Документация openSUSE
Глава 5. Управление пользователями с YaST / 5.2. Специальные возможности
Пред.Глава 5. Управление пользователями с YaST5.3. Управление группамиСлед.

5.2. Специальные возможности

В дополнении к настройкам для учетных записей поумолчанию, openSUSE предоставляет некоторые специальные возможности, такие как автоматический вход, вход без пароля, шифрованые домашние каталоги или квоты для пользователей и групп.

5.2.1. Авто вход и вход без пароля

Если вы используете рабочий стол KDE или GNOME вы можете настроить Автоматический вход для определенных пользователей тка же как и Безпарольный вход для всех пользователей. Auto login causes a user to become automatically logged in to the desktop environment on boot. This functionality can only be activated for one user at a time. Login without password allows all users to log in to the system after they have entered their username in the login manager.

[Warning]Potential Security Risk

Enabling Auto Login or Passwordless Login on a machine that can be accessed by more than one person bears a potential security risk. Without the need to authenticate any user can gain access to your system and your data. If your system contains confidential data, do not use this functionality.

If you want to activate auto login or login without password, access these functions from Expert Options+Login Settings.

5.2.2. Управление Encrypted Home Directories

To protect data in home directories against theft and hard disk removal, you can create encrypted home directories for users. These are encrypted with LUKS (Linux Unified Key Setup), which results in an image and an image key generated for the user. The image key is protected with the user's login password. When the user logs in to the system, the encrypted home directory is mounted and the contents are made available to the user.

With YaST, you can create encrypted home directories for new or existing users. To encrypt or modify encrypted home directories of already existing users, you need to enter the user's current login password. By default, all existing user data is copied to the new encrypted home directory, but it is not deleted from the unencrypted directory.

Процедура 5.4. Creating Encrypted Home Directories

  1. Open the YaST User and Group Management dialog in the Users view.

  2. To encrypt the home directory of an existing user, select an entry and click Edit.

    Otherwise, click Add to create a new user account and enter the appropriate user data on the first tab.

  3. In the Details tab, activate Use Encrypted Home Directory. With Directory Size in MB, specify the size of the encrypted image file to be created for this user.

  4. Apply your settings with Accept.

  5. If you have changed the encryption options for an already existing user, YaST prompts you for the user's current login password. Enter the user's password to proceed.

  6. Click Expert Options+Write Changes Now to save all changes without exiting the administration dialog. Or click Finish to close the administration dialog and to save the changes.

Процедура 5.5. Изменение и отключение шифрованых домашних каталогов

Of course, you can also disable the encryption of a home directory or change the size of the image file at any time.

  1. Open the YaST User and Group Management dialog in the Users view.

  2. Select a user from the list and click Edit.

  3. If you want to disable the encryption, switch to the Details tab and disable Use Encrypted Home Directory.

    If you need to enlarge or reduce the size of the encrypted image file for this users, change the Directory Size in MB.

  4. Apply your settings with Accept.

  5. Enter the user's password to proceed.

  6. Click Expert Options+Write Changes Now to save all changes without exiting the administration dialog. Or click Finish to close the administration dialog and to save the changes.

[Warning]Security Restrictions

Encrypting a user's home directory does not provide strong security from other users. If strong security is required, the system should not be physically shared.

Further options for encrypted home directories are available from a command line tool, cryptconfig.

5.2.3. Контроль доступа по отпечаткам пальцев

Если ваша система включает считыватель отпечатков палальцев от UPEK/SGS Thomson Microelectronics поставляемых с некоторыми ноутбуками IBM и Lenovo ThinkPads (а также в некоторых других ноутбуках, USB клавиатурах или в виде отдельных устройств), вы можете использовать биометрический контроль доступа в дополнении к стандартному через логин и пароль. После регистрации отпечатков пальцев, пользователи могут войти в систему либо прикоснувшись пальцем считывателя либо введя пароль.

Отпечаток пальца может быть в веден или с помощью YaST или из командной строки. Подробную информацию о настройки и использовании контроля доступа по отпечаткам пальцев ищите в http://en.opensuse.org/Using_Fingerprint_Authentication.

5.2.4. Управление квотами

To prevent system capacities from being exhausted unnoticed, system administrators can set up quotas for users or groups. Quotas can be defined for one or more file systems and restrict the amount of disk space that can be used and the number of inodes that can be created there. openSUSE allows usage of soft and hard quotas. Soft quotas usually define a warning level at which users are informed they are nearing their limit, whereas hard quotas define the limit at which write requests are denied. Additionally, grace intervals can be defined that allow users or groups to temporarily violate their quotas by certain amounts.

Процедура 5.6. Enabling Quota Support for a Partition

In order to configure quotas for certain users and groups, you need to enable quota support for the respective partition in the YaST partitioner first.

  1. In YaST, select System+Partitioner and click Yes to proceed.

  2. In the Expert Partitioner, select the partition for which to enable quotas and click Edit.

  3. Click Fstab Options and activate Enable Quota Support.

  4. Confirm your changes with OK and leave the Expert Partitioner with Apply.

Процедура 5.7. Настройка квот для пользователей и групп

Now you can define soft or hard quotas for specific users or groups and set time periods as grace intervals.

  1. In the YaST User and Group Administration, select the user or the group for that you want to set quotas and click Edit.

  2. On the Plug-Instab, select the quota entry and click Launch to open the Quota Configuration dialog.

  3. From File System, select the partition to which the quota should apply.

  4. Below Size Limits, restrict the amount of disk space. Enter the number of 1 kB blocks the user or group may have on this partition. Specify a Soft Limit and a Hard Limit value.

  5. Additionally, you can restrict the number of inodes the user or group may have on the partition. Below Inodes Limits, enter a Soft Limit and Hard Limit.

  6. You can only define grace intervals if the user or group has already exceeded the soft limit specified for size or inodes. Otherwise the time-related input fields are not activated. Specify the time period for which the user or group is allowed to exceed the limits set above.

  7. Confirm your settings with Accept.

Пред.Глава 5. Управление пользователями с YaSTНачало5.3. Управление группамиСлед.