tplogincn1004tplogincn(如何在linux上用命令实现用户和组的管理)

本文目录1、tplogincn1004tplogincn,如何在linux上用命令实现用户和组的管理?tplogincn1004tplogincnuid=0(root)gid=0(root)groups=0(root)context=unconfined_u:unconfined_r:unconfined_t:s0

本文目录

tplogincn1004tplogincn

uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

tplogincn1004tplogincn,如何在linux上用命令实现用户和组的管理?

Linux上用命令实现本地用户和组的管理

tplogincn1004tplogincn(如何在linux上用命令实现用户和组的管理)

本地用户和组:管理文件和进程等等

本地用户和组:

1)root: 超级管理员 系统创建的第一个账户

特点:

id为:0

家目录:/root

具有系统的完全控制权: 小心使用。

[root@servera ~]# id

uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[root@servera ~]#

2)普通用户: 不具有管理员权限

特点:

id范围:

1000 <= id <=60000

家目录: /home/用户名

[root@servera ~]# id student

uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)

[root@servera ~]#

3)服务用户: 为服务提供权限

特点:

id范围:

0 < id < 1000

家目录:应用程序服务目录

[root@servera ~]# id apache

uid=48(apache) gid=48(apache) groups=48(apache)

[root@servera ~]#

如果是yum,rpm安装的软件: 由rpm包中的脚本创建服务账户

Include conf.modules.d/*.conf

#

# If you wish httpd to run as a different user or group, you must run

# httpd as root initially and it will switch.

#

# User/Group: The name (or #number) of the user/group to run httpd as.

# It is usually good practice to create a dedicated user and group for

# running httpd, as with most system services.

#

User apache

Group apache

# 'Main' server configuration

#

本地组:

1) 主组:一个用户一定要属于某个主组中。 当些用户在创建文件时,给文件的归属组

2)从属组: 用户容器 ,组织和管理用户 权限管控

作用:

文件:

进程:

[student@servera ~]$ ps -ux

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND

student 32178 0.0 0.4 93052 9360 ? Ss 15:00 0:00 /usr/lib/system

student 32182 0.0 0.3 253776 7072 ? S 15:00 0:00 (sd-pam)

student 32188 0.0 0.2 159412 4980 ? S 15:00 0:00 sshd: student@p

student 32189 0.0 0.2 233912 4864 pts/0 Ss 15:00 0:00 -bash

student 32293 0.3 0.2 159408 5192 ? D 15:43 0:00 sshd: student@p

student 32294 0.3 0.2 233912 4924 pts/1 Ss 15:43 0:00 -bash

student 32319 0.5 0.2 233940 4804 pts/1 S 15:43 0:00 /bin/bash

student 32341 0.0 0.2 269312 3876 pts/1 R+ 15:43 0:00 ps -ux

[student@servera ~]$

账户文件:

1) /etc/passwd:保存用户信息

[root@servera tmp]# cat /etc/passwd |grep student

student: x :1000:1000: Student User:/home/student:/bin/bash

用户名 密码 uid 主组ID 描述 家目录 登录shell

[root@servera tmp]#

[root@servera tmp]# cat /etc/passwd |grep -w root:x

root:x:0:0:root:/root:/bin/bash

[root@servera tmp]#

[root@servera tmp]# cat /etc/passwd |grep apache

apache:x:48:48:Apache:/usr/share/httpd: /sbin/nologin

服务账号 无法登录系统

[root@servera tmp]#

2. /etc/shadow : 保存用户密码的 HASH ,密码的有效性信息,密码修改时间,账户有效期。

[root@servera tmp]#

[root@servera tmp]# ls -l /etc/shadow

----------. 1 root root 1014 Mar 29 11:39 /etc/shadow

[root@servera tmp]#

[root@servera tmp]#

[root@servera tmp]# cat /etc/shadow |grep student

student:$6$8oIjLCsc$/n1iQXYh2E6.uOEuJKgioqAtmqm2TQmkJGF2RwyteIr1tIfrPdiRYgWe6Sjen5/eMij2uHM/a1tue/QRlo3X80:18038:0:99999:7:::

