document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-03-21 02:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'LCTT/master'

Browse Source
This commit is contained in:
Xingyu Wang 2020-01-03 00:10:37 +08:00
commit c3b5504df1
6 changed files with 318 additions and 335 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
translated/news/20191226 Darktable 3 Released With GUI Rework and New Features.md → published/20191226 Darktable 3 Released With GUI Rework and New Features.md
View File

@ -1,20 +1,20 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-11741-1.html)
[#]: subject: (Darktable 3 Released With GUI Rework and New Features)
[#]: via: (https://itsfoss.com/darktable-3-release/)
[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
Darktable 3 发布,带来重做的 GUI 及新的功能
Darktable 3 发布,带来重新打造的 UI 及新的功能
======
这是给摄影爱好者的圣诞节礼物。Darktable 3.0 刚刚发布了。
> 这是给摄影爱好者的圣诞节礼物。Darktable 3.0 刚刚发布了。
[Darktable][1] 是[在 Linux 上编辑 RAW 图像的最佳应用之一] [2]。你可以将其视为 [Adobe Lightroom 的免费开源替代品][3]。
[Darktable][1] 是[在 Linux 上编辑 RAW 图像的最佳应用之一][2]。你可以将其视为 [Adobe Lightroom 的自由开源替代品][3]。
Darktable 3 是一个主版本更新,它有许多功能改进和对用户界面的重做。现在GUI 完全由 GTK+ CSS 规则控制,这使得整个 GUI 都可定制主题。默认有八个主题。
Darktable 3 是一个主版本更新,它带来了大量的功能改进和重新打造的用户界面。现在GUI 完全由 GTK+ CSS 规则所控制,这使得整个 GUI 都可定制主题。默认有八个主题。
借助 3000 多个提交和 553 个拉取请求,新版本修复了 66 个 bug 并添加了许多新功能。
@ -26,19 +26,18 @@ Darktable 3 是一个主版本更新,它有许多功能改进和对用户界
以下是重要的新功能:
*重做的 UI
  * 用于处理 3D RGB Lut 变换的新模块
  * 对“降噪(轮廓化)”模块进行了许多改进
  * 添加了新的“剔除”模式和时间轴视图
  * 对“降噪(轮廓化)”模块进行了许多改进
  * 新色调均衡器的基本和电影 RGB 模块
  * 更好的 4K/5K 显示支持
  * 撤消/重做支持更多操作
  * 针对 CPU 和 SSE 路径的许多代码优化
  * 支持导出到 Google 相册
  * 更多的相机支持,白平衡预设和噪点配置
  * 大量的 bug 修复和功能改进
* 重新打造的 UI
* 用于处理 3D RGB Lut 变换的新模块
* 对“降噪(轮廓化)”模块进行了许多改进
* 添加了新的“剔除”模式和时间轴视图
* 对“降噪(轮廓化)”模块进行了许多改进
* 新色调均衡器的基本和电影 RGB 模块
* 更好的 4K/5K 显示支持
* 撤消/重做支持更多操作
* 针对 CPU 和 SSE 路径的许多代码优化
* 支持导出到 Google 相册
* 支持更多的相机,白平衡预设和噪点配置
* 大量的 bug 修复和功能改进
你可以在 [GitHub 发行说明][5]中了解所有更改。
@ -48,9 +47,9 @@ Darktable 3 是一个主版本更新,它有许多功能改进和对用户界
#### 在基于 Ubuntu 的发行版上安装 Darktable 3.0
Ubuntu 仓库中有 Darktable但你不能得到最新的版本。对于 LTS 版本,它的更新可能需要几个月的时间。
Ubuntu 仓库中有 Darktable但你不能得到马上最新的版本。对于 LTS 版本,它的更新可能需要几个月的时间。
不用担心Darktable 提供了[自己的 PPA][6]来在基于 Ubuntu 的发行版上安装最新版本。
不用担心Darktable 提供了[自己的 PPA][6] 来在基于 Ubuntu 的发行版上安装最新版本。
不幸的是,此 Darktable PPA 尚未随新版本更新。
@ -84,7 +83,7 @@ sudo add-apt-repository -r ppa:ubuntuhandbook1/darktable
你也可以从 GitHub 发布页面(位于页面底部)下载 tarball 或所有源代码。
[Download Darktable 3.0][5]
- [下载 Darktable 3.0][5]
使用 Darktable 3你可以更好地编辑自己的假期照片
@ -95,7 +94,7 @@ via: https://itsfoss.com/darktable-3-release/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

218
sources/tech/20191017 Intro to the Linux useradd command.md
View File

@ -1,218 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (lxbwolf)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Intro to the Linux useradd command)
[#]: via: (https://opensource.com/article/19/10/linux-useradd-command)
[#]: author: (Alan Formy-Duval https://opensource.com/users/alanfdoss)
Intro to the Linux useradd command
======
Add users (and customize their accounts as needed) with the useradd
command.
