回覆列表
  • 1 # 老鄧IT

    Linux上用命令實現本地使用者和組的管理

    本地使用者和組:管理檔案和程序等等

    本地使用者和組:

    1)root: 超級管理員 系統建立的第一個賬戶

    特點:

    id為:0

    家目錄:/root

    具有系統的完全控制權: 小心使用。

    [root@servera ~]# id

    uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

    [root@servera ~]#

    2)普通使用者: 不具有管理員許可權

    特點:

    id範圍:

    1000 <= id <=60000

    家目錄: /home/使用者名稱

    [root@servera ~]# id student

    uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)

    [root@servera ~]#

    3)服務使用者: 為服務提供許可權

    特點:

    id範圍:

    0 < id < 1000

    家目錄:應用程式服務目錄

    [root@servera ~]# id apache

    uid=48(apache) gid=48(apache) groups=48(apache)

    [root@servera ~]#

    如果是yum,rpm安裝的軟體: 由rpm包中的指令碼建立服務賬戶

    Include conf.modules.d/*.conf

    #

    # If you wish httpd to run as a different user or group, you must run

    # httpd as root initially and it will switch.

    #

    # User/Group: The name (or #number) of the user/group to run httpd as.

    # It is usually good practice to create a dedicated user and group for

    # running httpd, as with most system services.

    #

    User apache

    Group apache

    # "Main" server configuration

    #

    本地組:

    1) 主組:一個使用者一定要屬於某個主組中。 當些使用者在建立檔案時,給檔案的歸屬組

    2)從屬組: 使用者容器 ,組織和管理使用者 許可權管控

    作用:

    檔案:

    程序:

    [student@servera ~]$ ps -ux

    USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND

    student 32178 0.0 0.4 93052 9360 ? Ss 15:00 0:00 /usr/lib/system

    student 32182 0.0 0.3 253776 7072 ? S 15:00 0:00 (sd-pam)

    student 32188 0.0 0.2 159412 4980 ? S 15:00 0:00 sshd: student@p

    student 32189 0.0 0.2 233912 4864 pts/0 Ss 15:00 0:00 -bash

    student 32293 0.3 0.2 159408 5192 ? D 15:43 0:00 sshd: student@p

    student 32294 0.3 0.2 233912 4924 pts/1 Ss 15:43 0:00 -bash

    student 32319 0.5 0.2 233940 4804 pts/1 S 15:43 0:00 /bin/bash

    student 32341 0.0 0.2 269312 3876 pts/1 R+ 15:43 0:00 ps -ux

    [student@servera ~]$

    賬戶檔案:

    1) /etc/passwd:儲存使用者資訊

    [root@servera tmp]# cat /etc/passwd |grep student

    student: x :1000:1000: Student User:/home/student:/bin/bash

    使用者名稱 密碼 uid 主組ID 描述 家目錄 登入shell

    [root@servera tmp]#

    [root@servera tmp]# cat /etc/passwd |grep -w root:x

    root:x:0:0:root:/root:/bin/bash

    [root@servera tmp]#

    [root@servera tmp]# cat /etc/passwd |grep apache

    apache:x:48:48:Apache:/usr/share/httpd: /sbin/nologin

    服務賬號 無法登入系統

    [root@servera tmp]#

    2. /etc/shadow : 儲存使用者密碼的 HASH ,密碼的有效性資訊,密碼修改時間,賬戶有效期。

    [root@servera tmp]#

    [root@servera tmp]# ls -l /etc/shadow

    ----------. 1 root root 1014 Mar 29 11:39 /etc/shadow

    [root@servera tmp]#

    [root@servera tmp]#

    [root@servera tmp]# cat /etc/shadow |grep student

    student:$6$8oIjLCsc$/n1iQXYh1E6.uOEuJKgioqAtmqm2TQmkJGF2RwyteIr1tIfrPdiRYgWe6Sjen5/eMij2uHM/a1tue/QRlo3X80:18038:0:99999:7:::

