svn commit: r51442 - head/ja_JP.eucJP/books/handbook/security
Ryusuke SUZUKI
ryusuke at FreeBSD.org
Sat Feb 24 08:08:58 UTC 2018
Author: ryusuke
Date: Sat Feb 24 08:08:57 2018
New Revision: 51442
URL: https://svnweb.freebsd.org/changeset/doc/51442
Log:
- Merge the following from the English version:
r41645 -> r42014 head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified:
head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml Fri Feb 23 21:25:32 2018 (r51441)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml Sat Feb 24 08:08:57 2018 (r51442)
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r41645
+ Original revision: r42014
$FreeBSD$
-->
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
@@ -36,26 +36,22 @@
&os; ¤Ë¤ª¤±¤ë¹âÅÙ¤ÊÏÃÂê¤Ë¤Ä¤¤¤Æ´Êñ¤ËÀâÌÀ¤·¤Þ¤¹¡£
¤³¤³¤Ç°·¤¦ÏÃÂê¤Î¿¤¯¤Ï¡¢
°ìÈÌŪ¤Ê¥·¥¹¥Æ¥à¤ä¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥»¥¥å¥ê¥Æ¥£¤Ë¤â¤¢¤Æ¤Ï¤Þ¤ê¤Þ¤¹¡£
- ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Ï¤â¤Ï¤ä¡¢Ã¯¤â¤¬¿ÆÀÚ¤ÊÎٿͤǤ¢¤í¤¦¤È¤¹¤ë
- <quote>ͧ¹¥Åª¤Ê</quote> ¾ì¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
- ¤¢¤Ê¤¿¤Î¥·¥¹¥Æ¥à¤ò°ÂÁ´¤ËÊݤĤ³¤È¤Ï¡¢
- ¤¢¤Ê¤¿¤Î¥Ç¡¼¥¿¡¢ÃÎŪºâ»º¡¢»þ´Ö¡¢¤½¤Î¾¤ò¡¢
+ ¥·¥¹¥Æ¥à¤ò°ÂÁ´¤ËÊݤĤ³¤È¤Ï¡¢¥Ç¡¼¥¿¡¢ÃÎŪºâ»º¡¢»þ´Ö¡¢¤½¤Î¾¤ò¡¢
¥Ï¥Ã¥«¡¼¤ä¤½¤ÎƱÎफ¤é¼é¤ë¤¿¤á¤Ë¤Ï·ç¤«¤»¤Þ¤»¤ó¡£</para>
<para>&os; ¤Ï¡¢
- ¥·¥¹¥Æ¥à¤È¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÀ°¹çÀ¤È°ÂÁ´À¤ò³Î¼Â¤Ë¤¹¤ë»ÅÁȤߤȰìÏ¢¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤òÄ󶡤·¤Æ¤¤¤Þ¤¹¡£</para>
+ ¥·¥¹¥Æ¥à¤È¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÀ°¹çÀ¤ª¤è¤Ó°ÂÁ´À¤òÊݸ¤ë»ÅÁȤߤȰìÏ¢¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤òÄ󶡤·¤Æ¤¤¤Þ¤¹¡£</para>
<para>¤³¤Î¾Ï¤òÆɤà¤È¡¢°Ê²¼¤Î¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£</para>
<itemizedlist>
<listitem>
<para>&os;
- ¤Ë´Ø¤¹¤ë´ðËÜŪ¤Ê¥·¥¹¥Æ¥à¥»¥¥å¥ê¥Æ¥£¤Î¹Í¤¨Êý</para>
+ ¤Ë¤ª¤±¤ë´ðËÜŪ¤Ê¥·¥¹¥Æ¥à¥»¥¥å¥ê¥Æ¥£¤Î¹Í¤¨Êý</para>
</listitem>
<listitem>
- <para><acronym>DES</acronym> ¤ä <acronym>MD5</acronym> ¤Î¤è¤¦¤Ê¡¢
- &os; ¤ÇÍøÍѤǤ¤ë¤µ¤Þ¤¶¤Þ¤Ê°Å¹æ²½¼êË¡¤Ë¤Ä¤¤¤Æ</para>
+ <para>&os; ¤ÇÍøÍѤǤ¤ë¤µ¤Þ¤¶¤Þ¤Ê°Å¹æ²½¼êË¡</para>
</listitem>
<listitem>
@@ -63,45 +59,49 @@
</listitem>
<listitem>
- <para><application>inetd</application> ¤ÈÁȤ߹ç¤ï¤»¤Æ
+ <para>&man.inetd.8; ¤ÈÁȤ߹ç¤ï¤»¤Æ
<acronym>TCP</acronym> Wrappers ¤òÀßÄꤹ¤ëÊýË¡</para>
</listitem>
<listitem>
<para>&os; ¤Ë¤ª¤±¤ë
- <application>Kerberos5</application> ¤ÎÀßÄêÊýË¡</para>
+ <application>Kerberos</application> ¤ÎÀßÄêÊýË¡</para>
</listitem>
<listitem>
- <para>IPsec ¤ª¤è¤Ó FreeBSD/&windows; ¥³¥ó¥Ô¥å¡¼¥¿¤Î´Ö¤Ç
- <acronym>VPN</acronym> ¤ÎÀßÄêÊýË¡</para>
+ <para>IPsec ¤òÀßÄꤷ¤Æ <acronym>VPN</acronym> ¤ò¹½ÃÛ¤¹¤ëÊýË¡</para>
</listitem>
<listitem>
- <para>&os; ¤Ç»È¤ï¤ì¤Æ¤¤¤ë <acronym>SSH</acronym> ¤Ç¤¢¤ë
+ <para>&os; ¤Ë¤±¤ë
<application>OpenSSH</application> ¤ÎÀßÄꤪ¤è¤Ó»ÈÍÑÊýË¡</para>
</listitem>
<listitem>
- <para>¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î <acronym>ACL</acronym> (¥¢¥¯¥»¥¹À©¸æ¥ê¥¹¥È)
- ¤È¤Ï²¿¤«¡¢¤Þ¤¿¤½¤Î»ÈÍÑË¡</para>
+ <para>¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à <acronym>ACL</acronym> (¥¢¥¯¥»¥¹À©¸æ¥ê¥¹¥È)
+ ¤Î»ÈÍÑÊýË¡</para>
</listitem>
<listitem>
- <para><application>Portaudit</application>
- ¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤ò»È¤Ã¤Æ¡¢Ports Collection
+ <para>Ports Collection
¤«¤é¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤¿¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¥½¥Õ¥È¥¦¥§¥¢ packages
- ¤ò´Æºº¤¹¤ëÊýË¡</para>
+ ¤ò <application>Portaudit</application>
+ ¤ò»È¤Ã¤Æ´Æºº¤¹¤ëÊýË¡</para>
</listitem>
<listitem>
- <para>¸ø³«¤µ¤ì¤ë &os; ¥»¥¥å¥ê¥Æ¥£´«¹ð¤ÎÍøÍÑÊýË¡</para>
+ <para>&os; ¥»¥¥å¥ê¥Æ¥£´«¹ð¤ÎÍøÍÑÊýË¡</para>
</listitem>
<listitem>
<para>¥×¥í¥»¥¹¥¢¥«¥¦¥ó¥Æ¥£¥ó¥°¤¬¤É¤Î¤è¤¦¤Ê¤â¤Î¤«¡¢
&os; ¾å¤Ç͸ú¤Ë¤¹¤ëÊýË¡¤Ë¤Ä¤¤¤Æ</para>
</listitem>
+
+ <listitem>
+ <para>¥ê¥½¡¼¥¹À©¸Â¥Ç¡¼¥¿¥Ù¡¼¥¹¤È¤Ï²¿¤«¡¢
+ ¤³¤Î»ÅÁȤߤò»È¤Ã¤¿¥æ¡¼¥¶»ñ¸»¤Î´ÉÍýÊýË¡</para>
+ </listitem>
</itemizedlist>
<para>¤³¤Î¾Ï¤òÆɤàÁ°¤Ë¡¢¼¡¤Î¤³¤È¤¬É¬Íפˤʤê¤Þ¤¹¡£</para>
@@ -112,33 +112,26 @@
</listitem>
</itemizedlist>
-<!-- <para>Additional security topics are covered throughout this book.
- For example, Mandatory Access Control is discussed in <xref
- linkend="mac"/> and Internet Firewalls are discussed in <xref
- linkend="firewalls"/>.</para> -->
+<!--
+ <para>Additional security topics are covered elsewhere in this
+ Handbook. For example, Mandatory Access Control is discussed in
+ <xref linkend="mac"/> and Internet firewalls are discussed in
+ <xref linkend="firewalls"/>.</para>
+-->
</sect1>
<sect1 xml:id="security-intro">
<title>¤Ï¤¸¤á¤Ë</title>
<para>¥»¥¥å¥ê¥Æ¥£¤È¤Ï¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ò¤¤¤Ä¤âǺ¤Þ¤»¤ë»Å»ö¤Î°ì¤Ä¤Ç¤¹¡£
- ¤¹¤Ù¤Æ¤Î BSD &unix; ¥Þ¥ë¥Á¥æ¡¼¥¶¥·¥¹¥Æ¥à¤Ï¡¢
- ½¾Í褫¤é¤¤¤¯¤Ä¤«¤Î¥»¥¥å¥ê¥Æ¥£µ¡¹½¤òÈ÷¤¨¤Æ¤¤¤Þ¤¹¤¬¡¢
- ¥æ¡¼¥¶¤òµ¿¿´°Åµ´¤Ë´Ù¤é¤»¤Ê¤¤¤è¤¦¤ËÄɲäΥ»¥¥å¥ê¥Æ¥£µ¡¹½¤ò¹½ÃÛ¤·Êݼ餹¤ë»Å»ö¤Ï¤ª¤½¤é¤¯¡¢
- ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤È¤·¤Æ¤â¤Ã¤È¤âÂ礤ÊÀÕ̳¤Î°ì¤Ä¤Ç¤·¤ç¤¦¡£
- ¥Þ¥·¥ó¤Î°ÂÁ´À¤ËÈ¿±Ç¤µ¤ì¤ë¤Î¤Ï¡¢´ÉÍý¼Ô¤¬ºî¶È¤·¤¿¤³¤È¤À¤±¤Ç¤¹¡£
- ¤Þ¤¿¥»¥¥å¥ê¥Æ¥£ÌäÂê¤Ï¡¢²÷Ŭ¤Ê´Ä¶¤ËɬÍפʤâ¤Î¤È¶¥¹ç¤·¤Þ¤¹¡£
- °ìÈÌ¤Ë &unix; ¥·¥¹¥Æ¥à¤ÏËÄÂç¤Ê¿ô¤Î¥×¥í¥»¥¹¤òƱ»þ¤ËÆ°ºî¤µ¤»¤ë¤³¤È¤¬¤Ç¤¡¢
- ¤½¤Î¥×¥í¥»¥¹¤ÎÂçÉôʬ¤Ï¡¢¥µ¡¼¥Ð —
- ³°Éô¤«¤éÀܳ¤·¡¢ÄÌ¿®¤¹¤ë¤â¤Î¤È¤·¤ÆÆ°ºî¤·¤Þ¤¹¡£
- ¤«¤Ä¤Æ¤Î¥ß¥Ë¥³¥ó¤È¥á¥¤¥ó¥Õ¥ì¡¼¥à¤¬¥Ç¥¹¥¯¥È¥Ã¥×¤Ë¤È¤Ã¤Æ¤«¤ï¤ê¡¢
- ¤µ¤é¤Ë¥³¥ó¥Ô¥å¡¼¥¿¤¬Áê¸ß¤ËÀܳ¤µ¤ì¤¿¥Í¥Ã¥È¥ï¡¼¥¯¤ò·ÁÀ®¤¹¤ë¤è¤¦¤Ë¤Ê¤Ã¤¿º£Æü¡¢
- ¥»¥¥å¥ê¥Æ¥£¤Ï°ìÁØÂ礤ʴؿ´»ö¤Ë¤Ê¤Ã¤Æ¤¤Æ¤¤¤Þ¤¹¡£</para>
+ &os; ¤Ï¡¢¸ÇͤΥ»¥¥å¥ê¥Æ¥£µ¡¹½¤òÈ÷¤¨¤Æ¤¤¤Þ¤¹¤¬¡¢
+ ÄɲäΥ»¥¥å¥ê¥Æ¥£µ¡¹½¤òÀßÄꤷÊݼ餹¤ë»Å»ö¤Ï¤ª¤½¤é¤¯¡¢
+ ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤È¤·¤Æ¤â¤Ã¤È¤âÂ礤ÊÀÕ̳¤Î°ì¤Ä¤Ç¤·¤ç¤¦¡£</para>
<para>¤Þ¤¿¡¢¥·¥¹¥Æ¥à¥»¥¥å¥ê¥Æ¥£¤Ë¤Ï¡¢
¤µ¤Þ¤¶¤Þ¤Ê·Á¤Ç¤Î¹¶·â¤ËÂн褹¤ë¤³¤È¤È¤â´Ø·¸¤·¤Æ¤¤¤Þ¤¹¡£
¹¶·â¤ÎÃæ¤Ë¤Ï <systemitem class="username">root</systemitem>
- ¸¢¸Â¤òÃ¥¤ª¤¦ (<quote>root ¸¢¸Â¤òÇˤë</quote>) ¤È¤Ï¤·¤Ê¤¤¤±¤ì¤É¤â¡¢
+ ¸¢¸Â¤òÃ¥¤ª¤¦¤È¤Ï¤·¤Ê¤¤¤±¤ì¤É¤â¡¢
¥¯¥é¥Ã¥·¥å¤ä¥·¥¹¥Æ¥à¤ÎÉÔ°ÂÄê¾õÂÖ¤ò°ú¤µ¯¤³¤½¤¦¤È¤¹¤ë¤â¤Î¤â¤¢¤ê¤Þ¤¹¡£
¤³¤Î¥»¥¥å¥ê¥Æ¥£ÌäÂê¤Ï¡¢¤¤¤¯¤Ä¤«¤ËʬÎह¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£</para>
@@ -152,7 +145,7 @@
</listitem>
<listitem>
- <para>¥¢¥¯¥»¥¹²Äǽ¤Ê¥µ¡¼¥Ð¤ò»È¤Ã¤¿ root ¸¢¸Â¤ÎÉÔÀµÍøÍÑ</para>
+ <para>¥¢¥¯¥»¥¹²Äǽ¤Ê¥µ¡¼¥Ó¥¹¤ò»È¤Ã¤¿ root ¸¢¸Â¤ÎÉÔÀµÍøÍÑ</para>
</listitem>
<listitem>
@@ -177,20 +170,14 @@
<indexterm><primary>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</primary></indexterm>
- <para>¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â (DoS ¹¶·â) ¤È¤Ï¡¢
+ <para>¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â (<acronym>DoS</acronym> ¹¶·â) ¤È¤Ï¡¢
¥Þ¥·¥ó¤«¤éɬÍפʻñ¸»¤òÃ¥¤¦¹Ô°Ù¤Ç¤¹¡£
- Ä̾¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â¤Ï¤½¤Î¥Þ¥·¥ó¤Ç¼Â¹Ô¤µ¤ì¤ë¥µ¡¼¥Ð¤ä
- ¥Í¥Ã¥È¥ï¡¼¥¯¥¹¥¿¥Ã¥¯¤ò²áÉé²Ù¾õÂ֤ˤ·¤Æ¥Þ¥·¥ó¤ò¥¯¥é¥Ã¥·¥å¤µ¤»¤¿¤ê¡¢
