皖公网安备 34162302000199号
|
9、管理用户和组
2021年07月02日 |
|
9.1 用户组管理常用命令和文件 9.1.1 常用命令 用户管理: useradd, userdel, usermod, passwd, chsh, chfn, finger, id, chage 组管理: groupadd, groupdel, groupmod, gpasswd 权限管理: chown, chgrp, chmod, umask 9.1.3 常用文件及其内容 /etc/passwd: 用户名:密码:UID:GID:注释:家目录:默认SHELL [root@Daniel-R480 default]# cat /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin /etc/group: 组名:密码:GID:以此组为其附加组的用户列表 [root@Daniel-R480 default]# cat /etc/group root:x:0: bin:x:1: daemon:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: /etc/shadow: 用户名:密码:最近一次修改密码的时间:最短使用期限:最长使用期限:警告时间:非活动时间:过期时间: [root@Daniel-R480 default]# cat /etc/shadow root:$6$PFQ4zANu$LyrKxl8kGT/lYge0N0zj1f1ltbuvXaJIFale65FJ4gA/llvFXABl6kOL9KvQTMJ01W6Jxu81GSLx9qIBnq4Sv1:18782:0:99999:7::: bin:*:17834:0:99999:7::: daemon:*:17834:0:99999:7::: adm:*:17834:0:99999:7::: 9.2 添加用户 useradd [options] USERNAME -u UID 指定UID -g GID(基本组) -G GID,… (附加组) -c “COMMENT” 指定注释信息 -d /path/to/directory 指定某个目录 -s SHELL 指定shell路径(一定要在/etc/shells里面) -m -k 创建用户家目录并且将/etc/skel/下面的用户配置文件导过来 -M 不为用户创建家目录 -r: 添加系统用户 /etc/login.defs:文件用于在Linux创建用户时,对用户的一些基本属性做默认设置,例如指定用户 UID 和 GID 的范围,用户的过期时间,密码的最大长度,等等。 [root@Daniel-R480 ~]# ueradd -u 1000 test -bash: ueradd: command not found [root@Daniel-R480 ~]# useradd -u 1000 test useradd: UID 1000 is not unique [root@Daniel-R480 ~]# [root@Daniel-R480 ~]# useradd -u 10011 test [root@Daniel-R480 ~]# [root@Daniel-R480 ~]# [root@Daniel-R480 ~]# tail -1 /etc/passwd test:x:10011:10011::/home/test:/bin/bash [root@Daniel-R480 ~]# useradd -g hellosa test1 useradd: group ‘hellosa’ does not exist [root@Daniel-R480 ~]# useradd -g mygroup test1 useradd: group ‘mygroup’ does not exist [root@Daniel-R480 ~]# groupadd test groupadd: group ‘test’ already exists [root@Daniel-R480 ~]# useradd -g test test1 [root@Daniel-R480 ~]# [root@Daniel-R480 ~]# [root@Daniel-R480 ~]# tail -1 /etc/passwd test1:x:10012:10011::/home/test1:/bin/bash [root@Daniel-R480 ~]# useradd -G test test2 [root@Daniel-R480 ~]# [root@Daniel-R480 ~]# [root@Daniel-R480 ~]# tail -1 /etc/passwd test2:x:10013:10013::/home/test2:/bin/bash [root@Daniel-R480 ~]# useradd -s /sbin/nologin test3 [root@Daniel-R480 ~]# su – test3 This account is currently not available. [root@Daniel-R480 ~]# useradd -M test4 [root@Daniel-R480 ~]# su – test4 su: warning: cannot change directory to /home/test4: No such file or directory -bash-4.2$ -bash-4.2$ -bash-4.2$ -bash-4.2$ -bash-4.2$ pwd /root -bash-4.2$ exit logout 环境变量: PATH HISTSIZE SHELL(保存当前用户的默认shell) /etc/shells:指定了当前系统可用的安全shell 9.3 用户删除 userdel:删除用户 userdel [option] USERNAME(默认不删除用户的家目录) -r: 同时删除用户的家目录 id:查看用户的帐号属性信息,可直接加用户 -u 查看UID -g 查看可用的GID -G 查看所有的GID -n 查看名称 [root@Daniel-R480 ~]# id test uid=10011(test) gid=10011(test) groups=10011(test) [root@Daniel-R480 ~]# id -u test 10011 [root@Daniel-R480 ~]# id -g test 10011 [root@Daniel-R480 ~]# id -G test 10011 [root@Daniel-R480 ~]# id -u -n test test [root@Daniel-R480 ~]# id -g -n test test [root@Daniel-R480 ~]# id -G -n test test finger: 查看用户帐号信息 finger USERNAME [root@Daniel-R480 ~]# finger test Login: test Name: Directory: /home/test Shell: /bin/bash Never logged in. No mail. No Plan. 9.4 修改用户帐号属性: usermod -u UID 修改用户UID -g GID 修改用户GID -a -G GID:不使用-a选项,会覆盖此前的附加组; -c 使用注释信息 -d -m:给用户创建新的家目录,并将之前家目录的文件拷贝到新的家目录中 -s 修改用户shell -l loginname 修改用户登录名 -L:锁定帐号 -U:解锁帐号 [root@Daniel-R480 ~]# id test uid=10011(test) gid=10011(test) groups=10011(test) [root@Daniel-R480 ~]# usermod -u 2002 test [root@Daniel-R480 ~]# id test uid=2002(test) gid=10011(test) groups=10011(test) chsh: 修改用户的默认shell [root@Daniel-R480 ~]# finger test Login: test Name: Directory: /home/test Shell: /bin/bash Never logged in. No mail. No Plan. [root@Daniel-R480 ~]# id test uid=10011(test) gid=10011(test) groups=10011(test) [root@Daniel-R480 ~]# usermod -u 2002 test [root@Daniel-R480 ~]# id test uid=2002(test) gid=10011(test) groups=10011(test) [root@Daniel-R480 ~]# finger test Login: test Name: Directory: /home/test Shell: /bin/bash Never logged in. No mail. No Plan. [root@Daniel-R480 ~]# chsh test Changing shell for test. New shell [/bin/bash]: /bin/tcsh chsh: “/bin/tcsh” does not exist [root@Daniel-R480 ~]# cat /etc/shells /bin/sh /bin/bash /usr/bin/sh /usr/bin/bash [root@Daniel-R480 ~]# cat /etc/shells chsh test /bin/sh /bin/bash /usr/bin/sh /usr/bin/bash cat: chsh: No such file or directory cat: test: No such file or directory [root@Daniel-R480 ~]# chsh test Changing shell for test. New shell [/bin/bash]: /bin/sh Shell changed. [root@Daniel-R480 ~]# finger test Login: test Name: Directory: /home/test Shell: /bin/sh Never logged in. No mail. No Plan. [root@Daniel-R480 ~]# chfn: 修改注释信息 chage: 改变密码过期信息 -d: 最近一次的修改时间 -E: 过期时间 -I:非活动时间 -m: 最短使用期限 -M: 最长使用期限 -W: 警告时间 9.5 密码管理: passwd [USERNAME] –stdin 用标准输入读取密码,可用来在脚本中创建用户账号及密码 -l 锁定用户密码 -u 解锁用户密码 -d: 删除用户密码 -n:设定密码最短使用期限 -x:设定密码最长使用期限 [root@Daniel-R480 ~]# echo “redhat” redhat [root@Daniel-R480 ~]# echo “redhat” | passwd –stdin test Changing password for user test. passwd: all authentication tokens updated successfully. [root@Daniel-R480 ~]# tail /etc/shadow nfsnobody:!!:17924:::::: sshd:!!:17924:::::: postfix:!!:17924:::::: chrony:!!:17924:::::: daniel:$6$e6rwtpqp$awkNfQl9GtXO7vJNrRrlyJfIE7OcxzOuJZBAR3OueOSBIPtK9ZyuJoBH1s9Ln666KZD8zr9pSnsRg90Wiupj7.:18782:0:99999:7::: test:$6$c5y8U2BO$7AFRriEzYrC2qiH7DeQrl9sMpswUCpFzJ4n/2wcwUifUhlwSKsZzWlv0l75WDEvSTKAeGi3kxzmkumgk0p1ZX0:18782:0:99999:7::: test1:!!:18782:0:99999:7::: test2:!!:18782:0:99999:7::: test3:!!:18782:0:99999:7::: test4:!!:18782:0:99999:7::: [root@Daniel-R480 ~]# [root@Daniel-R480 ~]# passwd -d test Removing password for user test. passwd: Success [root@Daniel-R480 ~]# tail /etc/shadow