RH124-05管理用户密码-3

Posted 2020-09-20

5.4 管理用户密码

相关文件： /etc/passwd,/etc/shadow

相关命令： chage,usermod

chage命令的参数:

-l 显示帐户年龄信息

-E   # chage -E 2014-12-28 romeo

-d   # -d 0 下次登陆系统强制修改密码

-M 将两次改变密码之间相距的最大天数设为“最大天数”

-m   将两次改变密码之间相距的最小天数设为“最小天数”

-W 将过期警告天数设为“警告天数”

-I 过期 INACTIVE 天数后，设定密码为失效状态

练习： 在server虚拟机上完成。  当romeo用户第一次登陆系统的时候(默认登陆密码为romeo)，必须要求强制更改密码。密码有效期为90天，账号将在180天后过期

实验： 重置server虚拟机，然后在上面完成操作

新建用户sspade, bboop, and dtracy，密码有效期为30天，默认密码都为redhat

新建用户组consultants，组ID必须为40000，并且该组作为上面三个用户的附加组

把上述三个用户的账号有效期设定为90天后

bboop用户的密码有效期更改为15天

所有用户在第一登陆的时候都必须强制修改密码

实验完毕，提交# lab localusers grade

上课记录：

[[email protected] Desktop]$ ll /etc/passwd

-rw-r--r--. 1 root root 2005 Jul 11  2014 /etc/passwd

[[email protected] Desktop]$ ll /etc/shadow

----------. 1 root root 1148 Jul 11  2014 /etc/shadow

vi /etc/shadow

root:$6$UiGI4Tc2$htsXYn5cJnOqv3P1VLcUSgfjDu2pL5yiJBuua6foZAHdwqeuLHfYUfS/vBn27Wjvoel8EJgtdsMjyquqvKAmf1:16261:0:99999:7:::

bin:*:16141:0:99999:7:::

daemon:*:16141:0:99999:7:::

adm:*:16141:0:99999:7:::  没密码则是*号或！！，代表密码是无效的，如果无效则无法登陆。

lp:*:16141:0:99999:7:::

sync:*:16141:0:99999:7:::

shutdown:*:16141:0:99999:7:::

halt:*:16141:0:99999:7:::

mail:*:16141:0:99999:7:::

operator:*:16141:0:99999:7:::

games:*:16141:0:99999:7:::

ftp:*:16141:0:99999:7:::

nobody:*:16141:0:99999:7:::

dbus:!!:16197::::::

polkitd:!!:16197::::::

avahi:!!:16197::::::

avahi-autoipd:!!:16197::::::

rpc:!!:16197:0:99999:7:::

rpcuser:!!:16197::::::

nfsnobody:!!:16197::::::

ovirtagent:!!:16197::::::

postfix:!!:16197::::::

两个密码一样，其加密出来的字符串也不一样。

passwd: all authentication tokens updated successfully.

[[email protected] ~]# chage -l tom

Last password change : May 29, 2017

Password expires : never  多久可以过期

Password inactive : never  密码过期多久不能用

Account expires : never

Minimum number of days between password change : 0  密码多久改0为不改

Maximum number of days between password change : 99999  最大的时间不过期

Number of days of warning before password expires : 7  过期 前提示

[[email protected] ~]# date

Mon May 29 14:24:01 CST 2017

chage -m 1 多久改   -M密码有效期 14 天  -W 过期前5天敬告  -I  3   过期3天后

练习如下：

 在server虚拟机上完成。  当romeo用户第一次登陆系统的时候(默认登陆密码为romeo)，必须要求强制更改密码。密码有效期为90天，账号将在180天后过期

[[email protected] ~]# useradd romeo

[[email protected] ~]# passwd romeo

Changing password for user romeo.

New password: 

BAD PASSWORD: The password is shorter than 8 characters

Retype new password: 

passwd: all authentication tokens updated successfully.

