Mac里的用户及其他
There are multiple user accounts in every UNIX system. Most of these accounts are associated with actual, human users. For example, you created an account when you supplied a username and password upon installing Mac OS X. Every process and application is associated with a user. So when you start an application after logging in, that application will be associated with your username.
UNIX systems also have accounts that are not associated with any person logging into the system; rather, they are built into the system. Five accounts are installed by default in Mac OS X:
daemon
, nobody
, root
, unknown
, and www
. To understand the full significance of these accounts, you'll need to understand UNIX permissions, which will be discussed shortly. For now, keep in mind that www
is the account used by the built-in web server, unknown
and nobody
provide minimal permissions, and daemon
runs system services that need some permissions. The
root
account is very special — it has no restrictions. Any application or process running with the privileges of the root
user can read, write, or delete any file on the system; stop or start any application on the system; or do anything else it pleases. There is nothing the root
user cannot do. Consequently, guarding access to the root
account is very, very important.In addition to users, UNIX has a concept of groups. A UNIX group is a collection of individual accounts. In the UNIX file permission scheme, which will be discussed shortly, you can grant permissions to a group. This provides a way of allowing a selected set of users to have identical access to files, directories, and applications, while denying access to other users. Individual user accounts belong to a default group and may be given membership in other groups.
If you've worked with file sharing in previous versions of the Mac OS, what you've read so far about users and groups should be familiar. Like the older versions of Mac OS, each object in UNIX systems (a file or folder) is owned by a user and is associated with a group. For each object, specific permissions can be granted to the owner, to the group, and to everyone else.
There are three basic permissions: read
, write
, and execute
. The meanings of read
and write
are fairly straightforward; execute
, however has different meanings depending on whether the object is a file or a directory. For a file, execute
means the file is executable (that is, it's an application or a script), but if the object is a directory, execute
means that the class (owner, group, or everyone) has permission to search the directory.
You can view the permissions associated with any file by opening up the Terminal application and using the ls command.
G4-OSX 1% ls -Fla
total 32
drwx------ 9 eric users 512 Mar 1 15:01 ./
drwxr-xr-x 16 eric users 2048 Mar 11 18:06 ../
drwxr-x--- 3 eric users 512 Jan 12 13:02 Apple/
drwxr-xr-x 2 eric users 512 Feb 19 15:15 OpenBSD/
-rw-r--r-- 1 eric users 2525 Mar 1 15:01 file_listings
-rw-r--r-- 1 eric users 2408 Mar 1 15:00 file_listings.2
lrwxr-xr-x 1 eric users 15 Jan 12 12:54 symbolic_link_example@ -> Apple
drwxr-xr-x 3 eric users 512 Feb 4 11:22 foobar/
drwxr-xr-x 2 eric users 512 Jan 18 18:02 honeynet/
drwxr-xr-x 3 eric users 512 Feb 2 13:56 ipf_howto/
drwxr-xr-x 3 eric users 512 Feb 16 23:20 upgrades/
G4-OSX 2%=20
The collection of letters and hyphens furthest to left indicates exactly what each element is and the permissions for that element. The first column of each line indicates the element's type: d
for directory, -
for a regular file, and l
for a symbolic link, which is essentially the same as an alias in Mac OS 9.x. The next three columns (rwx) show the permissions for the owner, the next three for the group associated with the file, and the last three for everyone. A -
in any position indicates a lack of that permission. For example, rw-
indicates read and write permissions, but no execute permission, and r-x
indicates read and execute permission, but no write access.
For the third listing above (Apple/
), you can look at the permissions (drwxr-x — -
) and know that this is a directory (the first letter is d
) that has read, write, and execute permissions for the owner ( rwx
), read and execute permissions for the group (r-x
) and no permissions for everyone ( — -
).
The owner (eric) and the group (users) are both shown here, as well as the file size in bytes, the last modified date, and the filename. Also shown are the current directory (symbolized by a single dot) and the parent directory (symbolized by two dots).
UNIX Networking
UNIX systems are designed to be used in network environments. Frequently, UNIX systems host network services, such as Web servers, file sharing, and database servers. Although there's no need to run these services on your Mac OS X box, you do have the option. You can run, for example, the Apache Web server with PHP and Perl and the MySQL database server in your development environment.
UNIX systems natively speak the various protocols of what is commonly referred to as the TCP/IP suite. Each network service will be associated with the IP address assigned to your machine. Additionally, each service will be associated with a TCP or UDP port. Ports are a feature of TCP and UDP that allow many processes on a single host access to TCP and UDP services simultaneously. Ports are numeric in the range of 1 to 65535, some of which are, by convention, assigned to specific services. For example, the HTTP services is commonly assigned to TCP port 80. There are a number of such assigned ports, but there are a far greater number of unassigned ports — that is, ports that are not commonly bound to a service or application.
The combination of an IP address and a port makes a socket, and a pair of sockets define a connection. Applications that provide network services listen for connections on a socket. For example, a secure web server commonly listens on the socket formed by the IP address of the server and TCP port 443.
The more sockets that are active on your machine, the greater the opportunity for an intruder to break into your box. More on this later.
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home