![people in different locations who are part of the same team][1]
Adding a user is one of the most fundamental exercises on any computer system; this article focuses on how to do it on a Linux system.
Before getting started, I want to mention three fundamentals to keep in mind. First, like with most operating systems, Linux users need an account to be able to log in. This article specifically covers local accounts, not network accounts such as LDAP. Second, accounts have both a name (called a username) and a number (called a user ID). Third, users are typically placed into a group. Groups also have a name and group ID.
As you'd expect, Linux includes a command-line utility for adding users; it's called **useradd**. You may also find the command **adduser**. Many distributions have added this symbolic link to the **useradd** command as a matter of convenience.
```
$ file `which adduser`
/usr/sbin/adduser: symbolic link to useradd
```
Let's take a look at **useradd**.
> Note: The defaults described in this article reflect those in Red Hat Enterprise Linux 8.0. You may find subtle differences in these files and certain defaults on other Linux distributions or other Unix operating systems such as FreeBSD or Solaris.
### Default behavior
The basic usage of **useradd** is quite simple: A user can be added just by providing their username.
```
`$ sudo useradd sonny`
```
In this example, the **useradd** command creates an account called _sonny_. A group with the same name is also created, and _sonny_ is placed in it to be used as the primary group. There are other parameters, such as language and shell, that are applied according to defaults and values set in the configuration files **/etc/default/useradd** and **/etc/login.defs**. This is generally sufficient for a single, personal system or a small, one-server business environment.
While the two files above govern the behavior of **useradd**, user information is stored in other files found in the **/etc** directory, which I will refer to throughout this article.
File | Description | Fields (bold—set by useradd)
---|---|---
passwd | Stores user account details | **username**:unused:**uid**:**gid**:**comment**:**homedir**:**shell**
shadow | Stores user account security details | **username**:password:lastchange:minimum:maximum:warn:**inactive**:**expire**:unused
group | Stores group details | **groupname**:unused:**gid**:**members**
### Customizable behavior
The command line allows customization for times when an administrator needs finer control, such as to specify a user's ID number.
#### User and group ID numbers
By default, **useradd** tries to use the same number for the user ID (UID) and primary group ID (GID), but there are no guarantees. Although it's not necessary for the UID and GID to match, it's easier for administrators to manage them when they do.
I have just the scenario to explain. Suppose I add another account, this time for Timmy. Comparing the two users, _sonny_ and _timmy_, shows that both users and their respective primary groups were created by using the **getent** command.
```
$ getent passwd sonny timmy
sonny❌1001:1002:Sonny:/home/sonny:/bin/bash
timmy❌1002:1003::/home/timmy:/bin/bash
$ getent group sonny timmy
sonny❌1002:
timmy❌1003:
```
Unfortunately, neither users' UID nor primary GID match. This is because the default behavior is to assign the next available UID to the user and then attempt to assign the same number to the primary group. However, if that number is already used, the next available GID is assigned to the group. To explain what happened, I hypothesize that a group with GID 1001 already exists and enter a command to confirm.
```
$ getent group 1001
book❌1001:alan
```
The group _book_ with the ID _1001_ has caused the GIDs to be off by one. This is an example where a system administrator would need to take more control of the user-creation process. To resolve this issue, I must first determine the next available user and group ID that will match. The commands **getent group** and **getent passwd** will be helpful in determining the next available number. This number can be passed with the **-u** argument.
```
$ sudo useradd -u 1004 bobby
$ getent passwd bobby; getent group bobby
bobby❌1004:1004::/home/bobby:/bin/bash
bobby❌1004:
```
Another good reason to specify the ID is for users that will be accessing files on a remote system using the Network File System (NFS). NFS is easier to administer when all client and server systems have the same ID configured for a given user. I cover this in a bit more detail in my article on [using autofs to mount NFS shares][2].
### More customization
Very often though, other account parameters need to be specified for a user. Here are brief examples of the most common customizations you may need to use.
#### Comment
The comment option is a plain-text field for providing a short description or other information using the **-c** argument.
```
$ sudo useradd -c "Bailey is cool" bailey
$ getent passwd bailey
bailey❌1011:1011:Bailey is cool:/home/bailey:/bin/bash
```
#### Groups
A user can be assigned one primary group and multiple secondary groups. The **-g** argument specifies the name or GID of the primary group. If it's not specified, **useradd** creates a primary group with the user's same name (as demonstrated above). The **-G** (uppercase) argument is used to pass a comma-separated list of groups that the user will be placed into; these are known as secondary groups.