+ Ä̾¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â¤Ï¤½¤Î¥Þ¥·¥ó¤Ç¼Â¹Ô¤µ¤ì¤ë¥µ¡¼¥Ð¤ä¥Í¥Ã¥È¥ï¡¼¥¯¥¹¥¿¥Ã¥¯¤ò²áÉé²Ù¾õÂ֤ˤ·¤Æ¡¢
+ ¥Þ¥·¥ó¤ò¥¯¥é¥Ã¥·¥å¤µ¤»¤¿¤ê¡¢
¥Þ¥·¥ó¤ò»È¤¨¤Ê¤¯¤·¤¿¤ê¤¹¤ë¤è¤¦¤ÊÎÏǤ¤»¤ÎÊýË¡¤Ç¤¹¡£
- ¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â¤ÎÃæ¤Ë¤Ï¡¢
- ¥Í¥Ã¥È¥ï¡¼¥¯¥¹¥¿¥Ã¥¯¤Î¥Ð¥°¤òÍøÍѤ·¤Æ¡¢
- ¥Ñ¥±¥Ã¥È°ì¤Ä¤Ç¥Þ¥·¥ó¤ò¥¯¥é¥Ã¥·¥å¤µ¤»¤è¤¦¤È¤¹¤ë¤â¤Î¤â¤¢¤ê¤Þ¤¹¡£
- ¸å¼Ô¤Ë¤Ï¡¢¥«¡¼¥Í¥ë¤Ë¥Ð¥°½¤Àµ¤ò»Ü¤¹¤³¤È¤Ë¤è¤Ã¤Æ¤Î¤ßÂбþ¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
¥µ¡¼¥Ð¥×¥í¥»¥¹¤ËÂФ¹¤ë¹¶·â¤Ï¡¢¥ª¥×¥·¥ç¥ó¤òŬÀڤ˻ØÄꤹ¤ë¤³¤È¤Ë¤è¤Ã¤Æ¡¢
¹¶·â¤µ¤ì¤Æ¤¤¤ë¾õ¶·¤Ç¥µ¡¼¥Ð¥×¥í¥»¥¹¤ÎÉé²Ù¾å¾º¤Ë¸Â³¦¤òÀßÄꤹ¤ë¤³¤È¤ÇÂбþ¤Ç¤¤ë¾ì¹ç¤¬Â¿¤¤¤Ç¤¹¡£¤³¤ì¤é¤ËÈæ¤Ù¤ë¤È¡¢
¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤ÎÎÏǤ¤»¤Î¹¶·â¤Ø¤ÎÂбþ¤Ï¤º¤Ã¤ÈÆñ¤·¤¯¤Ê¤ê¤Þ¤¹¡£
- ¤¿¤È¤¨¤Ð¡¢µ¶Â¤¥Ñ¥±¥Ã¥È¤Ë¤è¤ë¹¶·â (spoof-packet attack) ¤Ï¡¢
- ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤«¤é¥·¥¹¥Æ¥à¤òÀÚ¤êÎ¥¤¹°Ê³°¤ÎÊýË¡¤ÇËɤ°¤³¤È¤Ï¤Û¤È¤ó¤ÉÉÔ²Äǽ¤Ç¤¹¡£
¤³¤Î¹¶·â¤Ë¤è¤Ã¤Æ¡¢¥Þ¥·¥ó¤òÍî¤È¤·¤Æ¤·¤Þ¤¦¤³¤È¤Ï¤Ç¤¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢
Àܳ¤·¤Æ¤¤¤ë¥¤¥ó¥¿¡¼¥Í¥Ã¥È²óÀþ¤ò˰Ϥµ¤»¤Æ¤·¤Þ¤¦¤³¤È¤Ï¤Ç¤¤Þ¤¹¡£</para>
@@ -200,34 +187,22 @@
</indexterm>
<para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ÎÉÔÀµÍøÍѤϡ¢
- ¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â¤è¤ê¤â¤º¤Ã¤È¤è¤¯¤¢¤ëÌäÂê¤Ç¤¹¡£
- ¤³¤Î¤´»þÀª¤Ç¤â¡¢¼«Ê¬¤¿¤Á¤Î¥Þ¥·¥ó¤Çɸ½à¤Î
- <application>telnetd</application>,
- <application>rlogind</application>,
- <application>rshd</application>,
- <application>ftpd</application>
- ¥µ¡¼¥Ð¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¿¤¤¤Î¤Ç¤¹¡£
- ¤³¤ì¤é¤Î¥µ¡¼¥Ð¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢
- °Å¹æ²½¤µ¤ì¤¿¥³¥Í¥¯¥·¥ç¥ó¾å¤ÇÆ°ºî¤·¤Æ¤¤¤Þ¤»¤ó¡£
- ¤½¤Î·ë²Ì¡¢Êú¤¨¤Æ¤¤¤ë¥æ¡¼¥¶¿ô¤¬É¸½à¤¯¤é¤¤¤Ç¤¢¤ì¤Ð¡¢¥ê¥â¡¼¥È¥í¥°¥¤¥ó
- (¤½¤Î¥·¥¹¥Æ¥à¤Ë¥í¥°¥¤¥ó¤¹¤ë¤Ë¤ÏºÇ¤âÉáÄ̤ÇÊØÍø¤ÊÊýË¡¤Ç¤¹)
- ¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤Î¤¦¤Á°ì¿Í°Ê¾å¤Ï¡¢
- ¥Ñ¥¹¥ï¡¼¥É¤òÇÁ¤¸«¤é¤ì¤Æ¤·¤Þ¤¦¤Ç¤·¤ç¤¦¡£
+ <acronym>DoS</acronym> ¹¶·â¤è¤ê¤â¤º¤Ã¤È¤è¤¯¤¢¤ëÌäÂê¤Ç¤¹¡£
+ ¤³¤Î¤´»þÀª¤Ç¤â¡¢
+ °Å¹æ²½¤µ¤ì¤Æ¤¤¤Ê¤¤¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¿¤¯¡¢
+ ¤½¤Î¤¿¤á¡¢¥ê¥â¡¼¥È¤«¤é¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤Ï¡¢
+ ¥Ñ¥¹¥ï¡¼¥É¤òÇÁ¤¸«¤é¤ì¤Æ¤·¤Þ¤¦´í¸±À¤¬¤¢¤ê¤Þ¤¹¡£
¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬Ãí°Õ¿¼¤¤¿Í¤Ê¤é¤Ð¡¢
- ¤¿¤È¤¨¥í¥°¥¤¥ó¤¬À®¸ù¤·¤Æ¤¤¤¿¤È¤·¤Æ¤â¡¢
¥ê¥â¡¼¥È¥¢¥¯¥»¥¹¥í¥°¤ò²òÀϤ·¤Æ¡¢
- µ¿¤ï¤·¤¤Á÷¿®¸µ¥¢¥É¥ì¥¹¤òõ¤¹¤â¤Î¤Ç¤¹¡£</para>
+ µ¿¤ï¤·¤¤Á÷¿®¸µ¥¢¥É¥ì¥¹¤äµ¿¤ï¤·¤¤¥í¥°¥¤¥ó¤òõ¤¹¤â¤Î¤Ç¤¹¡£</para>
- <para>¤Ò¤È¤¿¤Ó¹¶·â¼Ô¤¬¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤òÆþ¼ê¤·¤¿¤é¡¢
- ¹¶·â¼Ô¤Ï <systemitem class="username">root</systemitem>
- ¸¢¸Â¤òÇˤì¤ë¤È²¾Äꤹ¤ë¤Ù¤¤Ç¤¹¡£
- ¤·¤«¤·¡¢¥»¥¥å¥ê¥Æ¥£¤ò½½Ê¬°Ý»ý¤·¡¢
+ <para>¥»¥¥å¥ê¥Æ¥£¤ò½½Ê¬°Ý»ý¤·¡¢
¼êÆþ¤ì¤Î¹Ô¤ÆϤ¤¤¿¥·¥¹¥Æ¥à¤Ë¤ª¤¤¤Æ¤Ï¡¢
¤¢¤ë¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¤¬²Äǽ¤È¤Ê¤Ã¤Æ¤â¡¢
ɬ¤º¤·¤â¹¶·â¼Ô¤Ë <systemitem class="username">root</systemitem>
- ¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤òÍ¿¤¨¤ë¤È¤Ï¸Â¤ê¤Þ¤»¤ó¡£¤³¤Î°ã¤¤¤Ï½ÅÍפǤ¹¡£
- ¤È¤¤¤¦¤Î¤Ï¡¢°ìÈÌŪ¤Ë
- <systemitem class="username">root</systemitem> ¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤¬¤Ê¤±¤ì¤Ð¡¢
+ ¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤òÍ¿¤¨¤ë¤È¤Ï¸Â¤ê¤Þ¤»¤ó¡£
+ <systemitem class="username">root</systemitem>
+ ¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤¬¤Ê¤±¤ì¤Ð¡¢
¹¶·â¼Ô¤Ï¼«Ê¬¤Î¿¯Æþ¤Îº¯Àפò±£Ê乤뤳¤È¤¬¤Ç¤¤Þ¤»¤ó¤·¡¢
¤½¤Î¥æ¡¼¥¶¤Î¥Õ¥¡¥¤¥ë¤ò°ú¤Ã¤«¤²ó¤·¤¿¤ê¡¢
¥Þ¥·¥ó¤ò¥¯¥é¥Ã¥·¥å¤µ¤»¤¿¤ê¤¹¤ë¤Î¤¬¤»¤¤¤¼¤¤¤Ç¤¹¡£
@@ -240,38 +215,18 @@
<secondary>΢¸ý (¥Ð¥Ã¥¯¥É¥¢)</secondary>
</indexterm>
- <para>¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢¤¢¤ë¥Þ¥·¥ó¾å¤Ç
- <systemitem class="username">root</systemitem>
- ¸¢¸Â¤òÃ¥¼è¤¹¤ëÊýË¡¤Ï¡¢
- ÀøºßŪ¤Ë²¿Ä̤ê¤â¤¢¤ë¤È¤¤¤¦¤³¤È¤ò¿´¤·¤Æ¤ª¤«¤Í¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
+ <para><systemitem class="username">root</systemitem>
+ ¸¢¸Â¤òÃ¥¼è¤¹¤ëÊýË¡¤Ï¡¢ÀøºßŪ¤Ë²¿Ä̤ê¤â¤¢¤ê¤Þ¤¹¡£
¹¶·â¼Ô¤Ï <systemitem class="username">root</systemitem>
¤Î¥Ñ¥¹¥ï¡¼¥É¤òÃΤäƤ¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¤·¡¢
¹¶·â¼Ô¤¬ <systemitem class="username">root</systemitem>
- ¸¢¸Â¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ð¤Î¥Ð¥°¤ò¸«¤Ä¤±¡¢
- ¥Í¥Ã¥È¥ï¡¼¥¯Àܳ¤ò²ð¤·¤Æ
- <systemitem class="username">root</systemitem>
- ¸¢¸Â¤òÇˤ뤳¤È¤¬¤Ç¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
- ¤Þ¤¿¡¢¹¶·â¼Ô¤Ï suid-root ¥×¥í¥°¥é¥à¤Ë¸ºß¤¹¤ë¥Ð¥°¤òÃΤäƤ¤¤Æ¡¢
- ¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤òÇˤì¤Ð
- <systemitem class="username">root</systemitem>
- ¸¢¸Â¤òÃ¥¼è¤Ç¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
- ¹¶·â¼Ô¤¬¤¢¤ë¥Þ¥·¥ó¾å¤Ç
- <systemitem class="username">root</systemitem>
- ¸¢¸Â¤òÇˤëÊýË¡¤òÃΤ俤ʤé¤Ð¡¢
- ¹¶·â¼Ô¤Ï΢¸ý¤òÍÑ°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤»¤ó¡£
- ¤³¤ì¤Þ¤Ç¤Ëȯ¸«¤µ¤ì¡¢¤Õ¤µ¤¬¤ì¤¿
- <systemitem class="username">root</systemitem>
- ¤Î·ê¤Î¿¤¯¤Ë¤Ï¡¢¹¶·â¼Ô¤¬¼«Ê¬¤Î¤·¤¿¤³¤È¤Îº¯Àפò¾Ã¤½¤¦¤È¤·¤¿ºî¶È¤¬¡¢
- ¤«¤Ê¤ê¤Î³ä¹ç¤Ç´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£
- ¤½¤Î¤¿¤á¡¢¤Û¤È¤ó¤É¤Î¹¶·â¼Ô¤Ï΢¸ý¤òºî¤ë¤Î¤Ç¤¹¡£Î¢¸ý¤Ï¡¢
- ¹¶·â¼Ô¤¬¤¿¤ä¤¹¤¯¥·¥¹¥Æ¥à¤Ø¤Î
- <systemitem class="username">root</systemitem>
- ¥¢¥¯¥»¥¹¤òºÆ¤ÓÆÀ¤é¤ì¤ë¤è¤¦¤Ë¤·¤Þ¤¹¤¬¡¢
- Íǽ¤Ê´ÉÍý¼Ô¤Ë¿¯Æþ¤ò¸¡ÃΤ¹¤ëÊØÍø¤Ê¼êÃʤòÍ¿¤¨¤ë¤â¤Î¤Ç¤â¤¢¤ê¤Þ¤¹¡£
- ¹¶·â¼Ô¤Ë΢¸ý¤òºî¤é¤»¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤È¤¤¤¦¤³¤È¤Ï¡¢
- ¥»¥¥å¥ê¥Æ¥£¤Ë¤È¤Ã¤Æ¤Ï¼ÂºÝ¤Ë¤ÏÎɤ¯¤Ê¤¤¤³¤È¤«¤â¤·¤ì¤Þ¤»¤ó¡£
- ¤Ê¤¼¤Ê¤é¡¢
- ¹¶·â¼Ô¤¬ºÇ½é¤Ë¸«¤Ä¤±¤Æ¿¯Æþ¤·¤Æ¤¤¿¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤Ï¤Õ¤µ¤¬¤ì¤Ê¤¤¤«¤é¤Ç¤¹¡£</para>
+ ¸¢¸Â¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ó¥¹¤Î¥Ð¥°¤ÎÀȼåÀ¤òÍøÍѤǤ¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
+ ¤Þ¤¿¡¢¹¶·â¼Ô¤Ï SUID-root
+ ¥×¥í¥°¥é¥à¤Ë¸ºß¤¹¤ë¥Ð¥°¤òÃΤäƤ¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
+ ¹¶·â¼Ô¤Ï¡¢
+ ¥Ð¥Ã¥¯¥É¥¢¤È¤·¤ÆÃΤé¤ì¤Æ¤¤¤ë¥×¥í¥°¥é¥à¤ò»È¤Ã¤ÆÀȼåÀ¤Ê¥·¥¹¥Æ¥à¤òõ¤·¤¿¤ê¡¢
+ ½¤Àµ¤µ¤ì¤Æ¤¤¤Ê¤¤ÀȼåÀ¤òÍøÍѤ·¤Æ¥¢¥¯¥»¥¹¤·¤¿¤ê¡¢
+ ¹¶·â¼Ô¤Ë¤è¤ë°ãË¡¹Ô°Ù¤Îº¯Àפò¾Ã¤½¤¦¤È¤·¤¿¤ê¤¹¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£</para>
<para>¥»¥¥å¥ê¥Æ¥£¤ò²þÁ±¤¹¤ëÊýË¡¤Ï¡¢¾ï¤Ë¡¢
¥¿¥Þ¥Í¥®¤ÎÈé¤Î¤è¤¦¤Ë³¬Áز½¤¹¤ë¼êË¡
@@ -288,7 +243,7 @@
<para><systemitem class="username">root</systemitem>
¤Î°ÂÁ´À¤ò¹â¤á¤ë – <systemitem
class="username">root</systemitem> ¸¢¸Â¤ÇÆ°ºî¤¹¤ë¥µ¡¼¥Ð¤È
- suid/sgid ¥Ð¥¤¥Ê¥ê¡£</para>
+ SUID/SGID ¥Ð¥¤¥Ê¥ê¡£</para>
</listitem>
<listitem>
@@ -314,8 +269,7 @@
</listitem>
</orderedlist>
- <para>ËܾϤμ¡¤ÎÀá¤Ç¤Ï¡¢
- ¾åµ¤Î³Æ¹àÌܤˤĤ¤¤Æ¤è¤ê¿¼¤¯·¡¤ê²¼¤²¤Æ¤¤¤¤Þ¤¹¡£</para>
+ <para>¼¡¤ÎÀá¤Ç¤Ï¡¢¾åµ¤Î¹àÌܤˤĤ¤¤Æ¤è¤ê¿¼¤¯·¡¤ê²¼¤²¤Æ¤¤¤¤Þ¤¹¡£</para>
</sect1>
<sect1 xml:id="securing-freebsd">
@@ -326,60 +280,41 @@
<secondary>&os; ¤Î°ÂÁ´À¤ò¹â¤á¤ë</secondary>
</indexterm>
- <note>
- <title>¥³¥Þ¥ó¥ÉÂÐ¥×¥í¥È¥³¥ë</title>
-
- <para>¤³¤Îʸ½ñ¤òÄ̤·¤Æ¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ò»Ø¤¹¤Î¤Ë¤Ï
