Advanced Programming in UNIX Environment Episode 26

口令文件
UNIX系统口令文件(POSIX.1则将其称为用户数据库)包含了下列表格所示的各字段,这些字段包含在<pwd.h>中定义的passwd结构中。

注意,POSIX.1只指定passwd结构包含的10个字段中的5个。大多数平台至少支持其中7各字段。BSD派生的平台支持全部10个字段。

说明 struct passwd成员 POSIX.1 FreeBSD Linux 3.2.0 Mac OS X 10.6.8 Solaris 10
用户名 char *pw_name · · · · ·
加密口令 char *pw_passwd · · · ·
数值用户ID uid_t pw_uid · · · · ·
数值组ID gid_t pw_gid · · · · ·
注释字段 char *pw_gecos · · · ·
初始工作目录 char *pw_dir · · · · ·
初始shell(用户程序) char *pw_shell · · · · ·
用户访问类 char *pw_class · ·
下次更改口令时间 time_t pw_change · ·
账户有效期间 time_t pw_expire · ·

POSIX.1定义了两个获取口令文件项的函数。

#include <pwd.h>

struct passwd *getpwid(uid_t uid);
struct passwd *getpwnam(const char *name);

如果要查看的只是登录名或用户ID,那么这两个POSIX.1函数能满足要求,但是也有些程序要查看整个口令文件。

#include <pwd.h>

struct passwd *getpwent(void);

void setpwent(void);
void endpwent(void);

基本POSIX.1标准没有定义这三个函数。在Single UNIX Specification中,他们被定义为XSI扩展。

#include <pwd.h>
#include <stddef.h>
#include <string.h>

struct passwd * getpwnam(const char *name)
{
    struct passwd *ptr;

    setpwent();
    while((ptr=getpwent())!=NULL)
    {
        break;
    }
    endpwent();
    return ptr;
}

getpwnam函数

为使企图这样做的人难以获得原始资料(加密口令),现在,某些系统将加密口令存放在另一个通常称为阴影口令(shadow password)的文件中。该文件至少要包括用户名和加密口令。

加密口令char *sp_pwdp上次更改口令以来经过的时间int sp_lstchg经多少天后允许更改int *sp_min要求更改尚余天数int sp_max超期警告天数int sp_warn账户不活动之前尚余天数int sp_inact账户超期天数int sp_expire保留unsigned int sp_flag
说明 struct spwd成员
用户登录名 char *sp_namp

阴影口令文件不应是一般用户可以读取的。仅用少数几个程序需要访问加密口令,如login和passwd,这些程序常常是设置用户ID为root的程序。

#include <shadow.h>

struct spwd *getspnam(const char *name);
struct spwd *getspent(void);

void setspend(void);
void endspent(void);

组文件

UNIX组文件(POSIX.1称其为组数据库)包含了所示字段。

说明 struct group成员 POSIX.1 FreeBSD Linux 3.2.0 Mac OS X 10.6.8 Solaris 10
组名 char *gr_name · · · · ·
加密口令 char *gr_passwd · · · ·
数值组ID int gr_uid · · · · ·
数值组ID gid_t pw_gid · · · · ·
指向个用户名指针的数组/th> char **gr_mem · · · · ·

查看组名或数值组ID。

#include <grp.h>

struct group *getgrgid(gid_t gid);
struct group *getgrnam(const char *name);

需要搜索整个组文件,则需要使用另外几个函数。类似于针对口令文件的3个函数。

#include <grp.h>

struct group *getgrent(void);

void setgrent(void);
void endgrent(void);

这3个函数不是基本POSIX.1标准的组成部分。Single UNIX Specification的XSI扩展定义了这些函数。所有UNIX系统都提供这3个函数。

附属组ID

附属组ID是POSIX.1要求的特性。常量NGROUPS_MAX规定了附属组ID的数量,其常用值为16。

为了获取和设置附属组ID,提供了下列3个函数。

#include <unistd.h>
int getgroups(int gidsetsize,gid_t grouplist[]);

#include <grp.h> /* on Linux */
#include <unistd.h> /* on FreeBSD,Mac OS X,and Solaris */
int setgroups(int ngroups,const gid_t grouplist[]);

