Day03-01阿铭Linux-用户和组管理

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Day03-01阿铭Linux-用户和组管理相关的知识,希望对你有一定的参考价值。

Day03-01阿铭Linux-用户和组管理

3.1 用户配置文件和密码配置文件

/etc/passwd  用户信息配置文件
/etc/shadow  用户密码配置文件

        [[email protected] tmp]# cat /etc/passwd
        root:x:0:0:root:/root:/bin/bash
        bin:x:1:1:bin:/bin:/sbin/nologin
        .............................
        user1:x:1000:1000::/home/user1:/bin/bash
        aming:x:1001:1001::/home/aming:/bin/bash

username: :uid:gid:注释:家目录:shell

        [[email protected] tmp]# cat /etc/shadow
        root:$6$Nat9OJRo$0qg5VdrCwNmGzXu8BXpu/mHfyRIE52/Vq1BuaOfiAYuA/14tPVv9S2QRYWUxWx0F9DXsIXM
        9ESeZ42NoEJgJ40:17586:0:99999:7:::bin:*:17110:0:99999:7:::
        ............................
        user1:!!:17587:0:99999:7:::
        aming:!!:17587:0:99999:7:::

username:加密的密码:最近更改密码的日期1970-更改密码的时间:多少天之后才可以更改密码:密码多少天后到期,多少天之内更改密码:密码到期前的警告天数:账号失效期限:账号在此日期前可以使用:保留字段

3.2 用户组管理

/etc/group    组信息配置文件
/etc/gshadow  组密码配置文件

groupadd  grp1

        [[email protected] tmp]# groupadd  grp1
        [[email protected] tmp]# groupadd -g 1005 grp2

groupdel grp1

        [[email protected] tmp]# groupdel grp2
        [[email protected] tmp]# tail -n2 /etc/group
        slocate:x:21:
        grp1:x:1002:
        [[email protected] tmp]# groupdel usr1
        groupdel:“usr1”组不存在
        [[email protected] tmp]# groupdel user1
        groupdel:不能移除用户“user1”的主组

删除用户组,不可以删除有用户存在的组

3.3 用户管理

useradd

    -u  指定uid
    -g  指定gid
    -d  指定家目录名称
    -s  指定shell
    -M  不创建家目录

        [[email protected] tmp]# useradd user2
        [[email protected] tmp]# tail -n2 /etc/passwd
        aming:x:1001:1001::/home/aming:/bin/bash
        user2:x:1002:1003::/home/user2:/bin/bash
        [[email protected] tmp]# useradd -u 1004 -g grp1 user3
        [[email protected] tmp]# tail -n3 /etc/passwd
        aming:x:1001:1001::/home/aming:/bin/bash
        user2:x:1002:1003::/home/user2:/bin/bash
        user3:x:1004:1002::/home/user3:/bin/bash

        [[email protected] tmp]# useradd -u 1006 -g grp1 -d /home/aming111 -s /sbin/nologin user4
        [[email protected] tmp]# tail -n3 /etc/passwd
        user2:x:1002:1003::/home/user2:/bin/bash
        user3:x:1004:1002::/home/user3:/bin/bash
        user4:x:1006:1002::/home/aming111:/sbin/nologin

        [[email protected] tmp]# useradd -M user5
        [[email protected] tmp]# tail -n3 /etc/passwd
        user3:x:1004:1002::/home/user3:/bin/bash
        user4:x:1006:1002::/home/aming111:/sbin/nologin
        user5:x:1007:1007::/home/user5:/bin/bash
        [[email protected] tmp]# ls /home/
        aming  aming111  user1  user2  user3

userdel
    删除用户不删除用户家目录
    -r  删除用户同时删除家目录
        [[email protected] tmp]# userdel user8
        [[email protected] tmp]# ls /home/
        aming  aming111  user1  user2  user3  user8

3.4 usermod 更改用户属性

usermod 

    -u 1006 username
    -g 1009 username
    -d /home/name
    -s /sbin/nologin
    -G user1,grp1,aming
    -g user1

3.5 用户密码管理

passwd

    -l username  锁定用户密码
    -u username  解锁用户密码

usermod -L username  锁定用户密码
usermod -U username  解锁用户密码

        echo "123456"|passwd --stdin username  更改用户密码

        [[email protected] tmp]# echo -e "123\nsss"
        123
        sss
        [[email protected] tmp]# echo -e "123\tsss"
        123 sss

3.6 mkpasswd

make passwd
yum install -y expect

    [[email protected] tmp]# mkpasswd
    xOW9ga[f7
    [[email protected] tmp]# mkpasswd -l 12
    gzcM37qhxuV|
    [[email protected] tmp]# mkpasswd -l 12 -s 3
    kmK).4o~zu2F
    [[email protected] tmp]# mkpasswd -l 12 -s 0
    ojmt8UhyB3do

3.7 su 命令

su -  加载完整的环境变量和配置文件

su - -c "touch /tmp/aming.111" aming  以aming运行命令

        [[email protected] tmp]# ls -la /etc/skel/
        总用量 24
        drwxr-xr-x.  2 root root   62 2月  24 22:18 .
        drwxr-xr-x. 74 root root 8192 2月  26 00:14 ..
        -rw-r--r--.  1 root root   18 8月   3 2017 .bash_logout
        -rw-r--r--.  1 root root  193 8月   3 2017 .bash_profile
        -rw-r--r--.  1 root root  231 8月   3 2017 .bashrc

3.8 sudo 命令

授权普通用户执行命令

        [[email protected] tmp]# visudo
        ## Allow root to run any commands anywhere
        root    ALL=(ALL)       ALL
        aming   ALL=(ALL)       /usr/bin/ls,/usr/bin/mv,/usr/bin/cat
        AMINGS  ALL=(ALL)       NOPASSWD: /usr/bin/su

        ## Host Aliases
        ## Groups of machines. You may prefer to use hostnames (perhaps using
        ## wildcards for entire domains) or IP addresses instead.
        # Host_Alias     FILESERVERS = fs1, fs2
        # Host_Alias     MAILSERVERS = smtp, smtp2

        ## User Aliases
        ## These aren‘t often necessary, as you can use regular groups
        ## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
        ## rather than USERALIAS
        # User_Alias ADMINS = jsmith, mikem
        AMINGS_Alias ADMINS = user1,user2

        ## Command Aliases
        ## These are groups of related commands...

        ## Networking
        # Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/b
        in/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

        ## Installation and management of software
        # Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

        ## Services
        # Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/b
        in/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable
        ## Updating the locate database
        # Cmnd_Alias LOCATE = /usr/bin/updatedb

        [[email protected] ~]$ sudo /usr/bin/ls /root/
        [[email protected] ~]$ sudo /usr/bin/cat /root/

3.9 限制root远程登录

本地登录无法限制

    [[email protected] tmp]# vi /etc/ssh/sshd_config
    #LoginGraceTime 2m
    PermitRootLogin no

以上是关于Day03-01阿铭Linux-用户和组管理的主要内容,如果未能解决你的问题,请参考以下文章

Day03-02阿铭Linux-Linux磁盘管理

2018-03-01 阿铭Linux学习

DAY01 阿铭LINUX学习

阿铭每日一题 day 4 20180114

Linux用户和组管理未完成

Linux用户和组管理