- <application>ÂÀ»ú</application> ¤ò»È¤¤¡¢
- ¥³¥Þ¥ó¥É¤ò»Ø¤¹¾ì¹ç¤Ë¤Ï¡¢<command>ÅùÉý</command> ¥Õ¥©¥ó¥È¤ò»È¤¤¤Þ¤¹¡£
- ¥×¥í¥È¥³¥ë¤ÏÄ̾ï¤Î¥Õ¥©¥ó¥È¤Çɽ¤·¤Þ¤¹¡£
- ¤³¤Î¤è¤¦¤Ê½ñÂΤˤè¤ë¶èÊ̤ϡ¢
- ¥×¥í¥È¥³¥ë¤Ç¤¢¤ë¤ÈƱ»þ¤Ë¥³¥Þ¥ó¥É¤Ç¤â¤¢¤ë
- ssh ¤Ê¤É¤ËÂФ·¤Æ͸ú¤Ç¤¹¡£</para>
- </note>
-
- <para>°Ê²¼¤ÎÀá¤Ç¤Ï¡¢ËܾϤΠ<link
+ <para>¤³¤ÎÀá¤Ç¤Ï¡¢<link
linkend="security-intro">Á°Àá</link> ¤Ç¤È¤ê¤¢¤²¤¿ &os;
- ¥·¥¹¥Æ¥à¤Î°ÂÁ´À¤ò¹â¤á¤ëÊýË¡¤Ë¤Ä¤¤¤Æ½Ò¤Ù¤Þ¤¹¡£</para>
+ ¥·¥¹¥Æ¥à¤Î°ÂÁ´À¤ò¹â¤á¤ëÊýË¡¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£</para>
<sect2 xml:id="securing-root-and-staff">
<title><systemitem class="username">root</systemitem>
- ¥¢¥«¥¦¥ó¥È¤È¥¹¥¿¥Ã¥Õ¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
+ ¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
<indexterm>
- <primary><command>su</command></primary>
+ <primary>&man.su.1;</primary>
</indexterm>
- <para><systemitem class="username">root</systemitem>
- ¤Î¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò³ÎÊݤ·¤Ê¤¤¤¦¤Á¤«¤é¥¹¥¿¥Ã¥Õ¤Î¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò¤¦¤ó¤Ì¤ó¤·¤Æ¤â¤·¤«¤¿¤¬¤¢¤ê¤Þ¤»¤ó¡£
- ¤Û¤È¤ó¤É¤Î¥·¥¹¥Æ¥à¤Ç¤Ï¡¢<systemitem class="username">root</systemitem>
- ¥¢¥«¥¦¥ó¥È¤Ë³ä¤êÅö¤Æ¤¿¥Ñ¥¹¥ï¡¼¥É¤¬ 1
- ¤Ä¤¢¤ê¤Þ¤¹¡£¤Þ¤ººÇ½é¤Ë¤¹¤Ù¤¤³¤È¤Ï¡¢
- ¤³¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï<emphasis>¤¤¤Ä¤Ç¤â</emphasis>ÉÔÀµÍøÍÑ¤Î´í¸±¤Ë»¯¤µ¤ì¤Æ¤¤¤ë¤È²¾Äꤹ¤ë¤³¤È¤Ç¤¹¡£
- ¤³¤ì¤Ï <systemitem class="username">root</systemitem>
- ¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¾Ã¤¹¤Ù¤¤À¤È¸À¤Ã¤Æ¤¤¤ë¤Î¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+ <para>¤Û¤È¤ó¤É¤Î¥·¥¹¥Æ¥à¤Ç¤Ï¡¢
<systemitem class="username">root</systemitem>
- ¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥Þ¥·¥ó¤Ë¥³¥ó¥½¡¼¥ë¤«¤é¥¢¥¯¥»¥¹¤¹¤ë¤Î¤Ë¤Ï¡¢
+ ¥¢¥«¥¦¥ó¥È¤Ë³ä¤êÅö¤Æ¤¿¥Ñ¥¹¥ï¡¼¥É¤¬ 1 ¤Ä¤¢¤ê¤Þ¤¹¡£
+ ¤³¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï<emphasis>¤¤¤Ä¤Ç¤â</emphasis>ÉÔÀµÍøÍÑ¤Î´í¸±¤Ë»¯¤µ¤ì¤Æ¤¤¤ë¤È¹Í¤¨¤Æ¤¯¤À¤µ¤¤¡£
+ ¤³¤ì¤Ï¥Ñ¥¹¥ï¡¼¥É¤ò̵¸ú¤Ë¤¹¤Ù¤¤À¤È¸À¤Ã¤Æ¤¤¤ë¤Î¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+ ¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥Þ¥·¥ó¤Ë¥³¥ó¥½¡¼¥ë¤«¤é¥¢¥¯¥»¥¹¤¹¤ë¤Î¤Ë¤Ï¡¢
¤Û¤È¤ó¤É¤¤¤Ä¤Ç¤âɬÍפʤâ¤Î¤Ç¤¹¡£
- ¤³¤³¤Ç¸À¤¤¤¿¤¤¤Î¤Ï¡¢¥³¥ó¥½¡¼¥ë°Ê³°¤«¤é¤Ï¡¢
- ¤½¤·¤Æ²Äǽ¤Ê¤é &man.su.1; ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¤â
+ ¤·¤«¤·¤Ê¤¬¤é¡¢¥³¥ó¥½¡¼¥ë°Ê³°¤«¤é¤Ï¡¢
+ ¤½¤·¤Æ²Äǽ¤Ê¤é &man.su.1;
+ ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¤â¥Ñ¥¹¥ï¡¼¥É¤ò»È¤¨¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Ù¤¤Ç¤¹¡£
+ ¤¿¤È¤¨¤Ð¡¢<filename>/etc/ttys</filename> ¤Î¥¨¥ó¥È¥ê¤Ë¤ª¤¤¤Æ¡¢
+ ÆÃÄê¤Î¥¿¡¼¥ß¥Ê¥ë¤ËÂФ·
<systemitem class="username">root</systemitem>
- ¤Î¥Ñ¥¹¥ï¡¼¥É¤ò»È¤¨¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Ù¤¤Ç¤¢¤ë¡¢¤È¤¤¤¦¤³¤È¤Ç¤¹¡£
- ¤¿¤È¤¨¤Ð¡¢¤¢¤Ê¤¿¤¬»È¤Ã¤Æ¤¤¤ë pty ¤¬¡¢
- <filename>/etc/ttys</filename> ¥Õ¥¡¥¤¥ë¤Ç insecure
- ¤È»ØÄꤵ¤ì¤Æ¤¤¤ë¤«³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£¤½¤¦¤¹¤ë¤È¡¢
- <command>telnet</command> ¤ä <command>rlogin</command> ·Ðͳ¤Ç¤Ï
+ ¤Ç¥í¥°¥¤¥ó¤Ç¤¤Ê¤¤¤è¤¦¤Ë
+ <literal>insecure</literal> ¤ÈÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£
+ &os; ¤Ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¡¢
+ <filename>/etc/ssh/sshd_config</filename> ¤Ë¤ª¤¤¤Æ
+ <literal>PermitRootLogin</literal> ¤¬ <literal>no</literal>
+ ¤ÈÀßÄꤵ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢&man.ssh.1; ¤ò»È¤Ã¤¿
<systemitem class="username">root</systemitem>
- ¤ÇľÀÜ¥í¥°¥¤¥ó¤Ç¤¤Ê¤¤¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
- ¤³¤ì¤Ï¡¢<filename>/etc/ssh/sshd_config</filename> ¤òÊÔ½¸¤·¤Æ
- <literal>PermitRootLogin</literal> ¤Ë <literal>no</literal>
- ¤¬ÀßÄꤵ¤ì¤ë¤è¤¦¤Ë¤¹¤ë¤³¤È¤Ç¼Â¸½¤Ç¤¤Þ¤¹¡£
- <application>sshd</application> ¤Î¤è¤¦¤Ê¡¢
- ÊÌ¤Î¥í¥°¥¤¥ó¥µ¡¼¥Ó¥¹¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ç¤âƱÍͤˡ¢Ä¾ÀÜ
- <systemitem class="username">root</systemitem>
- ¤Ø¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤òµö¤·¤Æ¤¤¤Ê¤¤¤«¤É¤¦¤«³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£
- ¤¹¤Ù¤Æ¤Î¥¢¥¯¥»¥¹¼êÃÊ — ¤¿¤È¤¨¤Ð FTP
- ¤Î¤è¤¦¤Ê¥µ¡¼¥Ó¥¹¤¬¡¢Îɤ¯¥¯¥é¥Ã¥¯¤ÎÂоݤȤʤ뤳¤È¤ò¹Í¤¨¤Þ¤·¤ç¤¦¡£
+ ¤Ø¥í¥°¥¤¥ó¤Ï̵¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
+ ¤¹¤Ù¤Æ¤Î¥¢¥¯¥»¥¹¼êÃÊ¡¢¤¿¤È¤¨¤Ð FTP
+ ¤è¤¦¤Ê¥µ¡¼¥Ó¥¹¤Ï¡¢Îɤ¯¥¯¥é¥Ã¥¯¤ÎÂоݤȤʤ뤳¤È¤òÍý²ò¤·¤Æ¤¯¤À¤µ¤¤¡£
<systemitem class="username">root</systemitem> ¤Ø¤ÎľÀÜ¥í¥°¥¤¥ó¤Ï¡¢
¥·¥¹¥Æ¥à¥³¥ó¥½¡¼¥ë·Ðͳ¤Ç¤Î¤ß²Äǽ¤Ç¤¢¤ë¤Ù¤¤Ê¤Î¤Ç¤¹¡£</para>
@@ -387,57 +322,34 @@
<primary><systemitem class="groupname">wheel</systemitem></primary>
</indexterm>
- <para>¤Þ¤¿ÅöÁ³¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤È¤·¤Æ¼«Ê¬¤¬
+ <para>¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï
<systemitem class="username">root</systemitem>
- ¤Ë¤Ê¤ì¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯É¬Íפ¬¤¢¤ê¤Þ¤¹¤«¤é¡¢
- ¤½¤Î¤¿¤á¤Î·ê¤ò¤¤¤¯¤Ä¤«³«¤±¤Æ¤ª¤¤Þ¤¹¡£
- ¤·¤«¤·¡¢¤½¤ì¤é¤Î·ê¤òÆ°ºî¤µ¤»¤ë¤Ë¤Ï¡¢
- ¤µ¤é¤ËÄɲäΥѥ¹¥ï¡¼¥Éǧ¾Ú¤¬É¬ÍפǤ¢¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯¤³¤È¤¬½ÅÍפǤ¹¡£
- <systemitem class="username">root</systemitem>
- ¤Ç¥¢¥¯¥»¥¹²Äǽ¤È¤¹¤ëÊýË¡¤Î°ì¤Ä¤È¤·¤Æ¡¢Å¬Àڤʥ¹¥¿¥Ã¥Õ¥¢¥«¥¦¥ó¥È¤ò
- (<filename>/etc/group</filename> Ãæ¤Î)
+ ¤Ë¤Ê¤ì¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯É¬Íפ¬¤¢¤ë¤Î¤Ç¡¢
+ ÄɲäΥѥ¹¥ï¡¼¥Éǧ¾Ú¤ÎÀßÄ꤬ɬÍפȤʤê¤Þ¤¹¡£
+ ¤Ò¤È¤Ä¤Ï¡¢Å¬Àڤʥ桼¥¶¥¢¥«¥¦¥ó¥È¤ò
+ <filename>/etc/group</filename> Ãæ¤Î
+ <systemitem class="groupname">wheel</systemitem> ¤Ë²Ã¤¨¤ëÊýË¡¤Ç¤¹¡£
<systemitem class="groupname">wheel</systemitem>
- ¥°¥ë¡¼¥×¤Ë²Ã¤¨¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
- <systemitem class="groupname">wheel</systemitem>
- ¥°¥ë¡¼¥×¤ËÆþ¤Ã¤Æ¤¤¤ë¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Ï
- <command>su</command> ¤ò»È¤Ã¤Æ
+ ¤Î¥á¥ó¥Ð¤Ï¡¢&man.su.1; ¤ò»È¤Ã¤Æ
<systemitem class="username">root</systemitem> ¤Ë¤Ê¤ë¤³¤È¤¬µö¤µ¤ì¤Þ¤¹¡£
- ¥Ñ¥¹¥ï¡¼¥É¥¨¥ó¥È¥ê¤Ë¤ª¤¤¤Æ¡¢¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤ò
- <systemitem class="groupname">wheel</systemitem>
- ¥°¥ë¡¼¥×¤ËÃÖ¤¯¤³¤È¤Ë¤è¤Ã¤ÆľÀÜ
- <systemitem class="groupname">wheel</systemitem>
- ¸¢¸Â¤òÍ¿¤¨¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î¥¢¥«¥¦¥ó¥È¤Ï
- <systemitem class="groupname">staff</systemitem>
- ¥°¥ë¡¼¥×¤Ë½ê°¤µ¤»¤ë¤Ù¤¤Ç¡¢¤½¤Î¾å¤Ç
- <filename>/etc/group</filename> ¥Õ¥¡¥¤¥ë¤òÄ̤·¤Æ
- <systemitem class="groupname">wheel</systemitem>
- ¥°¥ë¡¼¥×¤Ë²Ã¤¨¤ë¤Ù¤¤Ç¤¹¡£¼ÂºÝ¤Ë
+ ¼ÂºÝ¤Ë
<systemitem class="username">root</systemitem>
- ¥¢¥¯¥»¥¹¤ÎɬÍפʥ¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î¤ß
+ ¥¢¥¯¥»¥¹¤ÎɬÍפʥ桼¥¶¤Î¤ß
<systemitem class="groupname">wheel</systemitem>
- ¥°¥ë¡¼¥×¤ËÃÖ¤¯¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£
- ¾¤Îǧ¾ÚÊýË¡¤Î¾ì¹ç¡¢¤¿¤È¤¨¤Ð Kerberos ¤ò»ÈÍѤ¹¤ë¾ì¹ç¤Ë¤Ï¡¢
- <systemitem class="username">root</systemitem> ¥¢¥«¥¦¥ó¥È¤Î
- Kerberos <filename>.k5login</filename> ¥Õ¥¡¥¤¥ë¤ò»È¤¨¤Ð¡¢Ã¯¤â
