, ÀÌ ¹®¼­ÀÇ ¼öÁ¤µÈ versionÀ» º¹»çÇÏ°í ¹èÆ÷ÇÏ´Â ÇàÀ§¸¦ Çã°¡ÇÕ´Ï´Ù. À§¿¡ ¼öÁ¤µÈ version¿¡ ´ëÇØ ¼­¼úÇÑ Á¶°ÇÇÏ¿¡¼­, ÀÌ ¹®¼­ÀÇ ´Ù¸¥ ¾ð¾î ¹ø¿ªº»À» º¹»çÇÏ°í ¹èÆ÷ÇÏ´Â °ÍÀ» Çã°¡ÇÕ´Ï´Ù. À§¿¡ ¼öÁ¤µÈ version¿¡ ´ëÇØ ¼­¼úÇÑ Á¶°ÇÇÏ¿¡¼­, »õ·Î¿î ¸Åü¿¡ ¿ø ¹®¼­¿¡ ´ëÇÑ ¾Ë±â ½¬¿î ÂüÁ¶À» Æ÷ÇÔ½ÃÅ°´Â °Í°ú ºñ½ÁÇÑ ¿ø ¹®¼­¸¦ ¾Ë¸®´Â µ¥ ÇÊ¿äÇÑ »çÇ×À» ´ã°í, ÀÌ ¹®¼­¸¦ ´Ù¸¥ ¸Åü·Î ¹Ù²Ù´Â °ÍÀ» Çã°¡ÇÕ´Ï´Ù. 11. °¨»ç¸»°ú ±× ¹Û¿¡... auth.c¿¡ ´ëÇÑ code ¿¹Á¦´Â Copyright (c) 1993 and The Australian National University¿Í Copyright (c) 1989 Carnegie Mellon UniversityÀÇ pppd-1.2.1d¿Í ppp-2.1.0e¿¡¼­ ºô·Á¿Ô´Ù. Linux¿ë Shadow SuiteÀ» ¸¸µé°í, À¯Áöº¸¼öÇÏ°í ÀÖ´Â °Í¿¡ ´ëÇØ, ±×¸®°í ÀÌ ¹®¼­¸¦ Âß º¸°í ³íÆòÇØÁֽŠMarek Michalkiewicz ²² °¨»çµå¸³´Ï´Ù. Ä£ÀýÇÏ°Ô Âß Àаí, ½ÃÇèÇØÁֽŠRon Tidd ²² °¨»çµå¸³´Ï´Ù. ÀÌ ¹®¼­°¡ ´õ ³ª¾ÆÁöµµ·Ï Á¤Á¤»çÇ×À» ¾Ë·ÁÁֽŠ¿©·¯ºÐ²² °¨»çµå¸³´Ï´Ù. ¾î¶² ³íÆòÀ̳ª Á¦¾ÈÀ» Á¦°Ô º¸³»Áֽñ⠹ٶø´Ï´Ù. Michael H. Jackson ÀÌ ¹ø¿ª¿¡ ´ëÇÑ ¾î¶°ÇÑ ³íÆòÀ̳ª Ãæ°í ºÎŹµå¸³´Ï´Ù. Á¶¿ëÀÏ