RH124-05 管理本地用戶和組-2
管理本地賬號
5.3 c
相關命令: useradd ,usermod ,userdel,passwd , groupadd ,groupmod,gpasswd,groupdel
相關文件: /etc/login.defs , /etc/passwd , /etc/shadow , /etc/gpasswd , /etc/gshadow
需要掌握: 創建,修改,刪除用戶、用戶組,修改用戶組身份,設定用戶密碼
添加用戶前需要確定:
確定用戶的默認組是否有特殊要求
確定用戶是否允許登陸
確定用戶的密碼策略
確定用戶的有效期
確定用戶的uid是否有特殊要求
useradd,usermod 的參數:
-u 指定用戶的uid
-c 添加用戶註釋
-g 指定用用戶的默認組
-G 指定用戶的附加組
-a 追加更多的附加組,必須和-G使用: -aG
-d 指定用戶的家目錄
-m 家目錄遷移,必須和-d一起使用
-s 指定用戶默認shell
-L 鎖定用戶
-U 解鎖用戶
groupadd命令的需要掌握的參數:
-g
groupmod命令的需要掌握的參數:
-g
-n
練習: 考試必考知識點
建立用戶juliet, romeo, hamlet,reba, dolly, and elvis
建立用戶組,組ID要求為30000,組名為shakespeare
建立用戶組,組名為artists
要求把shakespeare作為用戶juliet, romeo和 hamlet的附加組
要求把artists作為用戶reba, dolly 和 elvis的附加組
要求artists同時作為用戶romeo的另外一個附加組(之前的附加組還繼續使用)
5.4 管理用戶密碼
相關文件: /etc/passwd,/etc/shadow
相關命令: chage,usermod
chage命令的參數:
-l 顯示帳戶年齡信息
-E # chage -E 2014-12-28 romeo
-d # -d 0 下次登陸系統強制修改密碼
-M 將兩次改變密碼之間相距的最大天數設為“最大天數”
-m 將兩次改變密碼之間相距的最小天數設為“最小天數”
-W 將過期警告天數設為“警告天數”
-I 過期 INACTIVE 天數後,設定密碼為失效狀態
練習: 在server虛擬機上完成。 當romeo用戶第一次登陸系統的時候(默認登陸密碼為romeo),必須要求強制更改密碼。密碼有效期為90天,賬號將在180天後過期
實驗: 重置server虛擬機,然後在上面完成操作
新建用戶sspade, bboop, and dtracy,密碼有效期為30天,默認密碼都為redhat
新建用戶組consultants,組ID必須為40000,並且該組作為上面三個用戶的附加組
把上述三個用戶的賬號有效期設定為90天後
bboop用戶的密碼有效期更改為15天
所有用戶在第一登陸的時候都必須強制修改密碼
實驗完畢,提交# lab localusers grade
======================================================================================================================
第五章目錄
useradd tom
[[email protected] ~]# grep tom /etc/passwd 在某個目錄中的文件 找某個關鍵字,如果有則輸出
tom:x:1001:1001::/home/tom:/bin/bash
[[email protected] ~]# id tom
uid=1001(tom) gid=1001(tom) groups=1001(tom)
[[email protected] ~]# grep tom /etc/group 如果沒有指定組,則會默認加一個與它相同的組,並且會一個家目錄。
tom:x:1001:
[[email protected] ~]# cd /home
[[email protected] home]# ls
student tom
[[email protected] home]# passwd tom 給用戶加一個密碼
Changing password for user tom.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
[[email protected] home]# ssh [email protected]
The authenticity of host ‘localhost (::1)‘ can‘t be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
創建mary
[[email protected] home]# useradd -u 1500 -d /home/imary -s /sbin/nologin mary
[[email protected] home]# id mary
uid=1500(mary) gid=1500(mary) groups=1500(mary)
[[email protected] home]# grep mary /etc/gropu
grep: /etc/gropu: No such file or directory
[[email protected] home]# grep mary /etc/group
mary:x:1500:
修改mary的組和bash等信息
[[email protected] home]# usermod -c "i am mary ,i am a pretty girl" -G tom -s /bin/bash mary
[[email protected] home]# id mary
uid=1500(mary) gid=1500(mary) groups=1500(mary),1001(tom)
[[email protected] home]# grep mary /etc/passwd
mary:x:1500:1500:i am mary ,i am a pretty girl:/home/imary:/bin/bash
[[email protected] home]#
[[email protected] home]# usermod -aG daemon mary 再加一個組
[[email protected] home]# id mary
uid=1500(mary) gid=1500(mary) groups=1500(mary),2(daemon),1001(tom)
[[email protected] home]#
[[email protected] home]# usermod -L mary 鎖定
[[email protected] home]# grep mary /etc/shadow
mary:!!:17306:0:99999:7:::
[[email protected] home]# ^C
[[email protected] home]# usermod -U mary 解鎖
[[email protected] home]# grep mary /etc/shadow
mary:!:17306:0:99999:7:::
[[email protected] home]#
刪除,不加-r會留下郵件和家目錄