- <systemitem class="groupname">wheel</systemitem> ¥°¥ë¡¼¥×¤ËÃÖ¤¯É¬Íפʤ¯
- <systemitem class="username">root</systemitem> ¤Ë &man.ksu.1;
- ¤¹¤ë¤³¤È¤òµö²Ä¤Ç¤¤Þ¤¹¡£
- ¤³¤Î¤ä¤êÊý¤Ï¤è¤ê¤è¤¤²ò·èºö¤Ê¤Î¤«¤â¤·¤ì¤Þ¤»¤ó¡£¤Ê¤¼¤Ê¤é¡¢
- <literal>wheel</literal> ¤Î¥á¥«¥Ë¥º¥à¤Ç¤Ï¡¢
- ¿¯Æþ¼Ô¤¬¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ò¼ê¤ËÆþ¤ì¡¢¥¹¥¿¥Ã¥Õ¥¢¥«¥¦¥ó¥È¤Î¤¤¤º¤ì¤«
- 1 ¤Ä¤òÇˤ뤳¤È¤¬¤Ç¤¤ë¤È¡¢
+ ¤ËÃÖ¤¯¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£
+ Kerberos ¤ò»ÈÍѤ·¤Æǧ¾Ú¹Ô¤¦¾ì¹ç¤Ë¤Ï¡¢
<systemitem class="username">root</systemitem>
- ¤òÇˤ뤳¤È¤¬¤Þ¤À¤Ç¤¤Æ¤·¤Þ¤¦¤«¤é¤Ç¤¹¡£
- <systemitem class="groupname">wheel</systemitem>
- ¤Î¥á¥«¥Ë¥º¥à¤òÍѤ¤¤ëÊý¤¬¡¢²¿¤â¤·¤Ê¤¤¤è¤ê¤ÏÎɤ¤¤Î¤Ç¤¹¤¬¡¢
- ɬ¤º¤·¤âºÇ¤â°ÂÁ´¤ÊÁªÂò»è¤È¤Ï¸Â¤ê¤Þ¤»¤ó¡£</para>
+ ¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤Ë <filename>.k5login</filename>
+ ¤òºîÀ®¤¹¤ë¤³¤È¤Ç¡¢
+ ï¤â <systemitem class="groupname">wheel</systemitem> ¤ËÃÖ¤¯É¬Íפʤ¯
+ &man.ksu.1; ¤¹¤ë¤³¤È¤òµö²Ä¤Ç¤¤Þ¤¹¡£</para>
<para>¥¢¥«¥¦¥ó¥È¤ò´°Á´¤Ë¥í¥Ã¥¯¤¹¤ë¤Ë¤Ï¡¢
- &man.pw.8; ¥³¥Þ¥ó¥É¤ò»È¤¦¤Ù¤¤Ç¤¹¡£</para>
+ &man.pw.8; ¤ò»È¤Ã¤Æ¤¯¤À¤µ¤¤¡£</para>
<screen>&prompt.root; <userinput>pw lock <replaceable>staff</replaceable></userinput></screen>
- <para>¤³¤ì¤Ë¤è¤ê¡¢¥æ¡¼¥¶¤Ï¡¢&man.ssh.1;
+ <para>¤³¤ì¤Ë¤è¤ê¡¢»ØÄꤵ¤ì¤¿¥æ¡¼¥¶¤Ï¡¢&man.ssh.1;
¤ò´Þ¤à¤¤¤«¤Ê¤ëÊýË¡¤Ç¤â¥í¥°¥¤¥ó¤Ç¤¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£</para>
<para>¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¤ò¥Ö¥í¥Ã¥¯¤¹¤ë¤â¤¦°ì¤Ä¤ÎÊýË¡¤Ï¡¢
@@ -445,16 +357,16 @@
<quote><literal>*</literal></quote> 1 ʸ»ú¤ËÃÖ¤´¹¤¨¤ë¤³¤È¤Ç¤¹¡£
¤³¤Îʸ»ú¤Ï¡¢°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤Ë¥Þ¥Ã¥Á¤¹¤ë¤³¤È¤Ï¤Ê¤¤¤Î¤Ç¡¢
¥æ¡¼¥¶¥¢¥¯¥»¥¹¤ò¥Ö¥í¥Ã¥¯¤·¤Þ¤¹¡£
- ¤¿¤È¤¨¤Ð¡¢¼¡¤Î¥¹¥¿¥Ã¥Õ¥¢¥«¥¦¥ó¥È¤ò¡¢</para>
+ ¤¿¤È¤¨¤Ð¡¢¼¡¤Î¥¢¥«¥¦¥ó¥È¤Î¥¨¥ó¥È¥ê¤ò¡¢</para>
<programlisting>foobar:R9DT/Fa1/LV9U:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcsh</programlisting>
- <para>¤³¤¦Êѹ¹¤·¤Þ¤¹¡£</para>
+ <para>&man.vipw.8; ¤ò»È¤Ã¤Æ°Ê²¼¤Î¤è¤¦¤ËÊѹ¹¤·¤Þ¤¹¡£</para>
<programlisting>foobar:*:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcsh</programlisting>
<para>¤³¤ÎÊѹ¹¤Ë¤è¤Ã¤Æ
- <systemitem class="username">foobar</systemitem> ¥æ¡¼¥¶¤Ï¡¢
+ <systemitem class="username">foobar</systemitem> ¤Ï¡¢
Ä̾ï¤Î¥í¥°¥¤¥ó¤Ï¤Ç¤¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
¤³¤Î¤è¤¦¤Ê¥¢¥¯¥»¥¹À©¸Â¤ò¤·¤¿¸å¤Ï¡¢
¥µ¥¤¥È¤Ç <application>Kerberos</application> ¤ò¥»¥Ã¥È¥¢¥Ã¥×¤·¤¿¤ê¡¢
@@ -463,34 +375,24 @@
<para>¤³¤ì¤é¤Î¥»¥¥å¥ê¥Æ¥£¤Î»ÅÁȤߤǤϡ¢
À©¸Â¤Î¶¯¤¤¥µ¡¼¥Ð¤«¤éÀ©¸Â¤Î¼å¤¤¥µ¡¼¥Ð¤Ø¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤òÁ°Äó¤È¤·¤Æ¤¤¤Þ¤¹¡£
- ¤¿¤È¤¨¤Ð¡¢¥á¥¤¥ó¥Þ¥·¥ó¤Ç¡¢ÍÍ¡¹¤Ê¼ïÎà¤Î¥µ¡¼¥Ð¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¾ì¹ç¡¢
- ¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤Ç¤Ï¤½¤ì¤é¤Î¥µ¡¼¥Ð¤ò¼Â¹Ô¤µ¤»¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
+ ¤¿¤È¤¨¤Ð¡¢¥µ¡¼¥Ð¤¬¥Í¥Ã¥È¥ï¡¼¥¯¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¾ì¹ç¡¢
+ ¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤Ç¤Ï¤½¤ì¤é¤Î¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤µ¤»¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤ò½½Ê¬¤Ë°ÂÁ´¤Ë¤·¤Æ¤ª¤¯¤¿¤á¤Ë¤Ï¡¢
- ¼Â¹Ô¤¹¤ë¥µ¡¼¥Ð¤Î¿ô¤ò¡¢
- °ì¤Ä¤â¥µ¡¼¥Ð¤¬¼Â¹Ô¤µ¤ì¤Æ¤¤¤Ê¤¤¤È¤¤¤¦¤¯¤é¤¤¤Ë¤Þ¤Ç¤Ç¤¤ë¸Â¤ê¸º¤é¤¹¤Ù¤¤Ç¤¹¡£
- ¤Þ¤¿¡¢¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ì¤¿¥¹¥¯¥ê¡¼¥ó¥»¡¼¥Ð¤òÁö¤é¤»¤Æ¤ª¤¯¤Ù¤¤Ç¤¹¡£
- ¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¤¬Í¿¤¨¤é¤ì¤¿¤È¤¹¤ë¤È¡¢
+ ¼Â¹Ô¤¹¤ë¥µ¡¼¥Ó¥¹¤ò¥¼¥í¤Ë¤¹¤ë¤«¡¢²Äǽ¤Ê¸Â¤ê¸º¤é¤·¡¢
+ ¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ì¤¿¥¹¥¯¥ê¡¼¥ó¥»¡¼¥Ð¤òÁö¤é¤»¤Æ¤ª¤¯¤Ù¤¤Ç¤¹¡£
+ ¥·¥¹¥Æ¥à¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¤¬Í¿¤¨¤é¤ì¤¿¤È¤¹¤ë¤È¡¢
¤â¤Á¤í¤ó¸À¤¦¤Þ¤Ç¤â¤Ê¤¯¡¢
- ¹¶·â¼Ô¤Ï´ÉÍý¼Ô¤¬ÀßÄꤷ¤¿¤¤¤«¤Ê¤ë¼ïÎà¤Î¥»¥¥å¥ê¥Æ¥£¤ò¤â¤¦¤ÁÇˤ뤳¤È¤¬¤Ç¤¤ë¤Î¤Ç¤¹¡£
- ¤³¤Î¤³¤È¤Ï¡¢´ÉÍý¼Ô¤È¤·¤Æɬ¤º¹Í¤¨¤Æ¤ª¤«¤Í¤Ð¤Ê¤é¤Ê¤¤ÌäÂê¤Ç¤¹¤¬¡¢
- ¥·¥¹¥Æ¥àÇˤê¤ÎÂç¿¿ô¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯·Ðͳ¤Ç¥ê¥â¡¼¥È¤«¤é¡¢
- ¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤ä¥µ¡¼¥Ð¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¼êÃʤò»ý¤¿¤Ê¤¤¿Í¡¹¤Ë¤è¤Ã¤Æ¹Ô¤ï¤ì¤ë¤È¤¤¤¦»ö¼Â¤â¤Þ¤¿¡¢
- ǰƬ¤ËÃÖ¤¤¤Æ¤ª¤¯É¬Íפ¬¤¢¤ê¤Þ¤¹¡£</para>
+ ¹¶·â¼Ô¤Ï¤¤¤«¤Ê¤ë¼ïÎà¤Î¥»¥¥å¥ê¥Æ¥£¤ò¤â¤¦¤ÁÇˤ뤳¤È¤¬¤Ç¤¤ë¤Î¤Ç¤¹¡£
+ ¹¬¤¤¤Ë¤â¡¢¥·¥¹¥Æ¥àÇˤê¤ÎÂç¿¿ô¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯·Ðͳ¤Ç¥ê¥â¡¼¥È¤«¤é¡¢
+ ¥·¥¹¥Æ¥à¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¼êÃʤò»ý¤¿¤Ê¤¤¿Í¡¹¤Ë¤è¤Ã¤Æ¹Ô¤ï¤ì¤Æ¤¤¤Þ¤¹¡£</para>
- <para>Kerberos ¤Î¤è¤¦¤ÊÊýË¡¤ò»È¤¦¤³¤È¤Ç¡¢
- ¥¹¥¿¥Ã¥Õ¥¢¥«¥¦¥ó¥È¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÊѹ¹¤â¤·¤¯¤ÏÄä»ß¤ò°ì²Õ½ê¤Ç¹Ô¤Ê¤¦¤³¤È¤È¡¢
- ¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤¬¥¢¥«¥¦¥ó¥È¤ò»ý¤Ä¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¤Ë¨»þ¤Ë¤½¤Î¸ú²Ì¤òµÚ¤Ü¤¹¤³¤È¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£
- ¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î¥¢¥«¥¦¥ó¥È¤¬´í¸±¤Ë»¯¤µ¤ì¤¿¤È¤¤Ë¡¢
- ¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¤Ç¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¨ºÂ¤ËÊѹ¹¤¹¤ëǽÎϤò²á¾®É¾²Á¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
- ¥Ñ¥¹¥ï¡¼¥É¤¬Ê¬»¶¤µ¤ì¤Æ¤¤¤ë¾õ¶·¤Ç¤Ï¡¢
- N Âæ¤Î¥Þ¥·¥ó¤Ç¥Ñ¥¹¥ï¡¼¥É¤òÊѹ¹¤¹¤ë¤È¡¢
- ¤Æ¤ó¤ä¤ï¤ó¤ä¤Î»öÂÖ¤ò¾·¤¯²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£
- Kerberos ¤ò»ÈÍѤ¹¤ë¤È¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎºÆȯ¹Ô¤ËÀ©¸Â
- (re-passwording restriction) ¤ò²Ý¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
- ¤³¤Îµ¡Ç½¤ò»È¤¦¤³¤È¤Ë¤è¤ê¡¢¤¢¤ë Kerberos
- ¥Á¥±¥Ã¥È¤ò¤·¤Ð¤é¤¯·Ð¤Ä¤È¥¿¥¤¥à¥¢¥¦¥È¤Ë¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¤À¤±¤Ç¤Ê¤¯¡¢
- °ìÄê´ü´Ö (Î㤨¤Ð¡¢1 ¥ö·î¤Ë 1 ²ó) ·Ð¤Ä¤È¡¢
- ¥æ¡¼¥¶¤Ë¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤òÁª¤Ö¤è¤¦¤ËÍ׵᤹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£</para>
+ <para>Kerberos ¤ò»È¤¦¤³¤È¤Ç¡¢
+ ¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÊѹ¹¤â¤·¤¯¤ÏÄä»ß¤ò°ì²Õ½ê¤Ç¹Ô¤Ê¤¦¤³¤È¤È¡¢
+ ¥æ¡¼¥¶¤¬¥¢¥«¥¦¥ó¥È¤ò»ý¤Ä¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¤Ë¨»þ¤Ë¤½¤Î¸ú²Ì¤òµÚ¤Ü¤¹¤³¤È¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£
+ ¥¢¥«¥¦¥ó¥È¤¬´í¸±¤Ë»¯¤µ¤ì¤¿¤È¤¤Ë¡¢
+ ¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¾å¤Î´ØÏ¢¤¹¤ë¥Ñ¥¹¥ï¡¼¥É¤ò¨ºÂ¤ËÊѹ¹¤¹¤ëǽÎϤò²á¾®É¾²Á¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
+ Kerberos ¤Ç¤Ï¡¢Kerberos ¥Á¥±¥Ã¥È¤Ë¥¿¥¤¥à¥¢¥¦¥È¤òÀßÄê¤Ç¤¡¢
+ ÀßÄꤷ¤¿´ü´Ö¤¬·Ð²á¤¹¤ë¤È¥æ¡¼¥¶¤Ë¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤òÁª¤Ö¤è¤¦¤ËÍ׵᤹¤ë¤È¤¤¤Ã¤¿ÄɲäÎÀ©¸Â¤ò²Ý¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
</sect2>
<sect2>
@@ -498,134 +400,43 @@
SUID/SGID ¥Ð¥¤¥Ê¥ê¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
<indexterm>
- <primary><command>ntalk</command></primary>
- </indexterm>
- <indexterm>
- <primary><command>comsat</command></primary>
- </indexterm>
- <indexterm>