#include <grp.h> /* on Linux and Solaris */
#include <unistd.h> /*on FreeBSD and Mac OS X */
int initgroups(const char *username,gid_t basegid);

在这3个函数中,POSIX.1只说明了getgroups。因为setgroups和initgroups是特权操作,所以它们并非POSIX.1的组成部分。但是,本书说明的4中平台多支持这3个函数。

Implementation Differences

Figure summarized how the four platforms covered in this book store user and group information.

information FreeBSD 8.0 Linux 3.2.0 Mac OS X 10.6.8 Solaris 10
account information /etc/passwd /etc/passwd Directory Services /etc/passwd
encrypted passwords /etc/master.passwd /etc/shadow Directory Services /etc/shadow
hashed password files yes no no no

On many systems,the user and group databases are implemented using the Network Information Service (NIS). This allows administrators to edit a master copy of the databases and distribute them automatically to all servers in an organization. Client systems contact servers to look up information about users and groups. NIS+ and the Lightweight Directory Access Protocol (LDAP) provide similar functionality. Many systems control the method used to administer each type of information through the /etc/nsswitch.conf configuration file.

Other Data Files

The general principle is that every data file has at least three functions:

1.A get function that reads the next record,opening the file if necessary. These functions normally return a pointer to a structure. A null pointer is returned when the end of file is reached. Most of the get functions return a pointer to a static structure,so we always have to copy the structure if we want to save it.

2.A set function that opens the file,if not already open,and rewinds the file. We use this function when we know we want to start again at the beginning of the file.

3.An end entry that closes the data file. As we mentioned earlier,we always have to call this function when we’re done,to close all the files.

Login Accounting

Two data files provided with most UNIX systems are the utmp file,which keeps track of all the users currently logged in,and the wtmp file,which keeps track of all logins and logouts.

struct utmp
{
    char ut_line[8];
    char ut_name[8];
    long ut_time;
};

Most versions of the UNIX System still provide the utmp and wtmp files,but as expected,the amount of information in these files has grown. The 20-byte structure that was written by Version 7 grew to 36 bytes with SVR2,and the extended utmp structure with SVR4 takes more than 350 bytes!

System Identification

POSIX.1 defines the uname function to return information on the current host and operating system.

#include <sys/utsname.h>

int uname(struct utsname *name);

We pass the address of a utsname structure to this function,and the function then fills it in. POSIX.1 defines only the minimum fields in the structure,which are all character arrays,and it’s up to each implementation to set the size of each array.

struct utsname
{
    char sysname[];
    char nodename[];
    char release[];
    char version[];
    char machine[];
};
Interface Maximum name length
FreeBSD 8.0 Linux 3.2.0 Mac OS X 10.6.8 Solaris 10
uname 256 65 256 257
gethostname 256 64 256 256

Historically,BSD-derived systems provided the gethostname function to return only the name of the host. This name is usually the name of the host on a TCP/IP network.

#include <unistd.h>
int gethostname(char *name,int namelen);

Time and Date Routines

The basic time service provided by the UNIX kernel counts the number of seconds that have passed since the Epoch: 00:00:00 January 1,1970,Coordinated Universal Time (UTC).

The UNIX System has always differed from other operating systems in (a) keeping time in UTC instead of the local time,(b) automatically handling conversions,such as daylight saving time,and (c) keeping the time and date as a single quantity.
The time function returns the current time and date.

#include <time.h>
time_t time(time_t *calptr);

The time value is always returned as the value of the function. If the argument is non-null,the time value is also stored at the location pointed to by calptr.

The real-time extensions to POSIX.1 added support for multiple system clocks. In Version 4 of the Single UNIX Specification,the interfaces used to control these clocks were moved from an option group to the base.

#include <sys/time.h>
int clock_gettime(clockid_t clock_id,struct timespec *tsp);

When the clock ID is set to CLOCK_REALTIME,the clock_gettime function provides similar functionality to the time function,except with clock_gettime,we might be able to get a higher-resolution time value if the system supports it.

We can use the clock_getres function to determine the resolution of a given system clock.

#include <sys/time.h>
int clock_getres(clockid_t clock_id,struct timespec *tsp);

The clock_getres function initializes the timespec structure pointed to by the tsp argument to the resolution of the clock corresponding to the clock_id argument.

