Day03-01阿铭Linux-用户和组管理
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Day03-01阿铭Linux-用户和组管理相关的知识,希望对你有一定的参考价值。
Day03-01阿铭Linux-用户和组管理
3.1 用户配置文件和密码配置文件
/etc/passwd 用户信息配置文件
/etc/shadow 用户密码配置文件
[[email protected] tmp]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
.............................
user1:x:1000:1000::/home/user1:/bin/bash
aming:x:1001:1001::/home/aming:/bin/bash
username: :uid:gid:注释:家目录:shell
[[email protected] tmp]# cat /etc/shadow
root:$6$Nat9OJRo$0qg5VdrCwNmGzXu8BXpu/mHfyRIE52/Vq1BuaOfiAYuA/14tPVv9S2QRYWUxWx0F9DXsIXM
9ESeZ42NoEJgJ40:17586:0:99999:7:::bin:*:17110:0:99999:7:::
............................
user1:!!:17587:0:99999:7:::
aming:!!:17587:0:99999:7:::
username:加密的密码:最近更改密码的日期1970-更改密码的时间:多少天之后才可以更改密码:密码多少天后到期,多少天之内更改密码:密码到期前的警告天数:账号失效期限:账号在此日期前可以使用:保留字段
3.2 用户组管理
/etc/group 组信息配置文件
/etc/gshadow 组密码配置文件
groupadd grp1
[[email protected] tmp]# groupadd grp1
[[email protected] tmp]# groupadd -g 1005 grp2
groupdel grp1
[[email protected] tmp]# groupdel grp2
[[email protected] tmp]# tail -n2 /etc/group
slocate:x:21:
grp1:x:1002:
[[email protected] tmp]# groupdel usr1
groupdel:“usr1”组不存在
[[email protected] tmp]# groupdel user1
groupdel:不能移除用户“user1”的主组
删除用户组,不可以删除有用户存在的组
3.3 用户管理
useradd
-u 指定uid
-g 指定gid
-d 指定家目录名称
-s 指定shell
-M 不创建家目录
[[email protected] tmp]# useradd user2
[[email protected] tmp]# tail -n2 /etc/passwd
aming:x:1001:1001::/home/aming:/bin/bash
user2:x:1002:1003::/home/user2:/bin/bash
[[email protected] tmp]# useradd -u 1004 -g grp1 user3
[[email protected] tmp]# tail -n3 /etc/passwd
aming:x:1001:1001::/home/aming:/bin/bash
user2:x:1002:1003::/home/user2:/bin/bash
user3:x:1004:1002::/home/user3:/bin/bash
[[email protected] tmp]# useradd -u 1006 -g grp1 -d /home/aming111 -s /sbin/nologin user4
[[email protected] tmp]# tail -n3 /etc/passwd
user2:x:1002:1003::/home/user2:/bin/bash
user3:x:1004:1002::/home/user3:/bin/bash
user4:x:1006:1002::/home/aming111:/sbin/nologin
[[email protected] tmp]# useradd -M user5
[[email protected] tmp]# tail -n3 /etc/passwd
user3:x:1004:1002::/home/user3:/bin/bash
user4:x:1006:1002::/home/aming111:/sbin/nologin
user5:x:1007:1007::/home/user5:/bin/bash
[[email protected] tmp]# ls /home/
aming aming111 user1 user2 user3
userdel
删除用户不删除用户家目录
-r 删除用户同时删除家目录
[[email protected] tmp]# userdel user8
[[email protected] tmp]# ls /home/
aming aming111 user1 user2 user3 user8
3.4 usermod 更改用户属性
usermod
-u 1006 username
-g 1009 username
-d /home/name
-s /sbin/nologin
-G user1,grp1,aming
-g user1
3.5 用户密码管理
passwd
-l username 锁定用户密码
-u username 解锁用户密码
usermod -L username 锁定用户密码
usermod -U username 解锁用户密码
echo "123456"|passwd --stdin username 更改用户密码
[[email protected] tmp]# echo -e "123\nsss"
123
sss
[[email protected] tmp]# echo -e "123\tsss"
123 sss
3.6 mkpasswd
make passwd
yum install -y expect
[[email protected] tmp]# mkpasswd
xOW9ga[f7
[[email protected] tmp]# mkpasswd -l 12
gzcM37qhxuV|
[[email protected] tmp]# mkpasswd -l 12 -s 3
kmK).4o~zu2F
[[email protected] tmp]# mkpasswd -l 12 -s 0
ojmt8UhyB3do
3.7 su 命令
su - 加载完整的环境变量和配置文件
su - -c "touch /tmp/aming.111" aming 以aming运行命令
[[email protected] tmp]# ls -la /etc/skel/
总用量 24
drwxr-xr-x. 2 root root 62 2月 24 22:18 .
drwxr-xr-x. 74 root root 8192 2月 26 00:14 ..
-rw-r--r--. 1 root root 18 8月 3 2017 .bash_logout
-rw-r--r--. 1 root root 193 8月 3 2017 .bash_profile
-rw-r--r--. 1 root root 231 8月 3 2017 .bashrc
3.8 sudo 命令
授权普通用户执行命令
[[email protected] tmp]# visudo
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
aming ALL=(ALL) /usr/bin/ls,/usr/bin/mv,/usr/bin/cat
AMINGS ALL=(ALL) NOPASSWD: /usr/bin/su
## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias FILESERVERS = fs1, fs2
# Host_Alias MAILSERVERS = smtp, smtp2
## User Aliases
## These aren‘t often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem
AMINGS_Alias ADMINS = user1,user2
## Command Aliases
## These are groups of related commands...
## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/b
in/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/b
in/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable
## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb
[[email protected] ~]$ sudo /usr/bin/ls /root/
[[email protected] ~]$ sudo /usr/bin/cat /root/
3.9 限制root远程登录
本地登录无法限制
[[email protected] tmp]# vi /etc/ssh/sshd_config
#LoginGraceTime 2m
PermitRootLogin no
以上是关于Day03-01阿铭Linux-用户和组管理的主要内容,如果未能解决你的问题,请参考以下文章