nfsnobody:!!:17924:::::: sshd:!!:17924:::::: postfix:!!:17924:::::: chrony:!!:17924:::::: daniel:$6$e6rwtpqp$awkNfQl9GtXO7vJNrRrlyJfIE7OcxzOuJZBAR3OueOSBIPtK9ZyuJoBH1s9Ln666KZD8zr9pSnsRg90Wiupj7.:18782:0:99999:7::: test::18782:0:99999:7::: test1:!!:18782:0:99999:7::: test2:!!:18782:0:99999:7::: test3:!!:18782:0:99999:7::: test4:!!:18782:0:99999:7::: [root@Daniel-R480 ~]# pwck:(passwd check)检查用户帐号完整性 [root@Daniel-R480 ~]# pwck user ‘ftp’: directory ‘/var/ftp’ does not exist user ‘test4’: directory ‘/home/test4’ does not exist pwck: no changes [root@Daniel-R480 ~]# 9.6 组管理: 1、groupadd 创建组: -g GID指定gid -r:添加为系统组 [root@Daniel-R480 ~]# useradd -r apache [root@Daniel-R480 ~]# tail -1 /etc/passwd apache:x:997:994::/home/apache:/bin/bash [root@Daniel-R480 ~]# groupadd -r nginx [root@Daniel-R480 ~]# tail -1 /etc/group nginx:x:993: [root@Daniel-R480 ~]# 2、groupmod 修改组信息 -g GID 修改GID -n GRPNAME 修改组名 3、groupdel 删除组 4、gpasswd:为组设定密码 newgrp 为用户临时指定新的组 [root@Daniel-R480 ~]# gpasswd test Changing the password for group test New Password: Re-enter new password: [root@Daniel-R480 ~]# [root@Daniel-R480 ~]# [root@Daniel-R480 ~]# newgrp test [root@Daniel-R480 ~]# su – apache su: warning: cannot change directory to /home/apache: No such file or directory -bash-4.2$ -bash-4.2$ -bash-4.2$ newgrp test Password: bash-4.2$ ginger 练习: 1、创建一个用户mandriva,其ID号为2002,基本组为distro(组ID为3003),附加组为linux; [root@Daniel-R480 ~]# groupadd -g 3003 distro [root@Daniel-R480 ~]# groupadd linux [root@Daniel-R480 ~]# useradd -u 2002 -g distro -G linux mandriva [root@Daniel-R480 ~]# id mandriva uid=2002(mandriva) gid=3003(distro) groups=3003(distro),3004(linux) [root@Daniel-R480 ~]# 2、创建一个用户fedora,其全名为Fedora Community,默认shell为tcsh; [root@Daniel-R480 ~]# useradd -c “Fedora Community” -s /bin/tcsh fedora [root@Daniel-R480 ~]# tail -1 /etc/passwd fedora:x:2003:2003:Fedora Community:/home/fedora:/bin/tcsh [root@Daniel-R480 ~]# 3、修改mandriva的ID号为4004,基本组为linux,附加组为distro和fedora; [root@Daniel-R480 ~]# usermod -u 4004 -g linux -G distro,fedora mandriva [root@Daniel-R480 ~]# id mandriva uid=4004(mandriva) gid=3004(linux) groups=3004(linux),3003(distro),2003(fedora) [root@Daniel-R480 ~]# 4、给fedora加密码,并设定其密码最短使用期限为2天,最长为50天; [root@Daniel-R480 ~]# passwd -n 2 -x 50 fedora Adjusting aging data for user fedora. passwd: Success [root@Daniel-R480 ~]# tail -1 /etc/passwd fedora:x:2003:2003:Fedora Community:/home/fedora:/bin/tcsh [root@Daniel-R480 ~]# tail -1 /etc/shadow fedora:!!:18810:2:50:7::: [root@Daniel-R480 ~]# 5、将mandriva的默认shell改为/bin/bash; [root@Daniel-R480 ~]# usermod -s /bin/sh mandriva [root@Daniel-R480 ~]# usermod -s /bin/bash mandriva [root@Daniel-R480 ~]# tail -2 /etc/passwd mandriva:x:4004:3004::/home/mandriva:/bin/bash fedora:x:2003:2003:Fedora Community:/home/fedora:/bin/tcsh [root@Daniel-R480 ~]# 6、添加系统用户hbase,且不允许其登录系统; [root@Daniel-R480 ~]# useradd -r -s /sbin/nologin hbase [root@Daniel-R480 ~]# su hbase This account is currently not available. [root@Daniel-R480 ~]# |