#inlcude <sys//time.h>
int clock_settime(clockid_t clock_id,const struct timespec *tsp);

We can use the clock_getres function to determine the resolution of a given system clock.

#include <sys/time.h>
int clock_getres(clockid_t clock_id,struct timespec *tsp);

To set the time for a particular clock,we can call the clock_settime function

#include <sys/time.h>
int clock_settime(clockid_t clock_id,const struct timespec *tsp);

Historically,on implementations derived from System V,the stime(2) function was called to set the system time,whereas BSD-derived systems used settimeofday(2).

Version 4 of the Single UNIX Specification specifies that the gettimeofday function is now obsolescent. However,a lot of programs still use it,because it provides greater resolution (up to a microsecond) than the time function.

#include <sys/time.h>
int gettimeofday(struct timeval *restrict tp,void *restrict tzp);

The only legal value for tzp is NULL; other values result in unspecified behavior. Some platforms support the specification of a time zone through the use of tzp,but this is implementation specific and not defined by the Single UNIX Specification.

The gettimeofday function stores the current time as measured from the Epoch in the memory pointed to by tp. This time is represented as a timeval structure,which stores seconds and microseconds.

A tm structure:

struct tm
{
    int tm_sec;
    int tm_min;
    int tm_hour;
    int tm_mday;
    int tm_mon;
    int tm_year;
    int tm_wday;
    int tm_yday;
    int tm_isdst;
}

The formal definition of UTC doesn’t allow for double leap seconds,so the valid range for seconds is now 0–60.

#include <time.h>

struct tm *gmtime(const time_t *calptr);
struct tm *localtime(const time_t *calptr);

The difference between localtime and gmtime is that the first converts the calendar time to the local time,taking into account the local time zone and daylight saving time flag,whereas the latter converts the calendar time into a broken-down time expressed as UTC.