```
$ sudo useradd -G tgroup,fgroup,libvirt milly
$ id milly
uid=1012(milly) gid=1012(milly) groups=1012(milly),981(libvirt),4000(fgroup),3000(tgroup)
```
#### Home directory
The default behavior of **useradd** is to create the user's home directory in **/home**. However, different aspects of the home directory can be overridden with the following arguments. The **-b** sets another directory where user homes can be placed. For example, **/home2** instead of the default **/home**.
```
$ sudo useradd -b /home2 vicky
$ getent passwd vicky
vicky❌1013:1013::/home2/vicky:/bin/bash
```
The **-d** lets you specify a home directory with a different name from the user.
```
$ sudo useradd -d /home/ben jerry
$ getent passwd jerry
jerry❌1014:1014::/home/ben:/bin/bash
```
#### The skeleton directory
The **-k** instructs the new user's new home directory to be populated with any files in the **/etc/skel** directory. These are usually shell configuration files, but they can be anything that a system administrator would like to make available to all new users.
#### Shell
The **-s** argument can be used to specify the shell. The default is used if nothing else is specified. For example, in the following, shell **bash** is defined in the default configuration file, but Wally has requested **zsh**.
```
$ grep SHELL /etc/default/useradd
SHELL=/bin/bash
$ sudo useradd -s /usr/bin/zsh wally
$ getent passwd wally
wally❌1004:1004::/home/wally:/usr/bin/zsh
```
#### Security
Security is an essential part of user management, so there are several options available with the **useradd** command. A user account can be given an expiration date, in the form YYYY-MM-DD, using the **-e** argument.
```
$ sudo useradd -e 20191231 sammy
$ sudo getent shadow sammy
sammy:!!:18171:0:99999:7::20191231:
```
An account can also be disabled automatically if the password expires. The **-f** argument will set the number of days after the password expires before the account is disabled. Zero is immediate.
```
$ sudo useradd -f 30 willy
$ sudo getent shadow willy
willy:!!:18171:0:99999:7:30::
```
### A real-world example
In practice, several of these arguments may be used when creating a new user account. For example, if I need to create an account for Perry, I might use the following command:
```
$ sudo useradd -u 1020 -c "Perry Example" \
-G tgroup -b /home2 \
-s /usr/bin/zsh \
-e 20201201 -f 5 perry
```
Refer to the sections above to understand each option. Verify the results with:
```
$ getent passwd perry; getent group perry; getent shadow perry; id perry
perry❌1020:1020:Perry Example:/home2/perry:/usr/bin/zsh
perry❌1020:
perry:!!:18171:0:99999:7:5:20201201:
uid=1020(perry) gid=1020(perry) groups=1020(perry),3000(tgroup)
```
### Some final advice
The **useradd** command is a "must-know" for any Unix (not just Linux) administrator. It is important to understand all of its options since user creation is something that you want to get right the first time. This means having a well-thought-out naming convention that includes a dedicated UID/GID range reserved for your users across your enterprise, not just on a single system—particularly when you're working in a growing organization.
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/10/linux-useradd-command
作者:[Alan Formy-Duval][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/alanfdoss
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/connection_people_team_collaboration.png?itok=0_vQT8xV (people in different locations who are part of the same team)
[2]: https://opensource.com/article/18/6/using-autofs-mount-nfs-shares

92
sources/tech/20191230 10 articles to enhance your security aptitude.md
View File

@ -1,92 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (nacyro)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (10 articles to enhance your security aptitude)
[#]: via: (https://opensource.com/article/19/12/security-resources)
[#]: author: (Ben Cotton https://opensource.com/users/bcotton)
10 articles to enhance your security aptitude
======
Whether you're learning the first steps or looking to add to your
skills, there's something for you in Opensource.com's top 10 security
articles of 2019.
![A secure lock.][1]
If security is a process (and it is), then it stands to reason that different projects (and contributors) are in different places. Some applications have years of security testing, with design done by people who have worked in information security for decades. Others are brand new projects by developers working on their first open source project. It comes as no surprise that Opensource.com's top security articles of 2019 represent this range of experience. We have articles that introduce basic security practices as well as deep dives into more advanced topics.
Whether you're learning the first steps or looking to add to your skills acquired over a storied career, there's something for you in the top 10 security articles of 2019.
### 7 steps to securing your Linux server
Security is like a house: if the foundation is bad, the rest is at risk. Patrick H. Mullins' excellent _[7 steps to securing your Linux server][2]_ gets you started with basic security steps for Linux servers. Even if you have a lot of experience administering servers, this article provides a good checklist to make sure you have the basics covered. From there, you can begin adding additional layers of security.