- <primary><command>finger</command></primary>
- </indexterm>
- <indexterm>
<primary>º½¾ì (sandbox)</primary>
</indexterm>
<indexterm>
- <primary><application>sshd</application></primary>
+ <primary>&man.sshd.8;</primary>
</indexterm>
- <indexterm>
- <primary><application>telnetd</application></primary>
- </indexterm>
- <indexterm>
- <primary><application>rshd</application></primary>
- </indexterm>
- <indexterm>
- <primary><application>rlogind</application></primary>
- </indexterm>
- <para>ÍÑ¿´¿¼¤¤¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢
- ¼«Ê¬¤ËɬÍפʥµ¡¼¥Ð¥×¥í¥»¥¹¤À¤±¤ò²áÉÔ¤ʤ¯¼Â¹Ô¤µ¤»¤ë¤â¤Î¤Ç¤¹¡£
+ <para>ÍÑ¿´¿¼¤¤¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢É¬Íפʥµ¡¼¥Ó¥¹¤À¤±¤ò͸ú¤Ë¤·¡¢
¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¤Î¥µ¡¼¥Ð¤Ï¡¢
- ¤è¤¯¥Ð¥°¤ò»ý¤Ã¤Æ¤¤¤¬¤Á¤À¤È¤¤¤¦¤³¤È¤ËÃí°Õ¤·¤Æ²¼¤µ¤¤¡£
- ¤¿¤È¤¨¤Ð¡¢¸Å¤¤¥Ð¡¼¥¸¥ç¥ó¤Î
- <application>imapd</application> ¤ä
- <application>popper</application>
- ¤ò¼Â¹Ô¤µ¤»¤Æ¤ª¤¯¤Î¤Ï¡¢Á´À¤³¦¤ËËüǽ¤Î
+ ¤è¤¯¥Ð¥°¤ò»ý¤Ã¤Æ¤¤¤¬¤Á¤À¤È¤¤¤¦¤³¤È¤ËÃí°Õ¤·¤Æ¤¤¤ë¤â¤Î¤Ç¤¹¡£
+ Ãí°Õ¿¼¤¯¥Á¥§¥Ã¥¯¤·¤Æ¤¤¤Ê¤¤¥µ¡¼¥Ð¤Ï¡¢·è¤·¤Æ¼Â¹Ô¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
+ ¿¤¯¤Î¥Ç¡¼¥â¥ó¤Ï¡¢¥µ¡¼¥Ó¥¹ÀìÍѤΥ¢¥«¥¦¥ó¥È¡¢¤â¤·¤¯¤Ï
+ <firstterm>º½¾ì (sandbox)</firstterm> ¤Çµ¯Æ°¤µ¤»¤ë¤³¤È¤¬¤Ç¤¤ë¤Î¤Ç¡¢
<systemitem class="username">root</systemitem>
- ¤ÎÀÚÉä¤òÍ¿¤¨¤Æ¤¤¤ë¤è¤¦¤Ê¤â¤Î¤Ç¤¹¡£
- ¼«Ê¬¤ÇÃí°Õ¿¼¤¯¥Á¥§¥Ã¥¯¤·¤Æ¤¤¤Ê¤¤¥µ¡¼¥Ð¤Ï¡¢
- ·è¤·¤Æ¼Â¹Ô¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
- <systemitem class="username">root</systemitem>
- ¤Ç¼Â¹Ô¤µ¤»¤ëɬÍפΤ¢¤ë¥µ¡¼¥Ð¤Ï¤Û¤È¤ó¤É¤¢¤ê¤Þ¤»¤ó¡£¤¿¤È¤¨¤Ð¡¢
- <application>ntalk</application>,
- <application>comsat</application>,
- <application>finger</application> ¥Ç¡¼¥â¥ó¤ò¡¢
- ÀìÍѥ桼¥¶¤Î <firstterm>º½¾ì (sandbox)</firstterm>
- ¤Ç¼Â¹Ô¤µ¤»¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
- ´ÉÍý¼Ô¤¬ËÄÂç¤Ê¿ô¤ÎÌäÂê¤ò·Ð¸³¤·¤Æ¤¤¤Ê¤¤¤Î¤Ê¤é¡¢
- ¤³¤Î¡Öº½¾ì¡×¤Ï´°àú¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¤¬¡¢
- ¥»¥¥å¥ê¥Æ¥£¤Ë´Ø¤¹¤ë¥¿¥Þ¥Í¥®Åª¥¢¥×¥í¡¼¥Á¤Ï¤³¤³¤Ç¤âÀ®¤êΩ¤Á¤Þ¤¹¡£
- º½¾ì¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ð¥×¥í¥»¥¹¤ò·Ðͳ¤·¤Æ¿¯Æþ¤ò²Ì¤¿¤¹¤³¤È¤¬¤Ç¤¤¿¤È¤·¤Æ¤â¡¢
- ¹¶·â¼Ô¤Ï¤µ¤é¤Ëº½¾ì¤«¤é³°¤Ëæ½Ð¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
- ¹¶·â¼Ô¤¬Ä̲᤻¤Í¤Ð¤Ê¤é¤Ê¤¤Áؤοô¤¬Áý¤¨¤ì¤ÐÁý¤¨¤ë¤Û¤É¡¢
- ¤½¤ì¤À¤±¹¶·â¼Ô¤¬¿¯Æþ¤ËÀ®¸ù¤¹¤ë³ÎΨ¤¬¸º¤ê¤Þ¤¹¡£
- Root ¤ÎÈ´¤±·ê¤ÏÎò»ËŪ¤Ë¡¢´ðËÜ¥·¥¹¥Æ¥à¥µ¡¼¥Ð¤â´Þ¤á¡¢
- <systemitem class="username">root</systemitem>
- ¸¢¸Â¤Ç¼Â¹Ô¤µ¤ì¤ë¤Û¤È¤ó¤É¤¹¤Ù¤Æ¤Î¥µ¡¼¥Ð¥×¥í¥»¥¹¤Çȯ¸«¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
- ¥æ¡¼¥¶¤¬ <application>sshd</application> ·Ðͳ¤Ç¤Î¤ß¥í¥°¥¤¥ó¤·¡¢
- <application>telnetd</application>,
- <application>rshd</application>,
- <application>rlogind</application>
- ·Ðͳ¤Ç¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤¬·è¤·¤Æ¤Ê¤¤¥Þ¥·¥ó¤ò²ÔƯ¤µ¤»¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢
- ¤½¤ì¤é¤Î¥µ¡¼¥Ó¥¹¤òÄä»ß¤µ¤»¤Æ²¼¤µ¤¤!</para>
+ ¸¢¸Â¤Ç¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤¹¤ëÁ°¤Ë¤Ï¡¢¤è¤¯¹Í¤¨¤Æ¤¯¤À¤µ¤¤¡£
+ &man.telnetd.8; ¤Þ¤¿¤Ï &man.rlogind.8;
+ ¤Î¤è¤¦¤Ê°ÂÁ´¤Ç¤Ï¤Ê¤¤¥µ¡¼¥Ó¥¹¤Ï͸ú¤Ë¤·¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£</para>
- <para>&os; ¤Ç¤Ï¡¢º£¤Ç¤Ï
- <application>ntalkd</application>,
- <application>comsat</application>,
- <application>finger</application>
- ¤Ïº½¾ì¤Ç¼Â¹Ô¤µ¤»¤ë¤³¤È¤¬¥Ç¥Õ¥©¥ë¥È¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
- ¼¡¤Ëº½¾ì¤Ç¼Â¹Ô¤µ¤»¤ë¤Ù¤¥×¥í¥°¥é¥à¤Î¸õÊä¤È¤·¤Æ¡¢
- &man.named.8; ¤¬¤¢¤ê¤Þ¤¹¡£
- <filename>/etc/defaults/rc.conf</filename> ¥Õ¥¡¥¤¥ë¤Ë¤Ï¡¢
- <application>named</application>
- ¤òº½¾ì¤Ç¼Â¹Ô¤¹¤ë¤¿¤á¤ËɬÍפʰú¿ô¤¬¥³¥á¥ó¥È¥¢¥¦¥È¤µ¤ì¤¿·Á¼°¤Ç´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£
- ¿·¤·¤¤¥·¥¹¥Æ¥à¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤¤¤ë¤«¡¢
- ¤½¤ì¤È¤â´û¸¤Î¥·¥¹¥Æ¥à¤ò¥¢¥Ã¥×¥°¥ì¡¼¥É¤·¤Æ»È¤Ã¤Æ¤¤¤ë¤«¤Ë°Í¸¤·¤Þ¤¹¤¬¡¢
- º½¾ì¤È¤·¤Æ»ÈÍѤ¹¤ëÆÃÊ̤Υ桼¥¶¥¢¥«¥¦¥ó¥È¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£
- ÍÑ¿´¿¼¤¤¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ç¤¢¤ì¤Ð¡¢¤Ç¤¤ë¤À¤±¤¤¤Ä¤Ç¤â¸¦µæ¤òÂդ餺¡¢
- ¥µ¡¼¥Ð¤Ëº½¾ì¤ò»Å¹þ¤à¤â¤Î¤Ç¤·¤ç¤¦¡£</para>
-
- <indexterm>
- <primary><application>sendmail</application></primary>
- </indexterm>
-
- <para>Ä̾º½¾ì¤Ç¼Â¹Ô¤·¤Ê¤¤¥µ¡¼¥Ð¤¬Â¾¤Ë¤¤¤¯¤Ä¤«¤¢¤ê¤Þ¤¹¡£
- <application>sendmail</application>,
- <application>popper</application>,
- <application>imapd</application>,
- <application>ftpd</application> ¤Ê¤É¤Ç¤¹¡£
- ¤³¤ì¤é¤Î¤¦¤Á¤¤¤¯¤Ä¤«¤Î¥µ¡¼¥Ð¤Ë¤ÏÂå¤ï¤ê¤È¤Ê¤ë¤â¤Î¤¬¤¢¤ê¤Þ¤¹¤¬¡¢
- Âå¤ï¤ê¤Î¤â¤Î¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤Ë¤Ï¡¢
- ¤¢¤Ê¤¿¤¬»×¤¦¤è¤ê¿¤¯¤Î»Å»ö¤¬É¬Íפˤʤ뤫¤â¤·¤ì¤Þ¤»¤ó
- (ÊØÍø¤µ¤È¤¤¤¦Í×ÁǤ¬¤Þ¤¿¤â¾¡Íø¤ò¼ý¤á¤ë¤ï¤±¤Ç¤¹)¡£
- ¤³¤ì¤é¤Î¥µ¡¼¥Ð¤Ï¡¢<systemitem class="username">root</systemitem>
- ¸¢¸Â¤Ç¼Â¹Ô¤·¤Ê¤±¤ì¤Ð¤Ð¤Ê¤é¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£¤Þ¤¿¡¢
- ¤³¤ì¤é¤Î¥µ¡¼¥Ð·Ðͳ¤ÇÀ¸¤¸¤ë¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤¿¤á¤Ë¤Ï¡¢
- ¾¤Î»ÅÁȤߤËÍê¤é¤Ê¤¯¤Æ¤Ï¤Ê¤é¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£</para>
-
- <para>¥·¥¹¥Æ¥à¤Î <systemitem class="username">root</systemitem>
- ¸¢¸Â¤ÎÀøºßŪ¤Ê·ê¤Ç¾¤ËÂ礤ʤâ¤Î¤Ë¤Ï¡¢
- ¥·¥¹¥Æ¥à¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤¿ suid-root/sgid ¥Ð¥¤¥Ê¥ê¤¬¤¢¤ê¤Þ¤¹¡£
+ <para>¾¤Î¥·¥¹¥Æ¥à¤ÎÀøºßŪ¤Ê¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤Ë¤Ï¡¢
+ SUID-root ¤ª¤è¤Ó SGID ¥Ð¥¤¥Ê¥ê¤¬¤¢¤ê¤Þ¤¹¡£
¤³¤ì¤é¤Î¥Ð¥¤¥Ê¥ê¤Ï¡¢
- <application>rlogin</application> ¤Î¤è¤¦¤Ë¡¢<filename
+ &man.rlogin.1; ¤Î¤è¤¦¤Ë¡¢<filename
class="directory">/bin</filename>, <filename
class="directory">/sbin</filename>, <filename
class="directory">/usr/bin</filename> ¤Þ¤¿¤Ï <filename
class="directory">/usr/sbin</filename>
¤Ë¸ºß¤¹¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£
100% °ÂÁ´¤Ê¤â¤Î¤Ï¸ºß¤·¤Ê¤¤¤È¤Ï¤¤¤¨¡¢
- ¥·¥¹¥Æ¥à¥Ç¥Õ¥©¥ë¥È¤Î siud/sgid ¥Ð¥¤¥Ê¥ê¤ÏÈæ³ÓŪ°ÂÁ´¤È¤¤¤¨¤Þ¤¹¡£
- ¤½¤ì¤Ç¤â¤Ê¤ª¡¢<systemitem class="username">root</systemitem>
- ¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤¬¤³¤ì¤é¤Î¥Ð¥¤¥Ê¥ê¤Ë¤È¤¤ª¤êȯ¸«¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
- 1998 ǯ¤Ë <application>xterm</application>
- (ÉáÄÌ¡¢suid ÀßÄꤵ¤ì¤Æ¤¤¤Þ¤¹) ¤òÀȼå¤Ë¤·¤Æ¤¤¤¿
- <literal>Xlib</literal> ¤Î
- <systemitem class="username">root</systemitem>
- ¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤¬¸«¤Ä¤«¤ê¤Þ¤·¤¿¡£
- °ÂÁ´¤Ç¤¢¤ëÊý¤¬¤è¤¤¤Î¤Ç¡¢
- ÍÑ¿´¿¼¤¤¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï»ÄÇ°¤Ë»×¤¤¤Ê¤¬¤é¤â¡¢
- ¥¹¥¿¥Ã¥Õ¤Î¤ß¤¬¼Â¹Ô¤¹¤ëɬÍפ¬¤¢¤ë suid ¥Ð¥¤¥Ê¥ê¤Ï¡¢
- ¥¹¥¿¥Ã¥Õ¤Î¤ß¤¬¥¢¥¯¥»¥¹²Äǽ¤ÊÆÃÊ̤ʥ°¥ë¡¼¥×¤Ë´Þ¤á¤ë¤è¤¦¤ËÀ©¸Â¤ò²Ã¤¨¡¢
- ï¤â»È¤ï¤Ê¤¤ suid ¥Ð¥¤¥Ê¥ê¤Ï
- (<command>chmod 000</command> ¤ò¼Â¹Ô¤·¤Æ) ÊÒÉÕ¤±¤Æ¤·¤Þ¤¦¤Ç¤·¤ç¤¦¡£
- ¥Ç¥£¥¹¥×¥ì¥¤¤ò»ý¤¿¤Ê¤¤¥µ¡¼¥Ð¤Ï¡¢°ìÈÌŪ¤Ë
- <application>xterm</application> ¤Î¥Ð¥¤¥Ê¥ê¤òɬÍפȤ·¤Þ¤»¤ó¡£
- sgid ¥Ð¥¤¥Ê¥ê¤â¤Û¤È¤ó¤ÉƱÍÍ¤Î´í¸±¤Ê¸ºß¤Ë¤Ê¤êÆÀ¤Þ¤¹¡£
- ¿¯Æþ¼Ô¤¬ kmem ¤Ë sgid ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤òÇˤ뤳¤È¤¬¤Ç¤¤¿¾ì¹ç¡¢