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

相关推荐


用的openwrt路由器,家里宽带申请了动态公网ip,为了方便把2280端口映射到公网,发现经常被暴力破解,自己写了个临时封禁ip功能的脚本,实现5分钟内同一个ip登录密码错误10次就封禁这个ip5分钟,并且进行邮件通知使用步骤openwrt为19.07.03版本,其他版本没有测试过安装bashmsmtpopkg
#!/bin/bashcommand1&command2&wait从Shell脚本并行运行多个程序–杨河老李(kviccn.github.io)
1.先查出MAMP下面集成的PHP版本cd/Applications/MAMP/bin/phpls-ls 2.编辑修改.bash_profile文件(没有.bash_profile文件的情况下回自动创建)sudovim~/.bash_profile在文件的最后输入以下信息,然后保存退出exportPATH="/Applications/MAMP/bin/php/php7.2.20/b
1、先输入locale-a,查看一下现在已安装的语言2、若不存在如zh_CN之类的语言包,进行中文语言包装:apt-getinstalllanguage-pack-zh-hans3、安装好后我们可以进行临时修改:然后添加中文支持: locale-genzh_CN.UTF-8临时修改> export LC_ALL='zh_CN.utf8'> locale永久
BashPerlTclsyntaxdiff1.进制数表示Languagebinaryoctalhexadecimalbash2#[0~1]0[0~7]0x[0~f]or0X[0~f]perl0b[0~1]0[0~7]0x[0~f]tcl0b[0~1]0o[0~7]0x[0~f]bashdifferentbaserepresntationreference2.StringlengthLanguageStr
正常安装了k8s后,使用kubect工具后接的命令不能直接tab补全命令补全方法:yum-yinstallbash-completionsource/usr/share/bash-completion/bash_completionsource<(kubectlcompletionbash)echo"source<(kubectlcompletionbash)">>~/.bashrc 
参考这里启动jar包shell脚本修改过来的#!/bin/bash#默认应用名称defaultAppName='./gadmin'appName=''if[[$1&&$1!=0]]thenappName=$1elseappName=$defaultAppNamefiecho">>>>>>本次重启的应用:$appName<
#一个数字的行#!/bin/bashwhilereadlinedon=`echo$line|sed's/[^0-9]//g'|wc-L`if[$n-eq1]thenecho$linefidone<1.txt#日志切割归档#!/bin/bashcd/data/logslog=1.logmv_log(){[-f$1]&&mv$1$2
#文件增加内容#!/bin/bashn=0cat1.txt|whilereadlinedon=[$n+1]if[$n-eq5]thenecho$lineecho-e"#Thisisatestfile.\n#Testinsertlineintothisfile."elseecho$linefidone#备份/etc目录#
# su - oraclesu: /usr/bin/ksh: No such file or directory根据报错信息:显示无法找到文件 /usr/bin/ksh果然没有该文件,但是发现存在文件/bin/ksh,于是创建了一个软连接,可以规避问题,可以成功切换到用户下,但无法执行系统自带命令。$. .bash_profile-ksh: .: .b
history显示历史指令记录内容,下达历史纪录中的指令主要的使用方法如果你想禁用history,可以将HISTSIZE设置为0:#exportHISTSIZE=0使用HISTIGNORE忽略历史中的特定命令下面的例子,将忽略pwd、ls、ls-ltr等命令:#exportHISTIGNORE=”pwd:ls:ls-ltr:”使用HIS
一.命令历史  1.history环境变量:    HISTSIZE:输出的命令历史条数,如history的记录数    HISTFILESIZE:~/.bash_history保存的命令历史记录数    HISTFILLE:历史记录的文件路径    HISTCONTROL:     ignorespace:忽略以空格开头的命令
之前在网上看到很多师傅们总结的linux反弹shell的一些方法,为了更熟练的去运用这些技术,于是自己花精力查了很多资料去理解这些命令的含义,将研究的成果记录在这里,所谓的反弹shell,指的是我们在自己的机器上开启监听,然后在被攻击者的机器上发送连接请求去连接我们的机器,将被攻击者的she
BashOne-LinersExplained,PartI:Workingwithfileshttps://catonmat.net/bash-one-liners-explained-part-oneBashOne-LinersExplained,PartII:Workingwithstringshttps://catonmat.net/bash-one-liners-explained-part-twoBashOne-LinersExplained,PartII
Shell中变量的作用域:在当前Shell会话中使用,全局变量。在函数内部使用,局部变量。可以在其他Shell会话中使用,环境变量。局部变量:默认情况下函数内的变量也是全局变量#!/bin/bashfunctionfunc(){a=99}funcecho$a输出>>99为了让全局变量变成局部变量
1、多命令顺序执行;  命令1;命令2  多个命令顺序执行,命令之间没有任何逻辑联系&&  命令1&&命令2  逻辑与,当命令1正确执行,才会执行命令2||  命令1||命令2  逻辑或,当命令1执行不正确,才会执行命令2例如:ls;date;cd/home/lsx;pwd;who ddif=输入文件of=输
原博文使用Linux或者unix系统的同学可能都对#!这个符号并不陌生,但是你真的了解它吗?首先,这个符号(#!)的名称,叫做"Shebang"或者"Sha-bang"。Linux执行文件时发现这个格式,会把!后的内容提取出来拼接在脚本文件或路径之前,当作实际执行的命令。 Shebang这个符号通常在Unix系统的脚本
1、历史命令history[选项][历史命令保存文件]选项:-c:  清空历史命令-w:  把缓存中的历史命令写入历史命令保存文件 ~/.bash_historyvim/etc/profile中的Histsize可改存储历史命令数量历史命令的调用使用上、下箭头调用以前的历史命令使用“!n”重复执行第n条历史
目录1.Shell脚本规范2.Shell脚本执行3.Shell脚本变量3.1环境变量3.1.1自定义环境变量3.1.2显示与取消环境变量3.1.3环境变量初始化与对应文件的生效顺序3.2普通变量3.2.1定义本地变量3.2.2shell调用变量3.2.3grep调用变量3.2.4awk调用变量3.3
   http://www.voidcn.com/blog/wszzdanm/article/p-6145895.html命令功能:显示登录用户的信息命令格式:常用选项:举例:w显示已经登录的用户及正在进行的操作[root@localhost~]#w 11:22:01up4days,21:22, 3users, loadaverage:0.00,0.00,0.00USER