### Make Linux stronger with firewalls
One of the seven steps to securing your server is enabling a firewall. But what _is_ a firewall, and how does it work? Seth Kenlon answers these questions and then describes in detail how to configure your firewall for better security in _[Make Linux stronger with firewalls][3]_. Using firewalld and Network Manager, you can set different firewall configurations for different networks. This allows you to have a trusting configuration on your home network, for example, and a more paranoid configuration on your favorite coffee shop's WiFi network.
### Reducing security risks with centralized logging
Once you've secured your system, you're not done: security is a process, not a state. Part of _keeping_ systems secure is keeping an eye on what goes on. One way to do that, especially with multiple systems, is to centralize your logging. In _[Reducing security risks with centralized logging][4]_, Hannah Suarez shares how to get started (she based this article on her lightning talk at FOSDEM '19).
### Using GPG keys for SSH
Most people who use key-based authentication for SSH use SSH keys. And why wouldn't you? It's right there in the name. These are perfectly fine from a security standpoint, but if you want to make some forms of key distribution and backup easier, there's another way. Brian Exelbierd's three-part series walks through _[How to enable SSH access with a GPG subkey][5]_, _[How to import existing SSH keys][6]_, and _[How to reduce your backup needs to a single key file][7]_.
### Graphically manage SSH keys with Seahorse
Using GPG for SSH keys isn't everyone's cup of tea, but that doesn't mean you're out of luck when it comes to key management. Seahorse is a graphical tool for managing SSH keys (and other authentication methods) that is included in the GNOME desktop. Alan Formy-Duval's [_Graphically manage SSH keys with Seahorse_][8], is particularly helpful to the novice user.
### Security scanning your DevOps pipeline
Containers are everywhere these days. But what's in them? Knowing that containers meet your security policies is an important part of staying secure. Fortunately, you can use open source tools to help automate compliance checking. Jessica Cherry's (formly Repka) [_Security scanning your DevOps pipeline_][9] is a step-by-step tutorial that shows you how to use the Jenkins build system and the Anchore inspection service to create a scanning pipeline for container images and registries.
### 4 open source cloud security tools
One of the great things about cloud services is that your data can be accessed from anywhere. One of the downsides to cloud services is that your data can be accessed from anywhere. If you're using "-as-a-Service" offerings, you want to make sure they're securely configured. Anderson Silva, Alison Naylor, Travis McPeak, and Rich Monk join forces to introduce [_4 open source cloud security tools_][10] to help improve security when using GitHub and AWS. If you're looking for accidentally committed secrets—or trying to prevent them from being committed in the first place—this article has tools you can use.
### How to use OpenSSL: hashes, digital signatures, and more
Much of information security is based on math: specifically, the cryptographic functions used to encrypt data and authenticate users or file contents. After providing an introduction in [_Getting started with OpenSSL: Cryptography basics_][11], Marty Kalin digs deeper into the details of _[How to use OpenSSL: Hashes, digital signatures, and more][12]_, explaining how to use the OpenSSL utility to explore these commonly used but uncommonly understood concepts.
### Learn about computer security with the Raspberry Pi and Kali Linux
Cheap hardware and open source software make a great combination, especially for people looking to learn by doing. In this article, Anderson Silva introduces the security-oriented Kali Linux distribution in _[Learn about computer security with the Raspberry Pi and Kali Linux][13]_. It's a short article, but it's full of useful links to documentation and security-related projects that you can use with your own Raspberry Pi.
### Will quantum computing break security?
Has the rest of this article been a waste? Will quantum computing render everything we know about security obsolete? The good news is that the answer is "no," but quantum computing can still have a profound impact on security and the computing world more broadly. In _[Will quantum computing break security?][14]_ Mike Bursell examines its potential impacts—both the good news and the bad. And of course, quantum computing may make it easier to break encryption, but that doesn't matter if the baddies can't get your data in the first place.
### Looking to 2020
Security will always be important, and (as the quantum computing article suggests) the next few years will be an interesting time in the field. In 2020, Opensource.com articles will look at the leading edge of open source security and help explain the basics to the ever-growing open source community. If you have a topic you want us to cover, please share it in the comments, or—better yet— if you have an article in mind, [write for us][15].
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/12/security-resources
作者:[Ben Cotton][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/bcotton
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003601_05_mech_osyearbook2016_security_cc.png?itok=3V07Lpko (A secure lock.)