[[email protected] home]# userdel mary
[[email protected] home]# ls -ld /home/imary
drwx------. 4 1500 1500 88 May 20 14:13 /home/imary
[[email protected] home]# ls -l /var/mail
lrwxrwxrwx. 1 root root 10 May 7 2014 /var/mail -> spool/mail
[[email protected] home]# ls -l /var/mail/
total 0
-rw-rw----. 1 1500 mail 0 May 20 14:13 mary
-rw-rw----. 1 rpc mail 0 May 7 2014 rpc
-rw-rw----. 1 student mail 0 Jul 11 2014 student
-rw-rw----. 1 tom mail 0 May 20 13:57 tom
[[email protected] home]# userdel -r tom
[[email protected] home]# ls -l /var/mail
lrwxrwxrwx. 1 root root 10 May 7 2014 /var/mail -> spool/mail
[[email protected] home]# ls -l /var/mail/
total 0
-rw-rw----. 1 1500 mail 0 May 20 14:13 mary
-rw-rw----. 1 rpc mail 0 May 7 2014 rpc
-rw-rw----. 1 student mail 0 Jul 11 2014 student
[[email protected] home]# grep admin /etc/group
admin:x:1001:
[[email protected] home]# groupadd -g 1500 dba
[[email protected] home]# grep dba /etc/group
dba:x:1500:
[[email protected] home]# groupmod -g 2500 dba 改id
[[email protected] home]# grep dba /etc/group
dba:x:2500:
[[email protected] home]# groupmod -n dbadmin dba 改名字
[[email protected] home]# grep dba /etc/group
dbadmin:x:2500:
[[email protected] home]#
組加密碼,並用student組臨時改成admin,只是在這次的會話中登陸 ,重新登陸就沒有了
[[email protected] home]# gpasswd admin
Changing the password for group admin
New Password:
Re-enter new password:
[[email protected] home]# grep admin /etc/gshadow
admin:$6$YCWYZDTZINF0tT$x.LHtjRsrVhLRQmdvyM3iCLLJkqp3DJqxlfPAoF.ozfegXjXC9kSK3k8cd7ckmstW7MHNJrpH9R7zaCv8xZiR.::
dbadmin:!::
[[email protected] home]# grep admin /etc/passwd
[[email protected] home]# ext
bash: ext: command not found...
[[email protected] home]# exit
logout
[[email protected] Desktop]$ newgrp admin
Password:
[[email protected] Desktop]$ id
uid=1000(student) gid=1001(admin) groups=1000(student),10(wheel),1001(admin) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[[email protected] Desktop]$
練習:
[[email protected] Desktop]# useradd juliet
[[email protected] Desktop]# useradd romeo
[[email protected] Desktop]# useradd hamlet
[[email protected] Desktop]# useradd dolly
[[email protected] Desktop]# useraddd elvis
bash: useraddd: command not found...
Similar command is: ‘useradd‘
[[email protected] Desktop]# useradd elvis
[[email protected] Desktop]# useradd reba
[[email protected] Desktop]# gropadd -g 3000 shakespeare
bash: gropadd: command not found...
[[email protected] Desktop]# groupadd -g 3000 shakespeare
[[email protected] Desktop]# tail -6 /etc/group
romeo:x:1002:
hamlet:x:1003:
dolly:x:1004:
elvis:x:1005:
reba:x:1006:
shakespeare:x:3000:
[[email protected] Desktop]# tail -7 /etc/group
juliet:x:2501:
romeo:x:1002:
hamlet:x:1003:
dolly:x:1004:
elvis:x:1005:
reba:x:1006:
shakespeare:x:3000:
[[email protected] Desktop]# tail -2 /etc/group
reba:x:1006:
shakespeare:x:3000:
加組兩種訪求
[[email protected] Desktop]# id juliet
uid=1001(juliet) gid=2501(juliet) groups=2501(juliet)
[[email protected] Desktop]# usermod -Gshakespeare juliet
[[email protected] Desktop]# id juliet
uid=1001(juliet) gid=2501(juliet) groups=2501(juliet),3000(shakespeare)
[[email protected] Desktop]# gpasswd -a romeo shakespeare
再加一個附加組 usrmod -aG artists romeo
本文出自 “IT正能量” 博客,謝絕轉載!
RH124-05 管理本地用戶和組-2