vi /etc/pam.d/system-auth 当password这个类型的密码复杂度校验出现在文件末尾时候,不能修改密码,复杂度应该卸载哪里,举例
时间: 2024-10-12 21:08:12 浏览: 55
`vi /etc/pam.d/system-auth` 这行命令是在Linux系统中打开名为 `system-auth` 的 PAM (Pluggable Authentication Modules) 配置文件,用于配置用户登录认证的行为。PAM允许管理员自定义认证过程,包括密码策略。
密码复杂度通常由系统内置的密码策略规则或者特定服务(如 pam_cracklib.so 或 pam_passwdqc.so)来控制。如果你想要修改密码复杂度验证,比如启用或禁用某种复杂的字符要求,一般会在 `password required` 或者 `password pam_software驭件_name.so` 这样的设置下查找。
例如,在`pam_cracklib.so` 中,你可能会看到类似这样的配置:
```bash
auth sufficient pam_cracklib.so retry=3 minlen=8 difok=3 require_lowercase require_uppercase require_digit require_nonalpha
```
这表示至少需要8位长度的密码,并且包含大写字母、小写字母、数字和非字母字符。如果想调整复杂度,你可以更改`minlen`、`difok`等参数值。
如果不想通过PAM直接管理,还可以检查 `/etc/security/pwquality.conf` 文件,这里会列出更详细的密码策略设置。要卸载密码复杂度检查,通常是移除或者修改这些相关的模块配置,使其不强制执行复杂的密码规则。
相关问题
python2 查看是否存在下面的文件并备份 cp /etc/pam.d/su /etc/pam.d/su.bak cp /etc/pam.d/password-auth-ac /etc/pam.d/password-auth-ac.bak cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak cp /etc/login.defs /etc/login.defs.bak cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak cp /etc/profile /etc/profile.bak cp /etc/motd /etc/motd.bak
以下是将这些命令转换为Python代码的示例:
```python
import subprocess
files_to_backup = [
"/etc/pam.d/su",
"/etc/pam.d/password-auth-ac",
"/etc/pam.d/system-auth",
"/etc/login.defs",
"/etc/ssh/sshd_config",
"/etc/vsftpd/vsftpd.conf",
"/etc/profile",
"/etc/motd"
]
for file_path in files_to_backup:
backup_file_path = file_path + ".bak"
subprocess.call(["cp", file_path, backup_file_path])
print("Backup completed.")
```
上述代码使用循环来遍历要备份的文件路径列表。对于每个文件,它使用`cp`命令将原文件复制为具有`.bak`扩展名的备份文件。
请确保你具有足够的权限来执行这些操作,并将需要备份的文件路径添加到`files_to_backup`列表中。运行代码后,文件将被备份,并打印出`Backup completed.`。
if [ -f "/etc/pam.d/system-auth" ];then if grep -q "password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1" /etc/pam.d/system-auth then sed -i '/password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/s/^#//' /etc/pam.d/system-auth else echo 'password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1' >> /etc/pam.d/system-auth fi if grep -q "password required pam_unix.so remember=5 use_authtok md5 shadow" /etc/pam.d/system-auth then sed -i '/password required pam_unix.so remember=5 use_authtok md5 shadow/s/^#//' /etc/pam.d/system-auth else echo 'password required pam_unix.so remember=5 use_authtok md5 shadow' >> /etc/pam.d/system-auth fi fi if [ -f "/etc/pam.d/password-auth-ac" ];then if grep -q "password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1" /etc/pam.d/password-auth-ac then sed -i '/password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/s/^#//' /etc/pam.d/password-auth-ac else echo 'password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1' >> /etc/pam.d/password-auth-ac fi if grep -q "password required pam_unix.so remember=5 use_authtok md5 shadow" /etc/pam.d/password-auth-ac then sed -i '/password required pam_unix.so remember=5 use_authtok md5 shadow/s/^#//' /etc/pam.d/password-auth-ac else echo 'password required pam_unix.so remember=5 use_authtok md5 shadow' >> /etc/pam.d/password-auth-ac fi fi
以下是将这些命令转换为Python代码的示例:
```python
import subprocess
system_auth_file = '/etc/pam.d/system-auth'
password_auth_ac_file = '/etc/pam.d/password-auth-ac'
# Update system-auth file
if subprocess.call('[ -f "/etc/pam.d/system-auth" ]', shell=True) == 0:
if subprocess.call('grep -q "password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1" /etc/pam.d/system-auth', shell=True) == 0:
subprocess.call("sed -i '/password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/s/^#//' /etc/pam.d/system-auth", shell=True)
else:
subprocess.call("echo 'password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1' >> /etc/pam.d/system-auth", shell=True)
if subprocess.call('grep -q "password required pam_unix.so remember=5 use_authtok md5 shadow" /etc/pam.d/system-auth', shell=True) == 0:
subprocess.call("sed -i '/password required pam_unix.so remember=5 use_authtok md5 shadow/s/^#//' /etc/pam.d/system-auth", shell=True)
else:
subprocess.call("echo 'password required pam_unix.so remember=5 use_authtok md5 shadow' >> /etc/pam.d/system-auth", shell=True)
# Update password-auth-ac file
if subprocess.call('[ -f "/etc/pam.d/password-auth-ac" ]', shell=True) == 0:
if subprocess.call('grep -q "password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1" /etc/pam.d/password-auth-ac', shell=True) == 0:
subprocess.call("sed -i '/password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/s/^#//' /etc/pam.d/password-auth-ac", shell=True)
else:
subprocess.call("echo 'password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1' >> /etc/pam.d/password-auth-ac", shell=True)
if subprocess.call('grep -q "password required pam_unix.so remember=5 use_authtok md5 shadow" /etc/pam.d/password-auth-ac', shell=True) == 0:
subprocess.call("sed -i '/password required pam_unix.so remember=5 use_authtok md5 shadow/s/^#//' /etc/pam.d/password-auth-ac", shell=True)
else:
subprocess.call("echo 'password required pam_unix.so remember=5 use_authtok md5 shadow' >> /etc/pam.d/password-auth-ac", shell=True)
```
上面的代码首先检查是否存在`/etc/pam.d/system-auth`文件,如果存在则更新该文件。如果文件中存在`password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1`行,则将其注释去除,否则将该行添加到文件末尾。接着,检查文件中是否存在`password required pam_unix.so remember=5 use_authtok md5 shadow`行,如果不存在则添加该行到文件末尾。
然后,检查是否存在`/etc/pam.d/password-auth-ac`文件,如果存在则更新该文件。如果文件中存在`password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1`行,则将其注释去除,否则将该行添加到文件末尾。接着,检查文件中是否存在`password required pam_unix.so remember=5 use_authtok md5 shadow`行,如果不存在则添加该行到文件末尾。
请确保你具有足够的权限来执行这些操作,并将需要修改的文件路径正确添加到`system_auth_file`和`password_auth_ac_file`变量中。运行代码后,命令将被执行。
阅读全文