[2]: https://opensource.com/article/19/10/linux-server-security
[3]: https://opensource.com/article/19/7/make-linux-stronger-firewalls
[4]: https://opensource.com/article/19/2/reducing-security-risks-centralized-logging
[5]: https://opensource.com/article/19/4/gpg-subkeys-ssh
[6]: https://opensource.com/article/19/4/gpg-subkeys-ssh-multiples
[7]: https://opensource.com/article/19/4/gpg-subkeys-ssh-manage
[8]: https://opensource.com/article/19/4/ssh-keys-seahorse
[9]: https://opensource.com/article/19/7/security-scanning-your-devops-pipeline
[10]: https://opensource.com/article/19/9/open-source-cloud-security
[11]: https://opensource.com/article/19/6/cryptography-basics-openssl-part-1
[12]: https://opensource.com/article/19/6/cryptography-basics-openssl-part-2
[13]: https://opensource.com/article/19/3/computer-security-raspberry-pi
[14]: https://opensource.com/article/19/1/will-quantum-computing-break-security
[15]: https://opensource.com/how-submit-article

2
sources/tech/20200101 9 cheat sheets and guides to enhance your tech skills.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (nacyro)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

203
translated/tech/20191017 Intro to the Linux useradd command.md Normal file
View File

@ -0,0 +1,203 @@
[#]: collector: (lujun9972)
[#]: translator: (lxbwolf)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Intro to the Linux useradd command)
[#]: via: (https://opensource.com/article/19/10/linux-useradd-command)
[#]: author: (Alan Formy-Duval https://opensource.com/users/alanfdoss)
Linux useradd 命令介绍
======
使用 useradd 命令来添加用户(并且根据需要修改账号)。
![people in different locations who are part of the same team][1]
任何计算机系统中,添加用户都是最重要的事之一;本文着重介绍如何在 Linux 系统中添加用户。
正式开始之前我先提三个概念。首先跟大多数操作系统一样Linux 用户也需要一个账号才能登录。本文只介绍本地账号,不涉及网络账号,如 LDAP。其次每个账号都有一个名字username和一个对应的数字用户 ID。最后每个用户通常都在一个组内每个组都有一个名字和一个组 ID。
你可能已经想到了Linux 提供了添加用户的命令行工具,就是 `useradd` 命令。有些版本也叫 `adduser`。为了方便使用,很多发行版上这个命令是一个指向 `useradd` 命令的符号链接。
```
$ file `which adduser`
/usr/sbin/adduser: symbolic link to useradd
```
来看一下 `useradd`
> 注意:本文描述的默认环境是 Red Hat Enterprise Linux 8.0。你可能会发现本文描述的这些文件和某些默认值与某些 Linux 发行版或其他 Unix 操作系统FreeBSD 或 Solaris偶尔会有差异。
### 默认处理
`useradd` 的基本用法相当简单:通过一个用户名就可以添加一个用户
```bash
$ sudo useradd sonny
```
在本例中,`useradd` 命令创建了一个名为 *sonny* 的账号。此命令同时创建了一个同名的组,*sonny* 被放进了这个组,这个组也是 *sonny* 账号的主组。命令执行时,根据配置文件 `/etc/default/useradd``/etc/login.defs` 中的不同设置,也会有其他的参数处理,如语言和 shell。对于一个私人系统或微小的单服务商业环境这些参数已经足够了。
上面两个文件控制 `useradd` 的处理,用户的信息保存在 `/etc` 目录下的一些其他文件中,关于这些信息的讲解会贯穿全文。
| 文件 | 描述 | 域 (加粗的表示由 useradd 命令设置) |
| ------ | ------------------------------------ | ------------------------------------------------------------ |
| passwd | Stores user account details | **username**:unused:**uid**:**gid**:**comment**:**homedir**:**shell** |
| shadow | Stores user account security details | **username**:password:lastchange:minimum:maximum:warn:**inactive**:**expire**:unused |
| group | Stores group details | **groupname**:unused:**gid**:**members** |