[root@servera tmp]#

密码的HASH: sha512

8oIjLCsc$/n1iQXYh2E6.uOEuJKgioqAtmqm2TQmkJGF2RwyteIr1tIfrPdiRYgWe6Sjen5/eMij2uHM/a1tue/QRlo3X80

18038:天数 密码最后一次修改的时间 从1970-01-01 + 18038 天之后 那一天

0: 密码最少使用天数 0 没有限制 用户随时可以改密码

99999 :天数, 密码最大修改时间 永久 200多年

7 : warning 警告时间, 当密码快到最后修改时间前7天, 通知用户修改。

::天数 失效时间 inactive 用户密码过了最后修改时间,未改变密码 ,再过多少天,账户将被 锁定

:: 账户有效期

创建用户和组:

创建时,没有密码:

[root@servera ~]# useradd zhangsan

[root@servera ~]# useradd lisi

[root@servera ~]# id zhangsan

uid=1001(zhangsan) gid=1001(zhangsan) groups=1001(zhangsan)

[root@servera ~]# id lisi

uid=1002(lisi) gid=1002(lisi) groups=1002(lisi)

[root@servera ~]#

无法登录:与PAM 有关

[student@servera ~]$

[student@servera ~]$ su - zhangsan

Password:

Password:

su: Authentication failure

[student@servera ~]$

设置密码:

[root@servera ~]#

[root@servera ~]# cat /etc/passwd |grep zhangsan

zhangsan:x:1001:1001::/home/zhangsan:/bin/bash

[root@servera ~]# cat /etc/shadow |grep zhangsan

zhangsan:!!:18350:0:99999:7::: # !! 未设置密码

[root@servera ~]#

[root@servera ~]# passwd zhangsan

Changing password for user zhangsan.

New password:

BAD PASSWORD: The password is shorter than 8 characters

Retype new password:

passwd: all authentication tokens updated successfully.

[root@servera ~]#

[root@servera ~]#

[root@servera ~]# cat /etc/shadow |grep zhangsan

zhangsan:$6$3wxuXomVbQ58wQcK$oQW6injgldxa2N/Pt4tCPDVRqWRVGw.UNZdxE4R0nhEt8K/3UDKzxap6ReIReEvDpG.GdwjpMiiDh7.f6DJNQ0:18350:0:99999:7:::

[root@servera ~]#

chage 可以查看用户 密码属性

[root@servera ~]# chage -l zhangsan

Last password change : Mar 29, 2020

Password expires : never

Password inactive : never

Account expires : never

Minimum number of days between password change : 0

Maximum number of days between password change : 99999

Number of days of warning before password expires : 7

[root@servera ~]#

创建组:从属组

[root@servera ~]#

[root@servera ~]# groupadd it

[root@servera ~]#

[root@servera ~]#

[root@servera ~]# groupadd sales

[root@servera ~]#

[root@servera ~]#

[root@servera ~]#

[root@servera ~]# cat /etc/group

root:x:0:

bin:x:1:

daemon:x:2:

sys:x:3:

adm:x:4:

tty:x:5:

disk:x:6:

lp:x:7:

mem:x:8:

kmem:x:9:

wheel:x:10:student

cdrom:x:11:

mail:x:12:postfix

man:x:15:

dialout:x:18:

floppy:x:19:

games:x:20:

tape:x:33:

video:x:39:

ftp:x:50:

lock:x:54:

audio:x:63:

users:x:100:

nobody:x:65534:

dbus:x:81:

utmp:x:22:

utempter:x:35:

input:x:999:

kvm:x:36:

render:x:998:

systemd-journal:x:190:

systemd-coredump:x:997:

systemd-resolve:x:193:

tss:x:59:

polkitd:x:996:

rpc:x:32:

unbound:x:995:

ssh_keys:x:994:

sssd:x:993:

setroubleshoot:x:992:

rpcuser:x:29:

insights:x:991:

cockpit-ws:x:990:

sshd:x:74:

chrony:x:989:

tcpdump:x:72:

student:x:1000:

printadmin:x:988:

libstoragemgmt:x:987:

slocate:x:21:

postdrop:x:90:

postfix:x:89:

apache:x:48:

zhangsan:x:1001:

lisi:x:1002:

it:x:1003: 组成员列表

sales:x:1004:

[root@servera ~]#

[root@servera ~]# id student

uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)

