管理本地賬號

5.3 c

相關命令： useradd ,usermod ,userdel,passwd , groupadd ,groupmod,gpasswd,groupdel

相關文件： /etc/login.defs , /etc/passwd , /etc/shadow , /etc/gpasswd , /etc/gshadow

需要掌握： 創建，修改，刪除用戶、用戶組，修改用戶組身份，設定用戶密碼

添加用戶前需要確定:

確定用戶的默認組是否有特殊要求

確定用戶是否允許登陸

確定用戶的密碼策略

確定用戶的有效期

確定用戶的uid是否有特殊要求

useradd，usermod 的參數：

-u 指定用戶的uid

-c 添加用戶註釋

-g 指定用用戶的默認組

-G 指定用戶的附加組

-a 追加更多的附加組，必須和-G使用: -aG

-d 指定用戶的家目錄

-m 家目錄遷移，必須和-d一起使用

-s 指定用戶默認shell

-L 鎖定用戶

-U 解鎖用戶

groupadd命令的需要掌握的參數:

-g

groupmod命令的需要掌握的參數:

-g

-n

練習： 考試必考知識點

建立用戶juliet, romeo, hamlet，reba, dolly, and elvis

建立用戶組，組ID要求為30000，組名為shakespeare

建立用戶組，組名為artists

要求把shakespeare作為用戶juliet, romeo和 hamlet的附加組

要求把artists作為用戶reba, dolly 和 elvis的附加組

要求artists同時作為用戶romeo的另外一個附加組(之前的附加組還繼續使用)

5.4 管理用戶密碼

相關文件： /etc/passwd,/etc/shadow

相關命令： chage,usermod

chage命令的參數:

-l 顯示帳戶年齡信息

-E # chage -E 2014-12-28 romeo

-d # -d 0 下次登陸系統強制修改密碼

-M 將兩次改變密碼之間相距的最大天數設為“最大天數”

-m 將兩次改變密碼之間相距的最小天數設為“最小天數”

-W 將過期警告天數設為“警告天數”

-I 過期 INACTIVE 天數後，設定密碼為失效狀態

練習： 在server虛擬機上完成。 當romeo用戶第一次登陸系統的時候(默認登陸密碼為romeo)，必須要求強制更改密碼。密碼有效期為90天，賬號將在180天後過期

實驗： 重置server虛擬機，然後在上面完成操作

新建用戶sspade, bboop, and dtracy，密碼有效期為30天，默認密碼都為redhat

新建用戶組consultants，組ID必須為40000，並且該組作為上面三個用戶的附加組

把上述三個用戶的賬號有效期設定為90天後

bboop用戶的密碼有效期更改為15天

所有用戶在第一登陸的時候都必須強制修改密碼

實驗完畢，提交# lab localusers grade

======================================================================================================================

第五章目錄

useradd tom

[[email protected] ~]# grep tom /etc/passwd 在某個目錄中的文件 找某個關鍵字，如果有則輸出

tom:x:1001:1001::/home/tom:/bin/bash

[[email protected] ~]# id tom

uid=1001(tom) gid=1001(tom) groups=1001(tom)

[[email protected] ~]# grep tom /etc/group 如果沒有指定組，則會默認加一個與它相同的組，並且會一個家目錄。

tom:x:1001:

[[email protected] ~]# cd /home

[[email protected] home]# ls

student tom

[[email protected] home]# passwd tom 給用戶加一個密碼

Changing password for user tom.

New password:

BAD PASSWORD: The password is shorter than 8 characters

Retype new password:

[[email protected] home]# ssh [email protected]

The authenticity of host ‘localhost (::1)‘ can‘t be established.

ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

Are you sure you want to continue connecting (yes/no)? yes

創建mary

[[email protected] home]# useradd -u 1500 -d /home/imary -s /sbin/nologin mary

[[email protected] home]# id mary

uid=1500(mary) gid=1500(mary) groups=1500(mary)

[[email protected] home]# grep mary /etc/gropu

grep: /etc/gropu: No such file or directory

[[email protected] home]# grep mary /etc/group

mary:x:1500:

修改mary的組和bash等信息

[[email protected] home]# usermod -c "i am mary ,i am a pretty girl" -G tom -s /bin/bash mary

[[email protected] home]# id mary

uid=1500(mary) gid=1500(mary) groups=1500(mary),1001(tom)

[[email protected] home]# grep mary /etc/passwd

mary:x:1500:1500:i am mary ,i am a pretty girl:/home/imary:/bin/bash

[[email protected] home]#

[[email protected] home]# usermod -aG daemon mary 再加一個組

[[email protected] home]# id mary

uid=1500(mary) gid=1500(mary) groups=1500(mary),2(daemon),1001(tom)