### 自定义处理
当管理员需要更好地控制账号时,可以使用命令行来自定义,如指定一个用户的 ID。
#### 用户和组 ID
`useradd` 默认主组 IDGID与用户 IDUID相同但也不完全是。虽然 UID 与 GID 相同不是必须的,但如果相同,会更方便管理员管理。
下面的场景就是一个 GID 与 UID 不同的 例子。现在我添加另一账号,名为 Timmy。通过使用 `getent` 命令来比较 *sonny**timmy* 两个账号,显示两个用户和对应的主组。
```bash
$ getent passwd sonny timmy
sonny❌1001:1002:Sonny:/home/sonny:/bin/bash
timmy❌1002:1003::/home/timmy:/bin/bash
$ getent group sonny timmy
sonny❌1002:
timmy❌1003:
```
不幸的是,两者的 UID 和 GID 都不相同。因为默认的处理是,创建用户时,把下一个可用的 UID 赋给用户,然后把同一个数字作为主组 ID 赋给它。然而,当要使用的 ID 已经被使用时,就再把下一个可用的 GID 赋给它。为了弄清细节,我猜想 1001 这个 GID 已经被使用了,用一个命令确认了一下。
```bash
$ getent group 1001
book❌1001:alan
```
*book* 的 ID 是 *1001*,因此新创建的用户的 GID 都有偏移量 1。这就是为什么系统管理员在用户创建过程中需要多设置一些值的一个实例。为了解决这个问题我必须先确定下一个可用的 UID 和 GID 是否相同。确定下一个可用值时,可以使用 `getent group``getent passwd` 命令,通过 `-u` 参数传递要确认的值。
```bash
$ sudo useradd -u 1004 bobby
$ getent passwd bobby; getent group bobby
bobby❌1004:1004::/home/bobby:/bin/bash
bobby❌1004:
```
另一个需要指定 ID 的场景是,通过 NFS 访问远程系统上的文件时。对于一个给定的用户,当 NFS 所有客户端和服务系统的 ID 都一样时,管理员更容易控制。在我的文章 [使用 autofs 挂载 NFS][2] 中有详细介绍。
### 更多自定义
一些其他的指定用户信息的参数也用得比较频繁。这里是一些你会经常用到的参数的概括例子。
#### 注释
注释选项是通过 `-c` 参数指定的一个解释文本字段,可以提供一段简短的描述或其他信息。
```bash
$ sudo useradd -c "Bailey is cool" bailey
$ getent passwd bailey
bailey❌1011:1011:Bailey is cool:/home/bailey:/bin/bash
```
#### 组
一个用户可以被指定一个主组和多个次组。 `-g` 参数指定主组名称或 GID。如果不指定`useradd` 会以用户名创建一个主组(前面演示过)。`-G`(大写)参数用一个逗号分隔的组列表来指定此用户所属的组,这些组就是次组。
```bash
$ sudo useradd -G tgroup,fgroup,libvirt milly
$ id milly
uid=1012(milly) gid=1012(milly) groups=1012(milly),981(libvirt),4000(fgroup),3000(tgroup)
```
#### 家目录
`useradd` 的默认处理是,在 `/home` 目录下创建用户的家目录。然而,下面的参数可以改写家目录的 base 目录。`-b` 设置另一个可以创建家目录的 base 目录。例如 指定 `/home2` 而不是 `/home`
```bash
$ sudo useradd -b /home2 vicky
$ getent passwd vicky
vicky❌1013:1013::/home2/vicky:/bin/bash
```
`-d` 参数可以指定一个与用户名不同的家目录。
```bash
$ sudo useradd -d /home/ben jerry
$ getent passwd jerry
jerry❌1014:1014::/home/ben:/bin/bash
```
#### skeleton 目录
`-k` 参数指定创建新用户时,会复制 `/etc/skel` 目录下的所有文件到家目录中。这些文件通常是 shell 配置文件,当然也可以是系统管理员想在新建用户时使用的任何文件。
#### Shell
`-s` 参数可以指定 shell。如果不指定则使用默认的 shell。例如下面的例子中 ,配置文件中定义的 shell 是 `bash`,但 `Wally` 这个用户指定的是 `zsh`
```bash
$ grep SHELL /etc/default/useradd
SHELL=/bin/bash
$ sudo useradd -s /usr/bin/zsh wally
$ getent passwd wally
wally❌1004:1004::/home/wally:/usr/bin/zsh
```
#### 安全
安全是用户管理的重中之重,因此 `useradd` 命令也提供了很多关于安全的选项。可以使用 `-e` 参数,以 YYYY-MM-DD 的格式指定一个用户的过期时间。
```bash
$ sudo useradd -e 20191231 sammy
$ sudo getent shadow sammy
sammy:!!:18171:0:99999:7::20191231:
```
当密码过期时,一个账号也可以自动失效。`-f` 参数指定密码过期后经过几天账号失效。如果设为 0则立即失效。
```bash
$ sudo useradd -f 30 willy
$ sudo getent shadow willy
willy:!!:18171:0:99999:7:30::
```
### 实例
生产中,创建一个用户账号时会用到多个参数。例如,我要创建一个 Perry 账号,可能会用下面的命令:
```bash
$ sudo useradd -u 1020 -c "Perry Example" \
-G tgroup -b /home2 \
-s /usr/bin/zsh \
-e 20201201 -f 5 perry
```
查看前面的内容来理解每个选项。用下面的命令确认结果:
```bash
$ getent passwd perry; getent group perry; getent shadow perry; id perry
perry❌1020:1020:Perry Example:/home2/perry:/usr/bin/zsh