[root@servera ~]#

将用户添加进组: zhangsan ,加入it组,lisi,sales组

[root@servera ~]# id student

uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)

[root@servera ~]# usermod -aG it zhangsan

[root@servera ~]#

[root@servera ~]#

[root@servera ~]# usermod -aG sales lisi

[root@servera ~]#

[root@servera ~]#

[root@servera ~]# id zhangsan

uid=1001(zhangsan) gid=1001(zhangsan) groups=1001(zhangsan),1003(it)

[root@servera ~]# id lisi

uid=1002(lisi) gid=1002(lisi) groups=1002(lisi),1004(sales)

[root@servera ~]#

删除用户:

[root@servera ~]# useradd andy

默认删除,保留用户的文件:

[root@servera ~]#

[root@servera ~]# userdel andy

[root@servera ~]#

[root@servera ~]#

[root@servera ~]# useradd andy #重建andy会不一样, uid会不同

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

Creating mailbox file: File exists

[root@servera ~]#

[root@servera ~]# useradd user1

[root@servera ~]# useradd user2

[root@servera ~]# id andy

uid=1003(andy) gid=1005(andy) groups=1005(andy)

[root@servera ~]# userdel -r any

userdel: user 'any' does not exist

[root@servera tplogincn ~]#

[root@servera ~]# userdel -r andy #不保留用户的文件。家目,邮箱文件 ,skel文件都会

[root@servera ~]#

[root@servera ~]#

[root@servera ~]# id andy

id: ‘andy’: no such user

[root@servera ~]# useradd andy

[root@servera ~]# id andy

uid=1006(andy) gid=1008(andy) groups=1008(andy)

[root@servera ~]#

从组中移除用户:

[root@servera ~]#

[root@servera ~]# id zhangsan

uid=1001(zhangsan) gid=1001(zhangsan) groups=1001(zhangsan),1003(it) #zhangsan主组 ,it 从属组

[root@servera ~]#

命令:

[root@servera ~]# gpasswd -d zhangsan it

Removing user zhangsan from group it

[root@servera ~]#

[root@servera ~]#

[root@servera ~]# id zhangsan

uid=1001(zhangsan) gid=1001(zhangsan) groups=1001(zhangsan)

[root@servera ~]#

[root@servera ~]#

[root@servera tplogincn ~]# usermod -aG it zhangsan

[root@servera ~]#

[root@servera ~]#

[root@servera ~]# id zhangsan

uid=1001(zhangsan) gid=1001(zhangsan) groups=1001(zhangsan),1003(it)

[root@servera ~]#

[root@servera ~]#

[root@servera ~]#

[root@servera ~]# groups zhangsan

zhangsan : zhangsan it

[root@servera ~]#

直接修改文件:

[root@servera ~]# vim /etc/group

[root@servera ~]# cat /etc/group |grep it:

it:x:1003:

[root@servera ~]#

删除组:

[root@servera ~]# groupadd test

[root@servera ~]#

[root@servera ~]#

[root@servera ~]# groupdel test

创建自定义用户和组:

实验:用户名mary, 指定用户id 2000,家目录/maryhome ,不用登录系统 描述 this is mary user

[root@servera ~]#

[root@servera ~]# useradd -u 2000 -d /maryhome -s /sbin/nologin -c "this is tplogin mary" mary

[root@servera ~]#

[root@servera ~]# id mary

uid=2000(mary) gid=2000(mary) groups=2000(mary)

[root@servera ~]# cat /etc/passwd |grep mary

mary:x:2000:2000:this is mary:/maryhome:/sbin/nologin

[root@servera ~]#

[root@servera ~]# su - mary

Last login: Sun Mar 29 16:48:49 CST 2020 on pts/0

This account is currently not available.

[root@servera ~]#

创建自定义组:指定组id

[root@servera ~]# groupadd -g 3000 group1

[root@servera ~]# cat /etc/group |grep group1

group1:x:3000:

[root@servera ~]#

如何在linux上用命令实现用户和组的管理

原创文章,作者:192.168.1.1,如若转载,请注明出处:https://www.224m.com/283422.html

(0)
192.168.1.1192.168.1.1
上一篇 2023年6月6日 10:27
下一篇 2023年6月6日 10:35

相关推荐