ch8.htm

美国Macmillan出版社编写的Perl教程《Perl CGI Web Pages for WINNT》

<HTML>
<HEAD>
<TITLE>Chapter 8 -- System Administration Applications</TITLE>

<META>
</HEAD>
<BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#0000EE" VLINK="#551A8B" ALINK="#CE2910">
<H1><FONT SIZE=6 COLOR=#FF0000>Chapter&nbsp;8</FONT></H1>
<H1><FONT SIZE=6 COLOR=#FF0000>System Administration Applications</FONT>
</H1>
<HR>
<P>
<CENTER><B><FONT SIZE=5><A NAME="CONTENTS">CONTENTS</A></FONT></B></CENTER>
<UL>
<LI><A HREF="#ManipulatingDirectories">
Manipulating Directories</A>
<UL>
<LI><A HREF="#DirectoryandFileControl">
Directory and File Control</A>
</UL>
<LI><A HREF="#FileNameManipulation">
File Name Manipulation</A>
<LI><A HREF="#CheckingBadPasswords">
Checking Bad Passwords </A>
<LI><A HREF="#OtherSystemAdministrationConcerns">
Other System Administration Concerns</A>
</UL>
</UL>

<HR>
<P>
Although most of this book is dedicated to applying Perl to CGI-based
applications, it is also important to take notice of Perl as a
network administration language. Originally, Perl was designed
as a language to assist system administrators to format various
reports concerning the system and the associated network. With
most of an administrator's job being essentially text processing,
Perl is a natural for this purpose.
<P>
The routine tasks that face a system administrator include moving
around among directories, manipulating files and their contents,
and checking passwords. To demonstrate how Perl can accomplish
these things for you, each of these facets will be noted.
<P>
The largest script by far in this chapter, and perhaps in this
book, is the security script that checks for bad passwords. This
script includes many parameters for testing bad passwords, and
also demonstrates how Perl can be used to create long, involved
scripts to solve more complex, in-depth administrative programming
problems. 
<H2><A NAME="ManipulatingDirectories"><FONT SIZE=5 COLOR=#FF0000>
Manipulating Directories</FONT></A></H2>
<P>
To be effective as an administration tool Perl must be able to
navigate the various directories storing your files.<BR>
<P>
<CENTER>
<TABLE BORDERCOLOR=#000000 BORDER=1 WIDTH=80%>
<TR VALIGN=TOP><TD><B>NOTE</B></TD></TR>
<TR VALIGN=TOP><TD>
<BLOCKQUOTE>
<I>Windows NT uses the NTFS file system (different than the FAT system that runs MS-DOS and Windows 95), which allows it to support long file names. If you are using NT in a network that includes MS-DOS or Windows 95 machines, you must remember that these 
computers will not be able to read these longer file names. Also keep in mind that you cannot use the following characters in your file names: ? * / \ &lt; &gt; | :</I>
</BLOCKQUOTE>