perry❌1020:
perry:!!:18171:0:99999:7:5:20201201:
uid=1020(perry) gid=1020(perry) groups=1020(perry),3000(tgroup)
```
### 一点小建议
`useradd` 命令是所有 Unix不仅仅是 Linux系统管理员都必知必会的命令。由于用户创建不能出错需要第一次就正确所以理解它的每一个选项很重要。这意味着你需要有一套深思熟虑的命名约定包括为整个企业环境而不仅仅是一个单系统预留一个专用的 UID/GID 范围,尤其是你为一个成长中的组织工作时。
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/10/linux-useradd-command
作者:[Alan Formy-Duval][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/alanfdoss
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/connection_people_team_collaboration.png?itok=0_vQT8xV (people in different locations who are part of the same team)
[2]: https://opensource.com/article/18/6/using-autofs-mount-nfs-shares

91
translated/tech/20191230 10 articles to enhance your security aptitude.md Normal file
View File

@ -0,0 +1,91 @@
[#]: collector: "lujun9972"
[#]: translator: "nacyro"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
[#]: subject: "10 articles to enhance your security aptitude"
[#]: via: "https://opensource.com/article/19/12/security-resources"
[#]: author: "Ben Cotton https://opensource.com/users/bcotton"
10 篇文章强化你的安全能力
======
无论你是新手还是想要增加技能Opensource.com 2019 年十大安全文章中都有适合你的内容。
![A secure lock.][1]
如果安全是一个过程确实如此那么理所当然的不同的项目及其贡献者情况各有不同。有些应用程序经历了多年的安全测试由在信息安全领域工作了几十年的人员所设计。其他的则是由开发人员在他们的第一个开源项目中开发的全新项目。毫不奇怪Opensource.com 2019 年十大安全文章囊括了代表这一范围的经验。我们有介绍基本安全实践的文章,也有深入探讨更高级主题的文章。
无论你是新手还是想要增加你在传奇职业生涯中获得的技能2019 年十大安全文章中都有适合你的内容。
### 《七步捍卫你的 Linux 服务器7 steps to securing your Linux server
安全如舍地基不牢房屋不稳。Patrick H. Mullins 的杰作《[七步捍卫你的 Linux 服务器7 steps to securing your Linux server][2]》让您从Linux服务器的基本安全步骤开始。即使您有很多管理服务器的经验本文也提供了一个很好的清单以确保您掌握了基础知识。在此基础上您可以开始添加额外的安全层。
### 《用防火墙使 Linux 更健壮Make Linux stronger with firewalls
七步捍卫你的 Linux 服务器中的一步即是启用防火墙。但什么**是**防火墙它是如何工作的呢 Seth Kenlon 在《[用防火墙使 Linux 更健壮Make Linux stronger with firewalls][3]》一文中回答了这些问题,然后详细描述了为了更好的安全性应如何配置你的防火墙。使用 `firewalld``Network Manager`,您可以为不同的网络设置不同的防火墙配置。例如,这允许您在您的家庭网络上进行信任配置,并在您最喜欢的咖啡店的 WiFi 网络上进行更多疑的配置。
### 《减少集中日志的安全风险Reducing security risks with centralized logging
保护系统安全,只有开始,没有结束:安全是一个过程而不是状态。**保持**系统安全工作的一部分即是密切关注所发生的事情。集中化日志是实现这一点的一种方法,尤其是在管理多系统时。在《[减少集中日志的安全风险Reducing security risks with centralized logging][4]》中 Hannah Suarez 分享了要如何开始(她这篇文章基于她在 FOSDEM'19 (自由及开源软件开发者欧洲会议) 中的闪电演讲)
### 《为 SSH 使用 GPG 密钥Using GPG keys for SSH
大多数人都会为 `SSH` 的密钥认证使用 `SSH 密钥`。为什么不呢毕竟就在名字里。从安全的角度来看这些方法非常好。但若想简化某些形式的密钥分发与备份还有另一种方法Brian Exelbierd 的三部曲系列介绍了《[如何启用使用 GPG 子钥的 SSH 访问How to enable SSH access with a GPG subkey][5]》、《[如何导入现有 SSH 密钥How to import existing SSH keys][6]》、《[如何将备份量减少到单个密钥文件How to reduce your backup needs to a single key file][7]》
### 《使用 `Seahorse` 图形化管理 SSH 密钥Graphically manage SSH keys with Seahorse
并不是所有人都喜欢用 `GPG` 作为 `SSH 密钥`,但这并不意味着您在密钥管理上会不顺。`Seahorse` 是一个在 `GNOME` 桌面中用于管理 `SSH 密钥` 及其他身份验证方法的图形化工具。Alan Formy-Duval 的《[使用 `Seahorse` 图形化管理 SSH 密钥Graphically manage SSH keys with Seahorse][8]》对新手用户特别有帮助。
