RH124-05管理用戶密碼-3
5.4 管理用戶密碼
相關文件: /etc/passwd,/etc/shadow
相關命令: chage,usermod
chage命令的參數:
-l 顯示帳戶年齡信息
-E # chage -E 2014-12-28 romeo
-d # -d 0 下次登陸系統強制修改密碼
-M 將兩次改變密碼之間相距的最大天數設為“最大天數”
-m 將兩次改變密碼之間相距的最小天數設為“最小天數”
-W 將過期警告天數設為“警告天數”
-I 過期 INACTIVE 天數後,設定密碼為失效狀態
練習: 在server虛擬機上完成。 當romeo用戶第一次登陸系統的時候(默認登陸密碼為romeo),必須要求強制更改密碼。密碼有效期為90天,賬號將在180天後過期
實驗: 重置server虛擬機,然後在上面完成操作
新建用戶sspade, bboop, and dtracy,密碼有效期為30天,默認密碼都為redhat
新建用戶組consultants,組ID必須為40000,並且該組作為上面三個用戶的附加組
把上述三個用戶的賬號有效期設定為90天後
bboop用戶的密碼有效期更改為15天
所有用戶在第一登陸的時候都必須強制修改密碼
實驗完畢,提交# lab localusers grade
上課記錄:
[[email protected] Desktop]$ ll /etc/passwd
-rw-r--r--. 1 root root 2005 Jul 11 2014 /etc/passwd
[[email protected] Desktop]$ ll /etc/shadow
----------. 1 root root 1148 Jul 11 2014 /etc/shadow
vi /etc/shadow
root:$6$UiGI4Tc2$htsXYn5cJnOqv3P1VLcUSgfjDu2pL5yiJBuua6foZAHdwqeuLHfYUfS/vBn27Wjvoel8EJgtdsMjyquqvKAmf1:16261:0:99999:7:::
bin:*:16141:0:99999:7:::
daemon:*:16141:0:99999:7:::
adm:*:16141:0:99999:7::: 沒密碼則是*號或!!,代表密碼是無效的,如果無效則無法登陸。
lp:*:16141:0:99999:7:::
sync:*:16141:0:99999:7:::
shutdown:*:16141:0:99999:7:::
halt:*:16141:0:99999:7:::
mail:*:16141:0:99999:7:::
operator:*:16141:0:99999:7:::
games:*:16141:0:99999:7:::
ftp:*:16141:0:99999:7:::
nobody:*:16141:0:99999:7:::
dbus:!!:16197::::::
polkitd:!!:16197::::::
avahi:!!:16197::::::
avahi-autoipd:!!:16197::::::
rpc:!!:16197:0:99999:7:::
rpcuser:!!:16197::::::
nfsnobody:!!:16197::::::
ovirtagent:!!:16197::::::
postfix:!!:16197::::::
兩個密碼一樣,其加密出來的字符串也不一樣。
passwd: all authentication tokens updated successfully.
[[email protected] ~]# chage -l tom
Last password change : May 29, 2017
Password expires : never 多久可以過期
Password inactive : never 密碼過期多久不能用
Account expires : never
Minimum number of days between password change : 0 密碼多久改0為不改
Maximum number of days between password change : 99999 最大的時間不過期
Number of days of warning before password expires : 7 過期 前提示
[[email protected] ~]# date
Mon May 29 14:24:01 CST 2017
chage -m 1 多久改 -M密碼有效期 14 天 -W 過期前5天敬告 -I 3 過期3天後
練習如下:
在server虛擬機上完成。 當romeo用戶第一次登陸系統的時候(默認登陸密碼為romeo),必須要求強制更改密碼。密碼有效期為90天,賬號將在180天後過期
[[email protected] ~]# useradd romeo
[[email protected] ~]# passwd romeo
Changing password for user romeo.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[[email protected] ~]# chage -M 90 -E 2015-09-06 romeo
[[email protected] ~]# chage -l romeo
Last password change : May 29, 2017
Password expires : Aug 27, 2017
Password inactive : never
Account expires : Sep 06, 2015
Minimum number of days between password change : 0
Maximum number of days between password change : 90
Number of days of warning before password expires : 7
[[email protected] ~]# chage -d 0 romeo
[[email protected] ~]#
[[email protected] ~]# ssh [email protected]
實驗: 重置server虛擬機,然後在上面完成操作
新建用戶sspade, bboop, and dtracy,密碼有效期為30天,默認密碼都為redhat
新建用戶組consultants,組ID必須為40000,並且該組作為上面三個用戶的附加組
把上述三個用戶的賬號有效期設定為90天後
bboop用戶的密碼有效期更改為15天
所有用戶在第一登陸的時候都必須強制修改密碼
[email protected] ~]#
[[email protected] ~]# useradd sspade
[[email protected] ~]# useradd bboop
[[email protected] ~]# useradd dtracy
[[email protected] ~]# passwd sspade
Changing password for user sspade.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[[email protected] ~]# passwd bboop
Changing password for user bboop.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[[email protected] ~]# passwd dtracy
Changing password for user dtracy.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
Sorry, passwords do not match.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]# chage -M 30 sspade
[[email protected] ~]# chage -M 30 bboop
[[email protected] ~]# chage -M 30 dtracy
[[email protected] ~]#
新建用戶組consultants,組ID必須為40000,並且該組作為上面三個用戶的附加組
[[email protected] ~]# groupadd -g 400000 consultants
[[email protected] ~]# gpasswd -a sspade consultant
gpasswd: group ‘consultant‘ does not exist in /etc/group
[[email protected] ~]# gpasswd -a sspade consultants
Adding user sspade to group consultants
[[email protected] ~]# gpasswd -a bboop consultants
Adding user bboop to group consultants
[[email protected] ~]# gpasswd -a dtracy consultants
Adding user dtracy to group consultants
[[email protected] ~]# id sspade
uid=1003(sspade) gid=1003(sspade) groups=1003(sspade),400000(consultants)
[[email protected] ~]# id bboop
[[email protected] ~]# date -d +"30 days"
Wed Jun 28 14:56:49 CST 2017
把上述三個用戶的賬號有效期設定為90天後 改成9月9號
[[email protected] ~]# chage -E 2017-09-09 sspade
[[email protected] ~]# chage -E 2017-09-09 bboop
bboop用戶的密碼有效期更改為15天
[[email protected] ~]# chage -M 15 bboop
[[email protected] ~]# chage -l bboop
Last password change : May 29, 2017
Password expires : Jun 13, 2017
Password inactive : never
Account expires : Sep 09, 2017
Minimum number of days between password change : 0
Maximum number of days between password change : 15
Number of days of warning before password expires : 7
所有用戶在第一登陸的時候都必須強制修改密碼
[[email protected] ~]# chage -d 0 sspade
[[email protected] ~]# chage -d 0 bboop
附註: 如何算時間
[[email protected] ~]# date -d +"90 days" +"%Y-%m-%d" 後面是限定輸出格式
2017-08-27
last change date :-d 修改密碼的時間,0就是登陸就修改
min days -m 密碼最小時間 即在1天或2天內修改密碼
warn days -W 密碼警告時間 Number of days of warning before password expires 即在密碼過期前告
max days -M 密碼有效時間 默認密碼有效時間是9999
inactive days -l 賬號 失效時間 :默認是never
chage -E 2017-09-09 sspade 設置賬號的有效期
本文出自 “IT正能量” 博客,謝絕轉載!
RH124-05管理用戶密碼-3