Chapter 4 Accounts and Group Management
Overview
Solaris 9 exam content covered in this chapter
§ Master a major component of an account, master the system file used to store account information, and explain what information stores in each file.
§ Explain how to manage accounts, and describe the initialization file of the system level.
§ Master the processes, commands, and variables or verification processes for viewing and controlling system privileges, switching users in the system, restricting access to data in the file.
Account is one of the most critical components in any Solaris system. When the system is started, you must log in to use the resources. To log in to the system, you must provide a valid username and password. Whenever the user tries to access a system resource, the username is used to check the relevant permissions. In Solaris, all resources must have a owner, and if there is no account, there is no so-called owner. Solaris is a multi-user environment, which means that we can create multiple accounts in the system (in fact, you should also create j), and multiple users can log in to the same system at the same time.
Group (Group) is used to simplify system management, the group is not used to log in to the system as an account, but each account is at least a group. Associated to the group will greatly simplify the security management task of the system directly compared to the direct association directly to the account. Any way to provide convenient way to manage is a great good thing.
When the user logs in to Solaris, it will be associated with a shell. The shell defines the user's command environment. Depending on the SHELL you use, the execution method of the command will become different. In a shell, you can run commands and variables, to another shell, may not be executed at all.
In this chapter, we will learn the management knowledge of accounts and groups, including graphical interface and command line mode. In addition, there will be some discussion on the characteristics of different shells used in Solaris.
4.1 Management account and group
You opened the Solaris workstation, at this time
clear
The cool news appeared: "Welcome to Solaris, please enter your username." (Welcome to the Solaris world, enter your big name J). A friendly light is a flashing patience waiting for your input, what are you waiting for, enter your big name, of course, your password should not forget to fill it. All the two information is input and correct, so you can log in to the system and you can start Work. However, if you don't have a username, what should I do? Just now
clear
The cool news seems to laugh at you, the friendly cursor is flashing. Your heartbeat is accelerating, and you will start catching cold sweat ... you can't use Solaris!
Fortunately, login to Solaris usually doesn't have such dramatic. In fact, as long as you enter your username and password, you have already logged in. The username and password are part of your account. Nothing to use a computer will have him (her) its own account. The account includes the following sections:
n A unique username (also known as a login name) used to represent this user in the system.
n An User ID (UID) number used to represent the user.
n One password (password) enables the user to enter the system. Although the length of the password is not limited, Solaris only uses the first eight (that is, no matter how long you entered, Solaris only recognizes eight characters in front). n A Working Directory (Home Directory), can be used to save the user's file, but also after logging in, the user's default directory.
n Some initialization files (also known as a shell script: shell script), after logging in, set the user's operating environment. These initialization files and shells used by users are closely related.
A new concept in Solaris 9 is the Project. An engineering (Project) is used to identify a workload component, and the workload component can be used to allow system calls or provide a basic principle for resource allocation. In order to successfully log in Solaris 9, the user must be part of a project. By default, new users are members of Engineering Group.staff.
Project Information Save in File / etc / Project. The user can log in to Solaris 9 is that the file (/ etc / project) must exist, but any management information will not be added before the user can use the project (Project).
The relationship between the UID, GID and PROJID is shown below
Group (Group) is used to organize managers to access users with similar permissions. For example, a accounting department with 20 accountants, if all accountants need to access a financial database, you can give permissions to each accountant, you can also put all users (accountants) in a group ( In groups, then assignment this group. Perhaps the workload of the two methods is similar. However, the time is long, the user will add and delete, and the new financial resources will also be online. At this time, you will find that you have access to permission management.
In Solaris, each group (group) has a group name and group ID (GID). GID and a group relationship, just like the relationship between UID and an account. The user must belong to a group, namely: Primary Group, and can belong to up to 15 secondary groups.
Solaris 9 has built some accounts and groups.