+ ¥·¥¹¥Æ¥à¥Ç¥Õ¥©¥ë¥È¤Î SUID/SGID ¥Ð¥¤¥Ê¥ê¤ÏÈæ³ÓŪ°ÂÁ´¤È¤¤¤¨¤Þ¤¹¡£
+ SUID ¥Ð¥¤¥Ê¥ê¤Ï¡¢
+ ¥¹¥¿¥Ã¥Õ¤Î¤ß¤¬¥¢¥¯¥»¥¹²Äǽ¤ÊÆÃÊ̤ʥ°¥ë¡¼¥×¤ËÀ©¸Â¤·¡¢
+ »È¤ï¤Ê¤¤ SUID ¥Ð¥¤¥Ê¥ê¤Ïºï½ü¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Þ¤¹¡£
+ SGID ¥Ð¥¤¥Ê¥ê¤â¤Û¤È¤ó¤ÉƱÍÍ¤Î´í¸±¤Ê¸ºß¤Ë¤Ê¤êÆÀ¤Þ¤¹¡£
+ ¿¯Æþ¼Ô¤¬ kmem ¤Ë SGID ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤òÇˤ뤳¤È¤¬¤Ç¤¤¿¾ì¹ç¡¢
¤½¤Î¿¯Æþ¼Ô¤Ï <filename>/dev/kmem</filename>
¤òÆɤ߽Ф¹¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¡£¤Ä¤Þ¤ê¡¢
°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤òÆɤ߽Ф¹¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¤Î¤Ç¡¢
- ¥Ñ¥¹¥ï¡¼¥É¤ò»ý¤Ä¤É¤Î¥¢¥«¥¦¥ó¥È¤ò¤â¡¢
- ÀøºßŪ¤Ê´í¸±¤Ë»¯¤¹¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£Â¾¤Ë¤â¡¢
+ ¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ò¡¢ÀøºßŪ¤Ê´í¸±¤Ë»¯¤¹¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£Â¾¤Ë¤â¡¢
<literal>kmem</literal> ¥°¥ë¡¼¥×¤òÇˤä¿¿¯Æþ¼Ô¤¬ pty
¤òÄ̤·¤ÆÁ÷¤é¤ì¤¿¥¡¼¥¹¥È¥í¡¼¥¯¤ò´Æ»ë¤Ç¤¤ë¤È¤¤¤¦´í¸±¤¬¤¢¤ê¤Þ¤¹¡£
¥¡¼¥¹¥È¥í¡¼¥¯¤Ë¤Ï¡¢°ÂÁ´¤ÊÊýË¡¤Ç¥í¥°¥¤¥ó¤¹¤ë¥æ¡¼¥¶¤¬»È¤Ã¤Æ¤¤¤ë pty
@@ -642,16 +453,10 @@
<title>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
<para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Ï¡¢ÉáÄÌ¡¢°ÂÁ´À¤ò¹â¤á¤ë¤³¤È¤¬ºÇ¤âº¤Æñ¤Ç¤¹¡£
- ¥¹¥¿¥Ã¥Õ¤ËÂФ·¤Æ¤Ï¡¢¤È¤Æ¤â¸·³Ê¤Ê¥¢¥¯¥»¥¹À©¸Â¤ò¶¯À©¤·¥Ñ¥¹¥ï¡¼¥É¤ò
- <quote>¥¢¥¹¥¿¥ê¥¹¥¯</quote> ¤Ç³°¤¹¤³¤È¤¬¤Ç¤¤ë¤Ç¤·¤ç¤¦¤¬¡¢
- ´ÉÍý¼Ô¤¬»ý¤Á¤¦¤ë°ìÈ̥桼¥¶¤¹¤Ù¤Æ¤Î¥¢¥«¥¦¥ó¥È¤ËÂФ·¤ÆƱ¤¸¤³¤È¤Ï¤Ç¤¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£
- ´ÉÍý¼Ô¤¬½½Ê¬¤ËÅýΨ¤ò¤È¤ë¤³¤È¤¬¤Ç¤¤ë¤Ê¤é¡¢´ÉÍý¼Ô¤Ï¾¡Íø¤·¡¢
- ¥æ¡¼¥¶¤Î¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´¤òŬÀڤ˳ÎÊݤǤ¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
- ¤½¤ì¤¬¤Ç¤¤Ê¤¤¤Ê¤é¤Ð¡¢
- ¤è¤ê¤¤¤Ã¤½¤¦µ¤¤òÇۤäưìÈ̥桼¥¶¤Î¥¢¥«¥¦¥ó¥È¤ò´Æ»ë¤¹¤ë¤è¤ê¤Û¤«¤¢¤ê¤Þ¤»¤ó¡£
- °ìÈ̥桼¥¶¥¢¥«¥¦¥ó¥È¤ËÂФ· ssh ¤ä Kerberos ¤òÍøÍѤ¹¤ë¤³¤È¤Ë¤Ï¡¢
- ¥·¥¹¥Æ¥à´ÉÍý¤¬¤µ¤é¤ËÁý¤¨¤¿¤ê¥Æ¥¯¥Ë¥«¥ë¥µ¥Ý¡¼¥È¤¬É¬Íפˤʤë¤Ê¤É¤ÎÌäÂ꤬¤¢¤ê¤Þ¤¹¡£
- ¤½¤ì¤Ç¤â¡¢°Å¹æ²½¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ÈÈæ³Ó¤¹¤ë¤È¤Ï¤ë¤«¤ËÎɤ¤²ò¤Ç¤¹¡£</para>
+ µ¤¤òÇۤäƥ桼¥¶¥¢¥«¥¦¥ó¥È¤ò´Æ»ë¤¹¤ë¤è¤ê¤Û¤«¤¢¤ê¤Þ¤»¤ó¡£
+ ¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ËÂФ· &man.ssh.1; ¤ä Kerberos ¤òÍøÍѤ¹¤ë¤Ë¤Ï¡¢
+ ¥·¥¹¥Æ¥à´ÉÍý¤¬¤µ¤é¤ËÁý¤¨¤¿¤ê¥Æ¥¯¥Ë¥«¥ë¥µ¥Ý¡¼¥È¤¬É¬Íפˤʤê¤Þ¤¹¤¬¡¢
+ °Å¹æ²½¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ÈÈæ³Ó¤¹¤ë¤È¤Ï¤ë¤«¤ËÎɤ¤ÊýË¡¤òÄ󶡤·¤Þ¤¹¡£</para>
</sect2>
<sect2>
@@ -659,7 +464,7 @@
<para>¤Ç¤¤ë¤À¤±Â¿¤¯¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¥¢¥¹¥¿¥ê¥¹¥¯¤Ç³°¤·¡¢
¤½¤ì¤é¤Î¥¢¥«¥¦¥ó¥È¤Î¥¢¥¯¥»¥¹¤Ë¤Ï
- ssh ¤ä Kerberos ¤ò»È¤¦¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬¡¢Í£°ì¤Î³Î¼Â¤ÊÊýË¡¤Ç¤¹¡£
+ &man.ssh.1; ¤ä Kerberos ¤ò»È¤¦¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬¡¢Í£°ì¤Î³Î¼Â¤ÊÊýË¡¤Ç¤¹¡£
°Å¹æ²½¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë
(<filename>/etc/spwd.db</filename>) ¤Ï
<systemitem class="username">root</systemitem>
@@ -667,90 +472,79 @@
¤¿¤È¤¨¡¢¿¯Æþ¼Ô¤¬ root ¤Î½ñ¤¹þ¤ß¸¢¸Â¤ÏÆÀ¤é¤ì¤Ê¤¯¤È¤â¡¢
Æɤ߽Ф·¥¢¥¯¥»¥¹¸¢¸Â¤òÆÀ¤ë¤³¤È¤Ï²Äǽ¤«¤â¤·¤ì¤Þ¤»¤ó¡£</para>
- <para>¥»¥¥å¥ê¥Æ¥£¥¹¥¯¥ê¥×¥È¤Ç¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ÎÊѹ¹¤ò¥Á¥§¥Ã
- ¥¯¤·¡¢Êó¹ð¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹ (<link
+ <para><link
linkend="security-integrity">¥Õ¥¡¥¤¥ë¤Î´°Á´À¤Î¥Á¥§¥Ã¥¯</link>
- ÀỲ¾È)¡£</para>
+ Àá¤ÇÀâÌÀ¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¡¢
+ ¥»¥¥å¥ê¥Æ¥£¥¹¥¯¥ê¥×¥È¤Ç¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ÎÊѹ¹¤ò¥Á¥§¥Ã¥¯¤·¡¢
+ Êó¹ð¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£</para>
</sect2>
<sect2>
- <title>¥«¡¼¥Í¥ë¤Î¥³¥¢¡¢raw ¥Ç¥Ð¥¤¥¹¡¢¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î°ÂÁ´À¤ò
- ¹â¤á¤ë</title>
+ <title>¥«¡¼¥Í¥ë¤Î¥³¥¢¡¢raw ¥Ç¥Ð¥¤¥¹¡¢
+ ¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
- <para><systemitem class="username">root</systemitem>
- ¤Î¸¢¸Â¤òÇˤë¤È¡¢¹¶·â¼Ô¤Ï¤Û¤È¤ó¤É²¿¤Ç¤â¤Ç¤¤Þ¤¹¤¬¡¢
- Æä˽ÅÊõ¤µ¤ì¤ëÆÃÄê¤Î»öÊÁ¤â¤¤¤¯¤Ä¤«¤¢¤ê¤Þ¤¹¡£
- ¤¿¤È¤¨¤Ð¡¢ºÇ¶á¤Î¥«¡¼¥Í¥ë¤Ï¡¢ÁȤ߹þ¤ß¤Î¥Ñ¥±¥Ã¥ÈÇÁ¤¸«¥Ç¥Ð¥¤¥¹
+ <para>ºÇ¶á¤Î¥«¡¼¥Í¥ë¤Ï¡¢ÁȤ߹þ¤ß¤Î¥Ñ¥±¥Ã¥ÈÇÁ¤¸«¥Ç¥Ð¥¤¥¹
(packet sniffing device) ¥É¥é¥¤¥Ð¤òÈ÷¤¨¤Æ¤¤¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£
- &os; ¤Ç¤Ï <filename>bpf</filename> ¥Ç¥Ð¥¤¥¹¤È¸Æ¤Ð¤ì¤Æ¤¤¤Þ¤¹¡£
- ¿¯Æþ¼Ô¤ÏÉáÄÌ¡¢
- ¿¯ÆþºÑ¤ß¤Î¥Þ¥·¥ó¤Ç¥Ñ¥±¥Ã¥ÈÇÁ¤¸«¥×¥í¥°¥é¥à¤ò¼Â¹Ô¤µ¤»¤è¤¦¤È»î¤ß¤Þ¤¹¡£
- ¿¯Æþ¼Ô¤Ë¤ï¤¶¤ï¤¶¤½¤¦¤¤¤¦µ¡Ç½¤òÄ󶡤¹¤ëɬÍפϤʤ¤¤Î¤Ç¡¢
- ¤Û¤È¤ó¤É¤Î¥·¥¹¥Æ¥à¤Ç <filename>bpf</filename>
- ¥Ç¥Ð¥¤¥¹¤òÁȤ߹þ¤à¤Ù¤¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£</para>
+ &os; ¤Ç¤Ï <filename>bpf</filename> ¤È¸Æ¤Ð¤ì¤Æ¤¤¤Þ¤¹¡£
+ ¤³¤Î¥Ç¥Ð¥¤¥¹¤Ï DHCP ¤ÇɬÍפȤʤ뤿¤á¡¢
+ DHCP ¤òÄ󶡤·¤¿¤ê»È¤¦É¬ÍפΤʤ¤¥·¥¹¥Æ¥à¤Ç¤Ï¡¢
+ ¥«¥¹¥¿¥à¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¥Õ¥¡¥¤¥ë¤«¤é³°¤¹¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
<indexterm>
- <primary><command>sysctl</command></primary>
+ <primary>&man.sysctl.8;</primary>
</indexterm>
- <para><filename>bpf</filename> ¥Ç¥Ð¥¤¥¹¤ò³°¤·¤Æ¤â¡¢
- <filename>/dev/mem</filename> ¤È
- <filename>/dev/kmem</filename>
- ¤È¤¤¤¦Çº¤ß¤Î¼ï¤¬¤Þ¤À»Ä¤Ã¤Æ¤¤¤Þ¤¹¡£¤³¤ÎÌäÂê¤Ë´Ø¤·¤Æ¤Ï¡¢¿¯Æþ¼Ô¤Ï
- raw ¥Ç¥£¥¹¥¯¥Ç¥Ð¥¤¥¹¤Ë½ñ¤¹þ
- ¤à¤³¤È¤â¤Ç¤¤Þ¤¹¡£¤Û¤«¤Ë¤â¡¢¥â¥¸¥å¡¼¥ë¥í¡¼¥À¡¢&man.kldload.8;
- ¤È¤¤¤¦¡¢Ê̤Υ«¡¼¥Í¥ëµ¡Ç½¤¬¤¢¤ê¤Þ¤¹¡£¤ä¤ëµ¤¤Þ¤ó¤Þ¤ó¤Î¿¯Æþ¼Ô¤Ï¡¢KLD
- ¥â¥¸¥å¡¼¥ë¤ò»È¤Ã¤Æ¼«Ê¬Æȼ«¤Î <filename>bpf</filename>
- ¤â¤·¤¯¤Ï¤½¤Î¾ÇÁ¤¸«¥Ç¥Ð¥¤¥¹¤òÆ°ºîÃæ¤Î¥«¡¼¥Í¥ë¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤¤Þ¤¹¡£
- ¤³¤ÎÌäÂê¤òÈò¤±¤ë¤¿¤á¡¢
- ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¥«¡¼¥Í¥ë¤ò¤è¤ê¹â¤¤¥»¥¥å¥¢¥ì¥Ù¥ë¡¢
- ¾¯¤Ê¤¯¤È¤â¥»¥¥å¥¢¥ì¥Ù¥ë 1 ¤Ç¼Â¹Ô¤µ¤»¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+ <para><filename>bpf</filename> ¤ò³°¤·¤Æ¤â¡¢
+ <filename>/dev/mem</filename> ¤ª¤è¤Ó
+ <filename>/dev/kmem</filename> ¤È¤¤¤¦ÌäÂ꤬¤Þ¤À»Ä¤Ã¤Æ¤¤¤Þ¤¹¡£
+ ¿¯Æþ¼Ô¤Ï raw ¥Ç¥£¥¹¥¯¥Ç¥Ð¥¤¥¹¤Ë½ñ¤¹þ¤à¤³¤È¤â¤Ç¤¤Þ¤¹¡£
+ ¤ä¤ëµ¤¤Þ¤ó¤Þ¤ó¤Î¿¯Æþ¼Ô¤Ï¡¢&man.kldload.8;
+ ¤ò»È¤Ã¤Æ¼«Ê¬Æȼ«¤Î <filename>bpf</filename>¡¢
+ ¤â¤·¤¯¤Ï¾¤ÎÇÁ¤¸«¥Ç¥Ð¥¤¥¹¤òÆ°ºîÃæ¤Î¥«¡¼¥Í¥ë¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤¤Þ¤¹¡£
+ ¤³¤ÎÌäÂê¤òÈò¤±¤ë¤¿¤á¡¢¥«¡¼¥Í¥ë¤ò¤è¤ê¹â¤¤¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¡¢
+ ¾¯¤Ê¤¯¤È¤â¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë 1 ¤Ç¼Â¹Ô¤µ¤»¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
- <para>¥«¡¼¥Í¥ë¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤Ï¤¤¤¯¤Ä¤«¤ÎÊýË¡¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£
- ¸½ºßÆ°¤¤¤Æ¤¤¤ë¥«¡¼¥Í¥ë¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤ò¹â¤á¤ëºÇ¤â´Êñ¤ÊÊýË¡¤Ï¡¢
- <command>sysctl</command> ¤ò»È¤Ã¤Æ
- <varname>kern.securelevel</varname>
- ¥«¡¼¥Í¥ëÊÑ¿ô¤òÁàºî¤¹¤ëÊýË¡¤Ç¤¹¡£</para>
+ <para>¥«¡¼¥Í¥ë¤Î¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ï¤¤¤¯¤Ä¤«¤ÎÊýË¡¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£