[[email protected] ~]# chage -M 90  -E 2015-09-06 romeo

[[email protected] ~]# chage -l romeo

Last password change : May 29, 2017

Password expires : Aug 27, 2017

Password inactive : never

Account expires : Sep 06, 2015

Minimum number of days between password change : 0

Maximum number of days between password change : 90

Number of days of warning before password expires : 7

[[email protected] ~]# chage -d 0 romeo

[[email protected] ~]# 

[[email protected] ~]# ssh [email protected]

实验： 重置server虚拟机，然后在上面完成操作

新建用户sspade, bboop, and dtracy，密码有效期为30天，默认密码都为redhat

新建用户组consultants，组ID必须为40000，并且该组作为上面三个用户的附加组

把上述三个用户的账号有效期设定为90天后

bboop用户的密码有效期更改为15天

所有用户在第一登陆的时候都必须强制修改密码

[email protected] ~]# 

[[email protected] ~]# useradd sspade

[[email protected] ~]# useradd bboop

[[email protected] ~]# useradd dtracy

[[email protected] ~]# passwd sspade

Changing password for user sspade.

New password: 

BAD PASSWORD: The password is shorter than 8 characters

Retype new password: 

passwd: all authentication tokens updated successfully.

[[email protected] ~]# passwd bboop

Changing password for user bboop.

New password: 

BAD PASSWORD: The password is shorter than 8 characters

Retype new password: 

passwd: all authentication tokens updated successfully.

[[email protected] ~]# passwd dtracy

Changing password for user dtracy.

New password: 

BAD PASSWORD: The password is shorter than 8 characters

Retype new password: 

Sorry, passwords do not match.

New password: 

BAD PASSWORD: The password is shorter than 8 characters

Retype new password: 

passwd: all authentication tokens updated successfully.

[[email protected] ~]# 

[[email protected] ~]# 

[[email protected] ~]# chage -M 30 sspade

[[email protected] ~]# chage -M 30 bboop

[[email protected] ~]# chage -M 30 dtracy

[[email protected] ~]# 

新建用户组consultants，组ID必须为40000，并且该组作为上面三个用户的附加组

[[email protected] ~]# groupadd -g 400000 consultants

[[email protected] ~]# gpasswd -a sspade consultant

gpasswd: group ‘consultant‘ does not exist in /etc/group

[[email protected] ~]# gpasswd -a sspade consultants

Adding user sspade to group consultants

[[email protected] ~]# gpasswd -a bboop consultants

Adding user bboop to group consultants

[[email protected] ~]# gpasswd -a dtracy  consultants

Adding user dtracy to group consultants

[[email protected] ~]# id sspade

uid=1003(sspade) gid=1003(sspade) groups=1003(sspade),400000(consultants)

[[email protected] ~]# id bboop

[[email protected] ~]# date -d +"30 days"

Wed Jun 28 14:56:49 CST 2017

把上述三个用户的账号有效期设定为90天后  改成9月9号

[[email protected] ~]# chage -E 2017-09-09 sspade

[[email protected] ~]# chage -E 2017-09-09 bboop

bboop用户的密码有效期更改为15天

[[email protected] ~]# chage -M 15 bboop

[[email protected] ~]# chage -l bboop

Last password change : May 29, 2017

Password expires : Jun 13, 2017

Password inactive : never

Account expires : Sep 09, 2017

Minimum number of days between password change : 0

Maximum number of days between password change : 15

Number of days of warning before password expires : 7

所有用户在第一登陆的时候都必须强制修改密码

[[email protected] ~]# chage -d 0 sspade

[[email protected] ~]# chage -d 0 bboop

附注： 如何算时间

[[email protected] ~]# date -d +"90 days" +"%Y-%m-%d" 后面是限定输出格式

2017-08-27

last change date :-d  修改密码的时间，0就是登陆就修改

min days  -m   密码最小时间 即在1天或2天内修改密码

warn days -W  密码警告时间  Number of days of warning before password expires 即在密码过期前告

max days  -M 密码有效时间  默认密码有效时间是9999

inactive days -l 账号 失效时间  ：默认是never

chage -E 2017-09-09 sspade 设置账号的有效期

本文出自 “IT正能量” 博客，谢绝转载！