</TD></TR>
</TABLE></CENTER>
<P>
<P>
Windows NT file directories are controlled through the File Manager
application. Any modifications that you need to make when writing
your Perl scripts can be done with this application.
<P>
In MS-DOS, you use the command cd to change directories for the
current directory to the new one. In Perl the chdir() system call
operator acts in the same way-applying a single argument to evaluate
the new directory name. The basic format for chdir() is
<BLOCKQUOTE>
<PRE>
chdir(&quot;new\directory\&quot;);
</PRE>
</BLOCKQUOTE>
<P>
and can be used in a Perl script, as in this example where the
user is asked to supply the directory destination to &lt;STDIN&gt;:
<BLOCKQUOTE>
<PRE>
#! user/bin/perl
print &quot;Which directory?&quot;;
chop($newdirectory = &lt;STDIN&gt;);	
     if (chdir $newdirectory) {
          print 'dir'; # to show some results
</PRE>
</BLOCKQUOTE>
<P>
where the new directory supplied by the user is put into $newdirectory,
where it can be read by the chdir operator. When this script finishes,
you don't end up in the new directory, you are deposited back
into the directory that you were in when you executed the script.
That's why the &quot;dir&quot; line is a good idea, to show that
you actually did change directories at one point. You may have
noticed that the parentheses are missing. Don't worry because
they are optional when using the chdir operator.
<H3><A NAME="DirectoryandFileControl">
Directory and File Control</A></H3>
<P>
Perl has several techniques to offer you for dealing with files
and directories. You are already familiar with the Perl use of
file handles to open a file for output. Perl also provides a way
to remove a file-the unlink() operator.
<P>
By using the unlink() operator you can delete the name of a file.
Sometimes files have more than one file name associated with them,
so if the file name to be unlinked is also the last file name
for a file, then the file itself will be deleted, too. It is rare
that any of the files that Perl will be using will have more than
one name, so using the unlink() operator will delete the specified
file effectively. The unlink() operator would be used like this:
<BLOCKQUOTE>
<PRE>
unlink (&quot;filename&quot;); # filename is deleted
</PRE>
</BLOCKQUOTE>
<P>
where filename can be the name of any file to be deleted.
<P>
You also can have the user input a file to be deleted like so:
<BLOCKQUOTE>
<PRE>
print &quot;Which file is to be removed? &quot;;
     chop ($filename = &lt;STDIN&gt;);
     unlink ($filename);
</PRE>
</BLOCKQUOTE>
<P>
where $filename carries the file name put into &lt;STDIN&gt; by
the user.
<H2><A NAME="FileNameManipulation"><FONT SIZE=5 COLOR=#FF0000>
File Name Manipulation</FONT></A></H2>
<P>
When you consider file names, what you are really dealing with
is another form of a string, which is made of text, so Perl is
a natural tool to use here.
<P>
The best way to use Perl to manipulate files is to use the rename
operator in conjunction with a regular expression that specifies
the parameters that will be applied to the file names in question.
<P>
The format for the rename() operator is simple:
<BLOCKQUOTE>
<PRE>
rename (&quot;oldname&quot;,&quot;newname&quot;);
</PRE>
</BLOCKQUOTE>
<P>
The original name of the file is oldname and the new name is newname.
<P>
 If you need to specify a directory path name for a file, you
can use the rename operator to do it like this:
<BLOCKQUOTE>
<PRE>
rename (&quot;filename&quot;,&quot;directory_name/filename&quot;);
</PRE>
</BLOCKQUOTE>
<P>
where filename is given the specifed pathname directory_name.
<P>
As a quick review, the rename operator can work like this:
<OL>
<LI>Removing file extentions<BR>
foreach $file (&lt;*.txt&gt;) {<BR>
$newfile=$file;<BR>
$newfile=~s/\.txt$//;<BR>
rename($file, $newfile);<BR>
}This strips off the file extension .txt from all the specified
file names in the directory.
<LI>Adding file extensions back on<BR>
foreach $file (&lt;*&gt;) {<BR>
$newfile=$file;<BR>
$newfile.=&quot;.txt&quot;;<BR>
rename($file, $newfile);<BR>
}<BR>
This restores the file extension .txt to the files in the current
directory.
<LI>Adding new file extensions<BR>
foreach $file (&lt;*&gt;) {<BR>
$newfile=$file;<BR>
$newfile.=&quot;.htm&quot;;<BR>
rename($file, $newfile);<BR>
}<BR>
This adds the .html file extension to the files in the current
directory.
<LI>Translating uppercase to lowercase<BR>
foreach $file (&lt;*&gt;) {<BR>
$newfile=$file;<BR>
$newfile=~tr/A-Z/a-z/;<BR>
rename($file, $newfile);<BR>
}<BR>
This changes the files specified in the current directory to all
lowercase letters.
</OL>
<H2><A NAME="CheckingBadPasswords"><FONT SIZE=5 COLOR=#FF0000>
Checking Bad Passwords </FONT></A></H2>
<P>
Passwords should be used for both users of your network and users
of your Web site. Good security procedure dictates that the system
administrator should allow only good passwords to be used, &quot;good&quot;
meaning not easily broken. A bad password can not only compromise
your user's security, but also the security of your entire network
or Web site.
<P>
Instead of designing a program that tries and figures out, or
cracks, your users' passwords, it takes less time and memory to
create a Perl script that searches out bad passwords based on
a few rules that apply to bad-or weak-passwords. It does not make
sense to define rules for good passwords, because this would give
someone trying to infiltrate your system your recipe for success.
<P>
You can use regular expressions to search password files for matching
against the weak password criteria. This Perl script checks new
and changed passwords entered by users to prevent them from using
bad ones. This script contains several features concerning system
security, such as shadow password files, that are not covered
in this book (shadow password files are password files that have
been shadowed, a process often done to password files to increase
their protection on UNIX systems).
<P>
Some of the tests you might be familiar with are testing new passwords
against words found in the dictionary, calendar dates, or profane
words. These different tests have been included to ensure that
as many bases as possible are covered concerning password security.
Not all of these tests may be necessary for your network's setup.
For more information about system security, consult your system
administrator.
<P>
When you find that this script gets a little rough, don't worry.
This script is very UNIX oriented. That is because the most secure
networks are UNIX-based. It would be quite a task for even an
experienced Perl programmer to convert all the concepts in this
script for use with a Windows NT server. Use this program to learn
about the various aspects of security programming, and note the
various examples of the kinds of things to look for, and procedures
to try, in creating your own password checking program.
<BLOCKQUOTE>
<PRE>
#! /usr/bin/perl
     # bad_password_check.pl
     $age = 6; 
     $exp = 1&Oslash;; # these are the age of the password and 
     # expiry date in weeks.
     $bad_phrase = '/usr/etc/phrases'; # the location
     # of your file containing phrases which make bad
     # passwords.
$bad_words = '/usr/etc/words'; # the location of 
     # your file containing words which make bad
     # passwords.
     @words = $bad_words;
     if (-f '/usr/etc/dictionary_file') { # This is
     # a list of dictionaries for the script to search
     # through looking for bad passwords.
          push(@words,'/usr/etc/dictionary_file');
     }
     push(@words,'/usr/etc/another_dict');
     $x = 'dictaa.txt';
     foreach $dict (@words) {
          open($x,$dict) &amp;&amp; push(@dicts, eval &quot;*$x);
          $x++;
     }
     $ENV{'IFS'} = '' if $ENV{'IFS'};
     $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';
     umask(&Oslash;22); # can't use umask in Winperl
     chdir '/etc' || die &quot;Unable to find /etc.\n&quot;;
     die &quot;bad_password_check.pl cannot run setiud to the root directory\n&quot; if $&gt;;
     @INC = $INC[$#INC - 1]; # This specifies the
# Perl library
     die &quot;The Perl library is only writable.\n&quot;
          if $&lt; &amp;&amp; -W $INC[&Oslash;];
     die &quot;look.pl is only writable.\n&quot;
          if $&lt; &amp;&amp; -W &quot;$INC[&Oslash;]/look.pl&quot;;
     require &quot;look.pl&quot; # a call to the look.pl script in 
     # the standard Perl library
     $| = 1; # to buffer commands on STDOUT
     @chrset = ('a'..'z','A'..'Z','&Oslash;'..'9','.','/');
     chop ($host = 'hostname.txt');
     $okay = shift if $ARGV[&Oslash;] =~ /^-r/;
     $okay = &Oslash; if $&lt;; # for the administrator only