+ ¸½ºßÆ°¤¤¤Æ¤¤¤ë¥«¡¼¥Í¥ë¤Î¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò¹â¤á¤ëºÇ¤â´Êñ¤ÊÊýË¡¤Ï¡¢
+ <varname>kern.securelevel</varname> ¤òÀßÄꤹ¤ëÊýË¡¤Ç¤¹¡£</para>
<screen>&prompt.root; <userinput>sysctl kern.securelevel=<replaceable>1</replaceable></userinput></screen>
- <para>¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢&os; ¤Î¥«¡¼¥Í¥ë¤Ï¥»¥¥å¥¢¥ì¥Ù¥ë -1 ¤Çµ¯Æ°¤·¤Þ¤¹¡£
+ <para>¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢&os; ¤Î¥«¡¼¥Í¥ë¤Ï¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë
+ -1 ¤Çµ¯Æ°¤·¤Þ¤¹¡£
+ ¤³¤Î¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ï¡¢
+ Êѹ¹ÉԲĤΥե¡¥¤¥ë¥Õ¥é¥°¤ò³°¤·¤¿¤ê¡¢
+ ¤¹¤Ù¤Æ¤Î¥Ç¥Ð¥¤¥¹¤ËÂФ·¤ÆÆɤ߹þ¤ß¤ª¤è¤Ó½ñ¤¹þ¤ß¤¬¤Ç¤¤¿¤ê¤¹¤ë¤Î¤Ç¡¢
+ <quote>insecure mode</quote> ¤È¸Æ¤Ð¤ì¤Þ¤¹¡£
¤³¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤Ï¡¢´ÉÍý¼Ô¤Þ¤¿¤Ï &man.init.8;
¤Ë¤è¤ëµ¯Æ°»þ¤Î¥¹¥¯¥ê¥×¥È¤Ë¤è¤êÊѹ¹¤µ¤ì¤Ê¤¤¸Â¤ê -1 ¤Î¤Þ¤Þ¤Ç¤¹¡£
- <filename>/etc/rc.conf</filename> ¥Õ¥¡¥¤¥ë¤Ç¡¢
- <varname>kern_securelevel_enable</varname> ÊÑ¿ô¤ò
- <literal>YES</literal>¡¢
+ <filename>/etc/rc.conf</filename> ¤Ë¤ª¤¤¤Æ¡¢
+ <varname>kern_securelevel_enable</varname> ¤ò
+ <literal>YES</literal> ¤È¤·¡¢
<varname>kern_securelevel</varname>
- ÊÑ¿ô¤òɬÍפȤ¹¤ëÃͤËÀßÄꤹ¤ë¤³¤È¤Ç¡¢
+ ¤ËɬÍפȤ¹¤ëÃͤòÀßÄꤹ¤ë¤³¤È¤Ç¡¢
¥·¥¹¥Æ¥àµ¯Æ°»þ¤Ë¥»¥¥å¥¢¥ì¥Ù¥ë¤ò¹â¤á¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
- <para>&os;
- ¥·¥¹¥Æ¥à¤Îµ¯Æ°¥¹¥¯¥ê¥×¥È¼Â¹Ôľ¸å¤Î¥Ç¥Õ¥©¥ë¥È¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤Ï
- -1 ¤Ç¤¹¡£
- ¤³¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤Ç¤Ï¡¢
- Êѹ¹ÉԲĤΥե¡¥¤¥ë¥Õ¥é¥°¤ò³°¤·¤¿¤ê¡¢
- ¤¹¤Ù¤Æ¤Î¥Ç¥Ð¥¤¥¹¤ËÂФ·¤ÆÆɤ߹þ¤ß¤ª¤è¤Ó½ñ¤¹þ¤ß¤¬¤Ç¤¤¿¤ê¤¹¤ë¤Î¤Ç¡¢
- <quote>insecure mode</quote> ¤È¸Æ¤Ð¤ì¤Þ¤¹¡£</para>
-
- <para>¥»¥¥å¥¢¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤹ¤ë¤È¡¢
+ <para>¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤹ¤ë¤È¡¢
ÄɲÃÀìÍѤª¤è¤ÓÊѹ¹ÉԲĥե¡¥¤¥ë¤Î¥Õ¥é¥°¤ò³°¤¹¤³¤È¤Ï¤Ç¤¤Ê¤¯¤Ê¤ê¡¢
¤Þ¤¿ raw ¥Ç¥Ð¥¤¥¹¤Ø¤Î¥¢¥¯¥»¥¹¤¬µñÈݤµ¤ì¤Þ¤¹¡£
¤è¤ê¹â¤¤¥ì¥Ù¥ë¤ËÀßÄꤹ¤ë¤È¡¢¤è¤ê¿¤¯¤ÎÁàºî¤ËÀ©¸Â¤¬¤«¤«¤ê¤Þ¤¹¡£
- ³Æ¥»¥¥å¥¢¥ì¥Ù¥ë¤Î´°Á´¤ÊÀâÌÀ¤Ë¤Ä¤¤¤Æ¤Ï¡¢
- &man.security.7; ¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
+ ³Æ¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Î´°Á´¤ÊÀâÌÀ¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+ &man.security.7; ¤ª¤è¤Ó &man.init.8; ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
<note>
- <para>¥»¥¥å¥¢¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤷ¤¿¾ì¹ç¤Ë¤Ï¡¢
- X11 (<filename>/dev/io</filename> ¤Ø¤Î¥¢¥¯¥»¥¹¤¬¥Ö¥í¥Ã¥¯¤µ¤ì¤Þ¤¹)
- ¤ä¥½¡¼¥¹¤«¤é &os; ¤ò¹½ÃÛ¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤È¤
- (installworld ¤Î¥×¥í¥»¥¹¤Ç¤Ï¡¢
- ¤¤¤¯¤Ä¤«¤Î¥Õ¥¡¥¤¥ë¤ÎÄɲÃÀìÍѤª¤è¤ÓÊѹ¹ÉԲĤΥե饰¤Ï°ì»þŪ¤Ë¥ê¥»¥Ã¥È¤µ¤ì¤Þ¤¹)
- ¤Ê¤É¡¢¤½¤ì°Ê³°¤Ë¤âÌäÂ꤬°ú¤µ¯¤³¤µ¤ì¤ë²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£
- X11 ¤ÎÌäÂê¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+ <para>¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤷ¤¿¾ì¹ç¤Ë¤Ï¡¢
+ <filename>/dev/io</filename> ¤Ø¤Î¥¢¥¯¥»¥¹¤¬¥Ö¥í¥Ã¥¯¤µ¤ì¤ë¤¿¤á¡¢
+ <application>&xorg;</application> ¤ä¡¢
+ installworld ¤Î¥×¥í¥»¥¹¤Ç¤Ï¡¢
+ ¤¤¤¯¤Ä¤«¤Î¥Õ¥¡¥¤¥ë¤ÎÄɲÃÀìÍѤª¤è¤ÓÊѹ¹ÉԲĤΥե饰¤Ï°ì»þŪ¤Ë¥ê¥»¥Ã¥È¤µ¤ì¤ë¤¿¤á¡¢
+ ¥½¡¼¥¹¤«¤é &os;
+ ¤ò¹½ÃÛ¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤È¤¤Ê¤É¤ÇÌäÂ꤬°ú¤µ¯¤³¤µ¤ì¤ë²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£
+ <application>&xorg;</application> ¤ÎÌäÂê¤Ë¤Ä¤¤¤Æ¤Ï¡¢
µ¯Æ°¥×¥í¥»¥¹½é´ü¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤¬½½Ê¬Ä㤤¤È¤¤Ë
&man.xdm.1; ¤òµ¯Æ°¤¹¤ë¤³¤È¤Ç¡¢¤³¤ÎÌäÂê¤ËÂбþ¤Ç¤¤Þ¤¹¡£
¤³¤Î¤è¤¦¤Ê±þµÞ½èÃ֤ϡ¢
- ¤¹¤Ù¤Æ¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤ä¤½¤ì¤é¤¬²Ý¤¹ÀøºßŪ¤Ê¤¹¤Ù¤Æ¤ÎÀ©¸Â¤Ë¤ÏÂбþ¤Ç¤¤Ê¤¤¤Ç¤·¤ç¤¦¡£
+ ¤¹¤Ù¤Æ¤Î¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ä¤½¤ì¤é¤¬²Ý¤¹ÀøºßŪ¤Ê¤¹¤Ù¤Æ¤ÎÀ©¸Â¤Ë¤ÏÂбþ¤Ç¤¤Ê¤¤¤Ç¤·¤ç¤¦¡£
¾¯¤·Àè¤ò¸«±Û¤·¤¿·×²èŪ¤ÊÂбþ¤ò¤¹¤Ù¤¤Ç¤¹¡£
³Æ¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ç²Ý¤µ¤ì¤ëÀ©¸Â¤Ï¡¢
¥·¥¹¥Æ¥à¤ò»ÈÍѤ¹¤ë¤³¤È¤Ë¤è¤ëÍøÊØÀ¤òÃø¤·¤¯¸º¤é¤·¤Æ¤·¤Þ¤¦¤¿¤á¡¢
@@ -760,134 +554,122 @@
ÀßÄê¤Ë´Ø¤¹¤ë°Õ³°À¤ò¾¯¤Ê¤¯¤Ç¤¤ë¤Ç¤·¤ç¤¦¡£</para>
</note>
- <para>¥«¡¼¥Í¥ë¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤷ¤¿¾ì¹ç¤Ë¤Ï¡¢
+ <para>¥«¡¼¥Í¥ë¤Î¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤷ¤¿¾ì¹ç¤Ë¤Ï¡¢
¥·¥¹¥Æ¥àµ¯Æ°¤Ë´Ø¤ï¤ë½ÅÍפʥХ¤¥Ê¥ê¤ä¥Ç¥£¥ì¥¯¥È¥ê¡¢
- ¥¹¥¯¥ê¥×¥È¥Õ¥¡¥¤¥ë (¤¹¤Ê¤ï¤Á¡¢
- ¥»¥¥å¥¢¥ì¥Ù¥ë¤¬ÀßÄꤵ¤ì¤ë¤Þ¤Ç¤Î´Ö¤Ë¼Â¹Ô¤µ¤ì¤ë¤¹¤Ù¤Æ¤Î¤â¤Î¤ËÂФ·¤Æ)¡¢
+ ¥¹¥¯¥ê¥×¥È¥Õ¥¡¥¤¥ë¡¢¤½¤·¤Æ¡¢
+ ¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤¬ÀßÄꤵ¤ì¤ë¤Þ¤Ç¤Î´Ö¤Ë¼Â¹Ô¤µ¤ì¤ë¤¹¤Ù¤Æ¤Î¤â¤Î¤ËÂФ·¤Æ¡¢
<literal>schg</literal> ¥Õ¥é¥°¤òÀßÄꤹ¤ë¤³¤È¤ÏÍÍѤǤ·¤ç¤¦¡£
- ¤³¤ÎÀßÄê¤ò¤ä¤ê²á¤®¤Æ¤â¹½¤¤¤Þ¤»¤ó¤¬¡¢
- ¤è¤ê¹â¤¤¥»¥¥å¥¢¥ì¥Ù¥ë¤ÇÆ°ºî¤·¤Æ¤¤¤ë¾ì¹ç¡¢
- ¥·¥¹¥Æ¥à¤Î¥¢¥Ã¥×¥°¥ì¡¼¥É¤¬¤Ï¤ë¤«¤Ëº¤Æñ¤Ë¤Ê¤ê¤Þ¤¹¡£
- ¥·¥¹¥Æ¥à¤ò¤è¤ê¹â¤¤°ÂÁ´¥ì¥Ù¥ë¤Ç¼Â¹Ô¤µ¤»¤ë¤è¤¦¤Ë¤¹¤ë¤¬¡¢
- ¤¹¤Ù¤Æ¤Î¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë¤È¥Ç¥£¥ì¥¯¥È¥ê¤Ë <literal>schg</literal>
+ ¥·¥¹¥Æ¥à¤ò¤è¤ê¹â¤¤¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ç¼Â¹Ô¤µ¤»¤ë¤è¤¦¤Ë¤¹¤ë¤¬¡¢
+ <literal>schg</literal>
¥Õ¥é¥°¤òÀßÄꤷ¤Ê¤¤¤È¤¤¤¦¤È¤³¤í¤ÇÂŶ¨¤¹¤ë¤È¤¤¤¦¼ê¤â¤¢¤ê¤Þ¤¹¡£
¤â¤¦°ì¤Ä¤Î²ÄǽÀ¤È¤·¤Æ¤Ï¡¢Ã±½ã¤Ë
<filename class="directory">/</filename> ¤ª¤è¤Ó <filename
class="directory">/usr</filename>
¤òÆɤ߹þ¤ßÀìÍѤǥޥ¦¥ó¥È¤¹¤ë¤³¤È¤Ç¤¹¡£
¤³¤³¤ÇÆÃÉ®¤¹¤Ù¤¤³¤È¤Ï¡¢¥·¥¹¥Æ¥à¤ò¼é¤í¤¦¤È¤·¤Æ¸·¤·¤¯¤·¤¹¤®¤ë¤È¡¢
- ¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤È¤¤¤¦Èó¾ï¤Ë½ÅÍפʤ³¤È¤¬¤Ç¤¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¦¤È¤¤¤¦¤³¤È¤Ç¤¹¡£</para>
+ ¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤³¤È¤¬¤Ç¤¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¦¤È¤¤¤¦¤³¤È¤Ç¤¹¡£</para>
</sect2>
<sect2 xml:id="security-integrity">
- <title>¥Õ¥¡¥¤¥ë¤Î´°Á´À¤Î¥Á¥§¥Ã¥¯: ¥Ð¥¤¥Ê¥ê¡¢
- ÀßÄê¥Õ¥¡¥¤¥ë¤Ê¤É</title>
+ <title>¥Õ¥¡¥¤¥ë¤Î´°Á´À¤Î¥Á¥§¥Ã¥¯</title>
- <para>¤³¤È¤³¤ÎÌäÂê¤Ë»ê¤ë¤È¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ë¤Ç¤¤ë¤³¤È¤Ï¡¢
+ <para>¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ë¤Ç¤¤ë¤³¤È¤Ï¡¢
ÊØÍø¤µ¤È¤¤¤¦Í×ÁǤ¬¤½¤Î½¹¤¤Æ¬¤ò¾å¤²¤Ê¤¤ÄøÅ٤ˡ¢
¥³¥¢¥·¥¹¥Æ¥à¤ÎÀßÄê¤ÈÀ©¸æ¥Õ¥¡¥¤¥ë¤òËɸ椹¤ë¤³¤È¤À¤±¤Ç¤¹¡£
¤¿¤È¤¨¤Ð¡¢<filename
class="directory">/</filename> ¤ª¤è¤Ó <filename
class="directory">/usr</filename>
¤Ë¤¢¤ëÂçÉôʬ¤Î¥Õ¥¡¥¤¥ë¤Ë <literal>schg</literal>
- ¥Ó¥Ã¥È¤òÀßÄꤹ¤ë¤¿¤á¤Ë <command>chflags</command>
+ ¥Ó¥Ã¥È¤òÀßÄꤹ¤ë¤¿¤á¤Ë &man.chflags.1;
¤ò»ÈÍѤ¹¤ë¤Î¤Ï¡¢¤ª¤½¤é¤¯µÕ¸ú²Ì¤Ç¤·¤ç¤¦¡£
¤Ê¤¼¤Ê¤é¡¢¤½¤¦¤¹¤ë¤³¤È¤Ç¥Õ¥¡¥¤¥ë¤ÏÊݸî¤Ç¤¤Þ¤¹¤¬¡¢
¿¯Æþ¤ò¸¡½Ð¤¹¤ëÁë¤òÊĤ¶¤·¤Æ¤·¤Þ¤¦¤³¤È¤Ë¤â¤Ê¤ë¤«¤é¤Ç¤¹¡£
- ¥»¥¥å¥ê¥Æ¥£¤Î¥¿¥Þ¥Í¥®¤ÎºÇ¸å¤ÎÁؤϤª¤½¤é¤¯ºÇ¤â½ÅÍפʤâ¤Î
- — ¸¡½Ð¤Ç¤¹¡£
- ¥»¥¥å¥ê¥Æ¥£¤Î»Ä¤ê¤Î¤â¤Î¤Ï¡¢ÆÍÁ³¤Î¿¯Æþ¤ò¸¡½Ð¤Ç¤¤Ê¤±¤ì¤Ð¡¢
- ¤Þ¤Ã¤¿¤¯ÍÍѤǤϤ¢¤ê¤Þ¤»¤ó
- (¤¢¤ë¤¤¤Ï¡¢¤â¤Ã¤È°¤±¤ì¤Ð¡¢
- °ÂÁ´À¤ËÂФ¹¤ë´Ö°ã¤Ã¤¿´¶³Ð¤ò¿¢¤¨ÉÕ¤±¤Æ¤·¤Þ¤¤¤Þ¤¹)¡£
- ¥¿¥Þ¥Í¥®¤Î»Å»ö¤ÎȾʬ¤Ï¡¢
+ ¥»¥¥å¥ê¥Æ¥£Âкö¤Ï¡¢
+ ¿¯Æþ¤Î²ÄǽÀ¤ò¸¡½Ð¤Ç¤¤Ê¤±¤ì¤Ð¡¢ÍÍѤǤϤʤ¯¡¢
+ ¤â¤Ã¤È°¤±¤ì¤Ð¡¢°ÂÁ´À¤ËÂФ¹¤ë´Ö°ã¤Ã¤¿´¶³Ð¤ò¿¢¤¨ÉÕ¤±¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