[[email protected] home]#

[[email protected] home]# usermod -L mary 鎖定

[[email protected] home]# grep mary /etc/shadow

mary:!!:17306:0:99999:7:::

[[email protected] home]# ^C

[[email protected] home]# usermod -U mary 解鎖

[[email protected] home]# grep mary /etc/shadow

mary:!:17306:0:99999:7:::

[[email protected] home]#

刪除，不加-r會留下郵件和家目錄

[[email protected] home]# userdel mary

[[email protected] home]# ls -ld /home/imary

drwx------. 4 1500 1500 88 May 20 14:13 /home/imary

[[email protected] home]# ls -l /var/mail

lrwxrwxrwx. 1 root root 10 May 7 2014 /var/mail -> spool/mail

[[email protected] home]# ls -l /var/mail/

total 0

-rw-rw----. 1 1500 mail 0 May 20 14:13 mary

-rw-rw----. 1 rpc mail 0 May 7 2014 rpc

-rw-rw----. 1 student mail 0 Jul 11 2014 student

-rw-rw----. 1 tom mail 0 May 20 13:57 tom

[[email protected] home]# userdel -r tom

[[email protected] home]# ls -l /var/mail

lrwxrwxrwx. 1 root root 10 May 7 2014 /var/mail -> spool/mail

[[email protected] home]# ls -l /var/mail/

total 0

-rw-rw----. 1 1500 mail 0 May 20 14:13 mary

-rw-rw----. 1 rpc mail 0 May 7 2014 rpc

-rw-rw----. 1 student mail 0 Jul 11 2014 student

[[email protected] home]# grep admin /etc/group

admin:x:1001:

[[email protected] home]# groupadd -g 1500 dba

[[email protected] home]# grep dba /etc/group

dba:x:1500:

[[email protected] home]# groupmod -g 2500 dba 改id

[[email protected] home]# grep dba /etc/group

dba:x:2500:

[[email protected] home]# groupmod -n dbadmin dba 改名字

[[email protected] home]# grep dba /etc/group

dbadmin:x:2500:

[[email protected] home]#

組加密碼，並用student組臨時改成admin，只是在這次的會話中登陸 ，重新登陸就沒有了

[[email protected] home]# gpasswd admin

Changing the password for group admin

New Password:

Re-enter new password:

[[email protected] home]# grep admin /etc/gshadow

admin:$6$YCWYZDTZINF0tT$x.LHtjRsrVhLRQmdvyM3iCLLJkqp3DJqxlfPAoF.ozfegXjXC9kSK3k8cd7ckmstW7MHNJrpH9R7zaCv8xZiR.::

dbadmin:!::

[[email protected] home]# grep admin /etc/passwd

[[email protected] home]# ext

bash: ext: command not found...

[[email protected] home]# exit

logout

[[email protected] Desktop]$ newgrp admin

Password:

[[email protected] Desktop]$ id

uid=1000(student) gid=1001(admin) groups=1000(student),10(wheel),1001(admin) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[[email protected] Desktop]$

練習：

[[email protected] Desktop]# useradd juliet

[[email protected] Desktop]# useradd romeo

[[email protected] Desktop]# useradd hamlet

[[email protected] Desktop]# useradd dolly

[[email protected] Desktop]# useraddd elvis

bash: useraddd: command not found...

Similar command is: ‘useradd‘

[[email protected] Desktop]# useradd elvis

[[email protected] Desktop]# useradd reba

[[email protected] Desktop]# gropadd -g 3000 shakespeare

bash: gropadd: command not found...

[[email protected] Desktop]# groupadd -g 3000 shakespeare

[[email protected] Desktop]# tail -6 /etc/group

romeo:x:1002:

hamlet:x:1003:

dolly:x:1004:

elvis:x:1005:

reba:x:1006:

shakespeare:x:3000:

[[email protected] Desktop]# tail -7 /etc/group

juliet:x:2501:

romeo:x:1002:

hamlet:x:1003:

dolly:x:1004:

elvis:x:1005:

reba:x:1006:

shakespeare:x:3000:

[[email protected] Desktop]# tail -2 /etc/group

reba:x:1006:

shakespeare:x:3000:

加組兩種訪求

[[email protected] Desktop]# id juliet

uid=1001(juliet) gid=2501(juliet) groups=2501(juliet)

[[email protected] Desktop]# usermod -Gshakespeare juliet

[[email protected] Desktop]# id juliet

uid=1001(juliet) gid=2501(juliet) groups=2501(juliet),3000(shakespeare)

[[email protected] Desktop]# gpasswd -a romeo shakespeare

再加一個附加組 usrmod -aG artists romeo

本文出自 “IT正能量” 博客，謝絕轉載！

RH124-05 管理本地用戶和組-2