    [root@servera tmp]#

    密碼的HASH: sha512

    8oIjLCsc$/n1iQXYh1E6.uOEuJKgioqAtmqm2TQmkJGF2RwyteIr1tIfrPdiRYgWe6Sjen5/eMij2uHM/a1tue/QRlo3X80

    18038:天數 密碼最後一次修改的時間 從1970-01-01 + 18038 天之後 那一天

    0: 密碼最少使用天數 0 沒有限制 使用者隨時可以改密碼

    99999 :天數, 密碼最大修改時間 永久 200多年

    7 : warning 警告時間, 當密碼快到最後修改時間前7天, 通知使用者修改。

    ::天數 失效時間 inactive 使用者密碼過了最後修改時間,未改變密碼 ,再過多少天,賬戶將被 鎖定

    :: 賬戶有效期

    建立使用者和組:

    建立時,沒有密碼:

    [root@servera ~]# useradd zhangsan

    [root@servera ~]# useradd lisi

    [root@servera ~]# id zhangsan

    uid=1001(zhangsan) gid=1001(zhangsan) groups=1001(zhangsan)

    [root@servera ~]# id lisi

    uid=1002(lisi) gid=1002(lisi) groups=1002(lisi)

    [root@servera ~]#

    無法登入:與PAM 有關

    [student@servera ~]$

    [student@servera ~]$ su - zhangsan

    Password:

    Password:

    su: Authentication failure

    [student@servera ~]$

    設定密碼:

    [root@servera ~]#

    [root@servera ~]# cat /etc/passwd |grep zhangsan

    zhangsan:x:1001:1001::/home/zhangsan:/bin/bash

    [root@servera ~]# cat /etc/shadow |grep zhangsan

    zhangsan:!!:18350:0:99999:7::: # !! 未設定密碼

    [root@servera ~]#

    [root@servera ~]# passwd zhangsan

    Changing password for user zhangsan.

    New password:

    BAD PASSWORD: The password is shorter than 8 characters

    Retype new password:

    passwd: all authentication tokens updated successfully.

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]# cat /etc/shadow |grep zhangsan

    zhangsan:$6$3wxuXomVbQ58wQcK$oQW6injgldxa2N/Pt4tCPDVRqWRVGw.UNZdxE4R0nhEt8K/3UDKzxap6ReIReEvDpG.GdwjpMiiDh7.f6DJNQ0:18350:0:99999:7:::

    [root@servera ~]#

    chage 可以檢視使用者 密碼屬性

    [root@servera ~]# chage -l zhangsan

    Last password change : Mar 29, 2020

    Password expires : never

    Password inactive : never

    Account expires : never

    Minimum number of days between password change : 0

    Maximum number of days between password change : 99999

    Number of days of warning before password expires : 7

    [root@servera ~]#

    建立組:從屬組

    [root@servera ~]#

    [root@servera ~]# groupadd it

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]# groupadd sales

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]# cat /etc/group

    root:x:0:

    bin:x:1:

    daemon:x:2:

    sys:x:3:

    adm:x:4:

    tty:x:5:

    disk:x:6:

    lp:x:7:

    mem:x:8:

    kmem:x:9:

    wheel:x:10:student

    cdrom:x:11:

    mail:x:12:postfix

    man:x:15:

    dialout:x:18:

    floppy:x:19:

    games:x:20:

    tape:x:33:

    video:x:39:

    ftp:x:50:

    lock:x:54:

    audio:x:63:

    users:x:100:

    nobody:x:65534:

    dbus:x:81:

    utmp:x:22:

    utempter:x:35:

    input:x:999:

    kvm:x:36:

    render:x:998:

    systemd-journal:x:190:

    systemd-coredump:x:997:

    systemd-resolve:x:193:

    tss:x:59:

    polkitd:x:996:

    rpc:x:32:

    unbound:x:995:

    ssh_keys:x:994:

    sssd:x:993:

    setroubleshoot:x:992:

    rpcuser:x:29:

    insights:x:991:

    cockpit-ws:x:990:

    sshd:x:74:

    chrony:x:989:

    tcpdump:x:72:

    student:x:1000:

    printadmin:x:988:

    libstoragemgmt:x:987:

    slocate:x:21:

    postdrop:x:90:

    postfix:x:89:

    apache:x:48:

    zhangsan:x:1001:

    lisi:x:1002:

    it:x:1003: 組成員列表

    sales:x:1004:

    [root@servera ~]#

    [root@servera ~]# id student

    uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)

    [root@servera ~]#

    將使用者新增進組: zhangsan ,加入it組,lisi,sales組

    [root@servera ~]# id student

    uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)

    [root@servera ~]# usermod -aG it zhangsan

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]# usermod -aG sales lisi

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]# id zhangsan

    uid=1001(zhangsan) gid=1001(zhangsan) groups=1001(zhangsan),1003(it)

    [root@servera ~]# id lisi

    uid=1002(lisi) gid=1002(lisi) groups=1002(lisi),1004(sales)

    [root@servera ~]#

    [root@servera ~]# useradd andy

    [root@servera ~]#

    [root@servera ~]# userdel andy

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]# useradd andy #重建andy會不一樣, uid會不同

    useradd: warning: the home directory already exists.

    Not copying any file from skel directory into it.

    Creating mailbox file: File exists

    [root@servera ~]#

    [root@servera ~]# useradd user1

    [root@servera ~]# useradd user2

    [root@servera ~]# id andy

    uid=1003(andy) gid=1005(andy) groups=1005(andy)

    [root@servera ~]# userdel -r any

    userdel: user "any" does not exist

    [root@servera ~]#

    [root@servera ~]# userdel -r andy #不保留使用者的檔案。家目,郵箱檔案 ,skel檔案都會

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]# id andy

    id: ‘andy’: no such user

    [root@servera ~]# useradd andy

    [root@servera ~]# id andy

    uid=1006(andy) gid=1008(andy) groups=1008(andy)

    [root@servera ~]#

    從組中移除使用者:

    [root@servera ~]#

    [root@servera ~]# id zhangsan

    uid=1001(zhangsan) gid=1001(zhangsan) groups=1001(zhangsan),1003(it) #zhangsan主組 ,it 從屬組

    [root@servera ~]#

    命令:

    [root@servera ~]# gpasswd -d zhangsan it

    Removing user zhangsan from group it

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]# id zhangsan

    uid=1001(zhangsan) gid=1001(zhangsan) groups=1001(zhangsan)

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]# usermod -aG it zhangsan

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]# id zhangsan

    uid=1001(zhangsan) gid=1001(zhangsan) groups=1001(zhangsan),1003(it)

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]# groups zhangsan

    zhangsan : zhangsan it

    [root@servera ~]#

    直接修改檔案:

    [root@servera ~]# vim /etc/group

    [root@servera ~]# cat /etc/group |grep it:

    it:x:1003:

    [root@servera ~]#

    [root@servera ~]# groupadd test

    [root@servera ~]#

    [root@servera ~]#

    [root@servera ~]# groupdel test

    建立自定義使用者和組:

    實驗:使用者名稱mary, 指定使用者id 2000,家目錄/maryhome ,不用登入系統 描述 this is mary user

    [root@servera ~]#

    [root@servera ~]# useradd -u 2000 -d /maryhome -s /sbin/nologin -c "this is mary" mary

    [root@servera ~]#

    [root@servera ~]# id mary

    uid=2000(mary) gid=2000(mary) groups=2000(mary)

    [root@servera ~]# cat /etc/passwd |grep mary

    mary:x:2000:2000:this is mary:/maryhome:/sbin/nologin

    [root@servera ~]#

    [root@servera ~]# su - mary

    Last login: Sun Mar 29 16:48:49 CST 2020 on pts/0

    This account is currently not available.

    [root@servera ~]#

    建立自定義組:指定組id

    [root@servera ~]# groupadd -g 3000 group1

    [root@servera ~]# cat /etc/group |grep group1

    group1:x:3000:

    [root@servera ~]#

  • 中秋節和大豐收的關聯?
  • 工作環境指的是哪些方面?