### 《安全扫描你的 DevOps 管线Security scanning your DevOps pipeline
如今到处都是容器。但它们容纳着什么了解容器满足您的安全策略是保持安全性的重要部分。幸运的是您可以使用开源工具来帮助自动化符合性检查。Jessica Cherry (原名: Repka) 的《[安全扫描你的 DevOps 管线Security scanning your DevOps pipeline][9]》是一个循序渐进的教程,向您展示了如何使用 `Jenkins` 构建系统和 `Anchore` 检查服务为容器镜像和 `registries` 创建扫描管线。
### 《四个开源云安全工具4 open source cloud security tools
云服务的一大优点是你的数据可以从任何地方访问。云服务的一个缺点是你的数据可以从任何地方访问。如果您使用的是 `"-as-a-Service" (译注: IaaS, PaaS, SaaS)` 产品那么您需要确保它们是经过安全配置的。Anderson Silva、Alison Naylor、Travis McPeak 和 Rich Monk 联合推出《[四个开源云安全工具4 open source cloud security tools][10]》以帮助在使用 `GitHub``AWS` 时提高安全性。如果你正在寻找被不小心提交的秘密,或尝试从一开始就阻止这些秘密被提交,这篇文章提供了工具。
### 《如何使用OpenSSL哈希数字签名等等How to use OpenSSL: hashes, digital signatures, and more
许多信息安全是基于数学的:特别是用于加密数据和验证用户或文件内容的加密函数。在《[开始使用 OpenSSL密码学基础Getting started with OpenSSL: Cryptography basics][11]》中进行介绍后Marty Kalin 深入讨论了《[如何使用 OpenSSL哈希数字签名等等How to use OpenSSL: hashes, digital signatures, and more][12]》的细节,解释了如何使用 `OpenSSL` 实用程序来探索这些常用但不常被理解的概念。
### 《使用树莓派和 Kali Linux 学习计算机安全Learn about computer security with the Raspberry Pi and Kali Linux
廉价硬件与开源软件构成了一个很好的组合,特别是对于那些希望边做边学的人来说。在《[使用树莓派和 Kali Linux 学习计算机安全Learn about computer security with the Raspberry Pi and Kali Linux][13]》这篇文章中Anderson Silva 介绍了面向安全的 `Kali Linux` 发行版。这是一篇短文,但它满是关于文档和安全相关项目的有用的链接,您可以在自己的树莓派上使用它们。
### 《量子计算会破坏安全吗Will quantum computing break security?)》
这篇文章的余下部分是浪费吗?量子计算会让我们对安全的所知变得过时吗?好消息是:回答是否定的,但是量子计算仍然可以在更广泛的范围内对安全和计算世界产生深远的影响。在《[量子计算会破坏安全吗Will quantum computing break security?][14]》一文中Mike Bursell 剖析了它好坏两方面的影响,当然,量子计算可能会让加密的破解变得更容易,但如果坏人一开始就无法获得你的数据,那也没有关系。
### 《展望 2020Looking to 2020
安全永远是重要的,(正如那篇量子计算文章所建议的) 未来几年将是该领域的一个有趣时期。在 2020 年Opensource.com 的文章将着眼于开源安全的前沿,并帮助向不断增长的开源社区解释基础知识。如果你有一个你想要我们报导的主题,请在评论中分享它,或者更进一步 —— 如果你想写一篇文章,就写给我们吧。
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/12/security-resources
作者:[Ben Cotton][a]
选题:[lujun9972][b]
译者:[nacyro](https://github.com/nacyro)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/bcotton
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003601_05_mech_osyearbook2016_security_cc.png?itok=3V07Lpko "A secure lock."
[2]: https://opensource.com/article/19/10/linux-server-security
[3]: https://opensource.com/article/19/7/make-linux-stronger-firewalls
[4]: https://opensource.com/article/19/2/reducing-security-risks-centralized-logging
[5]: https://opensource.com/article/19/4/gpg-subkeys-ssh
[6]: https://opensource.com/article/19/4/gpg-subkeys-ssh-multiples
[7]: https://opensource.com/article/19/4/gpg-subkeys-ssh-manage
[8]: https://opensource.com/article/19/4/ssh-keys-seahorse
[9]: https://opensource.com/article/19/7/security-scanning-your-devops-pipeline
[10]: https://opensource.com/article/19/9/open-source-cloud-security
[11]: https://opensource.com/article/19/6/cryptography-basics-openssl-part-1
[12]: https://opensource.com/article/19/6/cryptography-basics-openssl-part-2
[13]: https://opensource.com/article/19/3/computer-security-raspberry-pi
[14]: https://opensource.com/article/19/1/will-quantum-computing-break-security
[15]: https://opensource.com/how-submit-article