+ ¥»¥¥å¥ê¥Æ¥£¤ËÂФ¹¤ë»Å»ö¤ÎȾʬ¤Ï¡¢
¹¶·â¼Ô¤ò¹¶·â¤ÎºÇÃæ¤ËÊᤨ¤ë¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¡¢
¹¶·â¼Ô¤ò¿©¤¤»ß¤á¤ë¤Î¤Ç¤Ï¤Ê¤¯¿¯Æþ¤òÃ٤餻¤ë¤³¤È¤Ê¤Î¤Ç¤¹¡£</para>
<para>¿¯Æþ¤ò¸¡½Ð¤¹¤ëºÇ¤âÎɤ¤ÊýË¡¤Ï¡¢Êѹ¹¤µ¤ì¤Æ¤¤¤¿¤ê¡¢
¾Ã¤¨¤Æ¤¤¤¿¤ê¡¢Æþ¤ì¤¿³Ð¤¨¤¬¤Ê¤¤¤Î¤ËÆþ¤Ã¤Æ¤¤¤ë¥Õ¥¡¥¤¥ë¤òõ¤¹¤³¤È¤Ç¤¹¡£
Êѹ¹¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤òõ¤¹¤Î¤ËºÇ¤âÎɤ¤ÊýË¡¤Ï¡¢¤â¤¦°ì¤Ä¤Î
- (¤·¤Ð¤·¤ÐÃæ±û¤Ë½¸¤á¤é¤ì¤¿)¡¢
+ ¤·¤Ð¤·¤ÐÃæ±û¤Ë½¸¤á¤é¤ì¤¿¡¢
¥¢¥¯¥»¥¹¤¬À©¸Â¤µ¤ì¤¿¥·¥¹¥Æ¥à¤«¤é¹Ô¤Ê¤¦¤â¤Î¤Ç¤¹¡£
¤µ¤é¤Ë°ÂÁ´¤Ç¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥·¥¹¥Æ¥à¾å¤Ç¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤ò½ñ¤±¤Ð¡¢
¥¹¥¯¥ê¥×¥È¤ÏÀøºßŪ¤Ê¹¶·â¼Ô¤«¤é¤Ï¤Û¤Ü¸«¤¨¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
- ¤³¤ì¤Ï½ÅÍפʤ³¤È¤Ç¤¹¡£
- ¤³¤Î͸úÀ¤òºÇÂç¸Â¤Ë³èÍѤ¹¤ë¤¿¤á¤Ë¤Ï¡¢°ìÈÌŪ¤Ë¡¢
- ¥¢¥¯¥»¥¹¤ÎÀ©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤«¤é¼ÂºÝ¤Ë»È¤Ã¤Æ¤¤¤ë¾¤Î¥Þ¥·¥ó¤Ø¤Î¤«¤Ê¤ê¤Î¥¢¥¯¥»¥¹¤òµö²Ä¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- ÉáÄ̤ϡ¢Â¾¤Î¥Þ¥·¥ó¤«¤é¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤ØÆɤ߹þ¤ßÀìÍѤÎ
- NFS ¥¨¥¯¥¹¥Ý¡¼¥È¤ò¤·¤¿¤ê¡¢¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤«¤é¾¤Î¥Þ¥·¥ó¤Ø
- ssh Àܳ¤ò¹Ô¤Ê¤¦¤¿¤á¤Ë¡¢
- ssh ¸°¤Î¥Ú¥¢¤òºî¤Ã¤¿¤ê¤¹¤ë¤³¤È¤Ç¹Ô¤¤¤Þ¤¹¡£
+ ¤³¤Î͸úÀ¤òºÇÂç¸Â¤Ë³èÍѤ¹¤ë¤¿¤á¤Ë¤Ï¡¢
+ ¥¢¥¯¥»¥¹¤ÎÀ©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤«¤é¾¤Î¥Þ¥·¥ó¤Ø¤Î¤«¤Ê¤ê¤Î¥¢¥¯¥»¥¹¤òµö²Ä¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ÉáÄ̤ϡ¢Æɤ߹þ¤ßÀìÍѤΠ<acronym>NFS</acronym> ¥¨¥¯¥¹¥Ý¡¼¥È¤ò¤·¤¿¤ê¡¢
+ &man.ssh.1; ¸°¤Î¥Ú¥¢¤òÀßÄꤷ¤¿¤ê¤·¤Þ¤¹¡£
¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥È¥é¥Õ¥£¥Ã¥¯¤òÊ̤ˤ·¤Æ¡¢
- NFS ¤ÏºÇ¤â²Ä»ëÀ¤Î¤Ê¤¤ÊýË¡¤Ç¤¹ —
- ³Æ¥¯¥é¥¤¥¢¥ó¥È¾å¤Î¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤ò¡¢
+ <acronym>NFS</acronym> ¤ÏºÇ¤â²Ä»ëÀ¤Î¤Ê¤¤ÊýË¡¤Ç¤¹¡£
+ ´ÉÍý¼Ô¤Ï¡¢³Æ¥¯¥é¥¤¥¢¥ó¥È¾å¤Î¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤ò¡¢
»ö¼Â¾å¸¡½Ð¤µ¤ì¤º¤Ë´Æ»ë¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥µ¡¼¥Ð¤¬¥¹¥¤¥Ã¥Á¤òÄ̤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ËÀܳ¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢
- ¤¿¤¤¤Æ¤¤ NFS ¤¬¤è¤êÎɤ¤ÁªÂò»è¤Ç¤¹¡£
- ¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥µ¡¼¥Ð¤¬¥Ï¥Ö¤ä¡¢
+ ¤¿¤¤¤Æ¤¤ <acronym>NFS</acronym> ¤¬¤è¤êÎɤ¤ÁªÂò»è¤Ç¤¹¡£
+ ¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥µ¡¼¥Ð¤¬¡¢
¤¤¤¯¤Ä¤«¤Î¥ë¡¼¥Æ¥£¥ó¥°ÁؤòÄ̤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ËÀܳ¤·¤Æ¤¤¤ë¾ì¹ç¡¢
- NFS ¤Ï (¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÌ̤Ç) ¤¢¤Þ¤ê¤Ë¤â´í¸±¤Ê¤Î¤Ç¡¢
- ssh ¤ÎÊý¤¬Ç§¾Ú¤ò¹Ô¤Ã¤¿ÀפϻĤê¤Þ¤¹¤¬¡¢Îɤ¤ÊýË¡¤Ç¤·¤ç¤¦¡£</para>
+ <acronym>NFS</acronym> ¤Ï¤¢¤Þ¤ê¤Ë¤â´í¸±¤Ê¤Î¤Ç¡¢
+ &man.ssh.1; ¤ÎÊý¤¬Îɤ¤ÊýË¡¤Ç¤·¤ç¤¦¡£</para>
<para>¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤Ë¡¢
´Æ»ë¤·¤è¤¦¤È¤¹¤ë¥¯¥é¥¤¥¢¥ó¥È¥·¥¹¥Æ¥à¤Ø¤Î¾¯¤Ê¤¯¤È¤âÆɤ߹þ¤ß¤Î¥¢¥¯¥»¥¹¸¢¤òÍ¿¤¨¤¿¤é¡¢
- ¼¡¤Ë¼ÂºÝ¤Ë´Æ»ë¤¹¤ë¤¿¤á¤Î¥¹¥¯¥ê¥×¥È¤ò½ñ¤«¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
- NFS ¥Þ¥¦¥ó¥È¤ò¤¹¤ì¤Ð¡¢&man.find.1; ¤ä &man.md5.1;
+ ¼¡¤Ë´Æ»ë¤¹¤ë¤¿¤á¤Î¥¹¥¯¥ê¥×¥È¤ò½ñ¤«¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
+ <acronym>NFS</acronym> ¥Þ¥¦¥ó¥È¤ò¤¹¤ì¤Ð¡¢&man.find.1; ¤ä &man.md5.1;
¤Ê¤É¤Îñ½ã¤Ê¥·¥¹¥Æ¥à¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ç¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
- ¾¯¤Ê¤¯¤È¤â 1 Æü 1 ²ó¡¢¥¯¥é¥¤¥¢¥ó¥È¤Î¥Õ¥¡¥¤¥ë¤òľÀÜ md5 ¤Ë¤«¤±¡¢
+ ¾¯¤Ê¤¯¤È¤â 1 Æü 1 ²ó¡¢¥¯¥é¥¤¥¢¥ó¥È¤Î¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë¤òľÀÜ
+ &man.md5.1; ¤Ë¤«¤±¡¢
¤µ¤é¤Ë¤â¤Ã¤ÈÉÑÈË¤Ë <filename
class="directory">/etc</filename> ¤ª¤è¤Ó <filename
class="directory">/usr/local/etc</filename>
¤Ë¤¢¤ë¤è¤¦¤Ê¥³¥ó¥È¥í¡¼¥ëÍÑ¥Õ¥¡¥¤¥ë¤ò»î¸³¤¹¤ë¤Î¤¬°ìÈ֤Ǥ¹¡£
¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤¬Àµ¤·¤¤¤ÈÃΤäƤ¤¤ë¡¢
´ð¤È¤Ê¤ë md5 ¾ðÊó¤ÈÈæ¤Ù¤Æ°ã¤¤¤¬¸«¤Ä¤«¤Ã¤¿¾ì¹ç¡¢
- ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ËÄ´¤Ù¤ÆÍߤ·¤¤¤ÈÈáÌĤò¾å¤²¤ë¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£
+ ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ë·Ù¹ð¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£
Í¥¤ì¤¿¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢<filename
class="directory">/</filename> ¤ª¤è¤Ó <filename
class="directory">/usr</filename>
¤Ê¤É¤Î¥·¥¹¥Æ¥à¥Ñ¡¼¥Æ¥£¥·¥ç¥ó¾å¤ÇÉÔŬÅö¤Ë
- suid ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤ä¡¢
+ SUID ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤ä¡¢
¿·¤¿¤ËºîÀ®¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤äºï½ü¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤¬¤Ê¤¤¤«¤É¤¦¤«¤òÄ´¤Ù¤ë¤Ç¤·¤ç¤¦¡£</para>
- <para>NFS ¤Ç¤Ï¤Ê¤¯¡¢ssh ¤ò»ÈÍѤ¹¤ë¾ì¹ç¤Ï¡¢
- ¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤Î¤Ï¤º¤Ã¤ÈÆñ¤·¤¤¤³¤È¤Ç¤¹¡£
- ¥¹¥¯¥ê¥×¥È¤òÆ°¤«¤¹¤¿¤á¤Ë¤Ï¡¢¥¯¥é¥¤¥¢¥ó¥È¤ËÂФ·¤Æ¥¹¥¯¥ê¥×¥È¤ò
- <command>scp</command> ¤·¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¤·¡¢
- ¤½¤ì¤ÏÌܤ˸«¤¨¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
- ¤½¤·¤Æ¡¢°ÂÁ´¤Î¤¿¤á¤Ë¤Ï¡¢¥¹¥¯¥ê¥×¥È¤¬»È¤¦¥Ð¥¤¥Ê¥ê (find ¤Ê¤É) ¤ò
- <command>scp</command> ¤¹¤ëɬÍפ⤢¤ê¤Þ¤¹¡£
- ¥¯¥é¥¤¥¢¥ó¥È¥Þ¥·¥ó¤Î <application>ssh</application>
+ <para><acronym>NFS</acronym> ¤Ç¤Ï¤Ê¤¯¡¢&man.ssh.1; ¤ò»ÈÍѤ¹¤ë¾ì¹ç¤Ï¡¢
+ ¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤Î¤Ï¤è¤êÆñ¤·¤¤¤³¤È¤Ç¤¹¡£
+ ¤¿¤È¤¨¤Ð¡¢¥¹¥¯¥ê¥×¥È¤òÆ°¤«¤¹¤¿¤á¤Ë¤Ï¡¢¥¯¥é¥¤¥¢¥ó¥È¤ËÂФ·¤Æ¥¹¥¯¥ê¥×¥È¤ò
+ &man.scp.1; ¤·¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¤·¡¢
+ ¥¯¥é¥¤¥¢¥ó¥È¥Þ¥·¥ó¤Î &man.ssh.1;
¥¯¥é¥¤¥¢¥ó¥È¤Ï¤¹¤Ç¤Ë¹¶·â¤µ¤ì¤Æ¤·¤Þ¤Ã¤Æ¤¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
- ·ë¶É¤Î¤È¤³¤í¡¢°ÂÁ´¤Ç¤Ê¤¤¥ê¥ó¥¯¾å¤Î¾ì¹ç¤Ï
- ssh ¤ÏɬÍפ«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢ssh
- ¤ò°·¤¦¤Î¤Ï¤È¤Æ¤âÂçÊѤʤ³¤È¤Ç¤¹¡£</para>
+ °ÂÁ´¤Ç¤Ê¤¤¥ê¥ó¥¯¾å¤Î¾ì¹ç¤Ï
+ &man.ssh.1; ¤ÏɬÍפ«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢
+ °·¤¤¤Ï¤È¤Æ¤âÂçÊѤˤʤê¤Þ¤¹¡£</para>
<para>Í¥¤ì¤¿¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢
- ¥æ¡¼¥¶¤ä¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î¥¢¥¯¥»¥¹ÀßÄê¥Õ¥¡¥¤¥ë¤ÎÊѹ¹¤â¥Á¥§¥Ã¥¯¤¹¤ë¤â¤Î¤Ç¤¹¡£
- <filename>.rhosts</filename>, <filename>.shosts</filename>,
- <filename>.ssh/authorized_keys</filename> ¤Ê¤É <literal>MD5</literal>
+ <filename>.rhosts</filename>,
+ <filename>.ssh/authorized_keys</filename>
+ ¤Ê¤É¤Î±£¤·ÀßÄê¥Õ¥¡¥¤¥ë¤ÎÊѹ¹¤â¥Á¥§¥Ã¥¯¤¹¤ë¤â¤Î¤Ç¤¹¡£
+ ¤³¤ì¤é¤Ï <literal>MD5</literal>
¥Á¥§¥Ã¥¯¤ÎÈϰϳ°¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¦¤Ç¤¢¤í¤¦¥Õ¥¡¥¤¥ë·²¤Ç¤¹¡£</para>
- <para>¥æ¡¼¥¶ÍѤΥǥ£¥¹¥¯ÍÆÎ̤¬Èó¾ï¤ËÂ礤¤¾ì¹ç¤Ï¡¢¥Ñ¡¼¥Æ¥£¥·¥ç¥ó
- ¾å¤Î³Æ¥Õ¥¡¥¤¥ë¤ò¸«¤Æ²ó¤ë¤Î¤ËÂçÊѤʻþ´Ö¤¬¤«¤«¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
- ¤³¤Î¾ì¹ç¤Ï¡¢¥Þ¥¦¥ó¥È¥Õ¥é¥°¤òÀßÄꤷ¤Æ¡¢
- suid ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤òÃÖ¤±¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Î¤¬Îɤ¤¹Í¤¨¤Ç¤¹¡£
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-all
mailing list