3.4Linux用戶和組管理進階
在咱們建立完用戶後,指望用戶能登陸的話,默認狀況下,系統中是限制空密碼用戶登陸
的,此時,就必須給用戶提供密碼,才能實現登陸系統
passwd:
普通用戶僅能修改本身的密碼,修改時,須要先輸入當前用戶的密碼
管理員:
passwd [username] 沒有加用戶名時,是修改當前用戶的密碼,加了用戶名以後
是修改指定用戶名的密碼的,此處修改是不須要原來用戶名的密碼能夠直接進行修改的
NAME
passwd - update user’s authentication tokens 更新用戶的身份驗證令牌linux
SYNOPSIS
passwd [-k] [-l] [-u [-f]] [-d] [-e] [-n mindays] [-x maxdays] [-w warndays] [-i inactivedays] [-S] [--stdin] [username]算法
DESCRIPTION
The passwd utility is used to update user’s authentication token(s).
密碼使用時,最好能知足密碼複雜度策略:防止被輕易破解
數字、小寫、大寫和特殊字符至少三類
最短長度5位 建議通常不要少於15位
不要使用易猜想的密碼
按期修改,且不要使用最近曾經使用過的密碼
[root@linux_basic ~]# passwd user1
Changing password for user user1.
New password:
BAD PASSWORD: it is too simplistic/systematic
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
--stdin
This option is used to indicate that passwd should read the new password from standard input, which can be a pipe.
經過標準輸入來讀取密碼
[root@linux_basic ~]# echo "centos" | passwd --stdin root
Changing password for user root.
passwd: all authentication tokens updated successfully.
身份驗證令牌更新成功
[root@linux_basic ~]# echo "123456" | passwd --stdin root > /dev/null 把輸出正確信息都重定向到/dev/null中,若是執行不成功
則會輸出錯誤提示的
[root@linux_basic ~]# echo $?
0
[root@linux_basic ~]# head -1 /etc/shadow
root:$6$0LBho94G$uPzBpRjBrDXJSoyVY6QqYXICQTDd6QHAq0OfT4lga7mYnoIjsOkd7MBQu7UOClBq2rDHIKxVU3d9mzCXZy8cu.:16425:0:99999:7:::
加密過程
加密工具就是讓咱們輸入一段明文,他經過處理本身加工後,輸出是雜亂無章的數據
加密自己是經過複雜的加密算法來完成的,而算法自己很容易被學習到,而被破解,所以加密本
身通常而言,不只僅要依賴於算法還要依賴於密鑰shell
解密過程
解密工具讀入密文數據能還原成原有數據
加密方式有三種:
對稱加密:加密和解密使用同一個密鑰(口令);
解密是須要密文和口令的
密鑰分發困難 兩人第一通訊時,但願把數據進行加密通訊,用戶加密數據後,那對方如何把密碼發送另外一我的呢?
對稱加密沒法實現密鑰交換
公鑰加密(非對稱加密):加密和解密使用一對兒密鑰,使用公鑰加密就得使用與之配對的私鑰解密
公鑰:公開的
私鑰:保密的,私有的
此時,和對方發數據加密通訊,使用對方的公鑰加密,對方的公鑰是公開的,則只有使用與之配對的私鑰解密,由於對
方的私鑰是隻有本身才有的
在互聯網上,兩人從未通訊過,如何獲取對方的公鑰?若是對方發送公鑰的話,任何人都是能夠獲取的,而且替換的。爲
了保證公鑰的來源可靠,此時須要用到CA(第三方機構)express
CA:證書頒發機構:主要是給每一個用戶提供一個證書,這個證書包含用戶的公鑰centos
Bob <-- Alice
Bob和Alice通訊,從Alice那裏獲取到Alice證書後,Bob此時不會直接信任Alice就是真實的,會去驗證他的證書是否是合
法渠道獲得的,若是是,就使用對方的公鑰來加密數據,不然就拒絕接收對方的數據。
此時還須要一個驗證方來驗證證書的真僞
不能保證數據完整性,數據完整性是指,接收到的數據在傳輸過程當中沒有被修改,接收到的數據就是發送的數據
PKI:公鑰基礎設施
爲了保證數據完整性,有一種高效的方式 單向加密
單向加密:提取數據的唯一的特徵碼 能加密不能解密,是不可逆的
一、定長輸出; 不管數據有多大,獲得的結果必定是相同長度的
二、不可逆;
三、雪崩效應: 初始條件的微小改變,獲得的結果會產生巨大改變,只要輸入數據相同,結果也必相同
[root@linux_basic tmp]# md5sum /tmp/fstab
4c39a1c49e8814dc9fd0db16f4979854(提取的特徵碼) /tmp/fstab
[root@linux_basic tmp]# echo "1" >> /tmp/fstab
[root@linux_basic tmp]# md5sum /tmp/fstab
3d2d17eea6e41d0c12094aff2bb89be2 /tmp/fstab
用編輯器把1去掉,退到光標的初始位置,再計算特徵碼
[root@linux_basic tmp]# md5sum fstab
4c39a1c49e8814dc9fd0db16f4979854 fstab
實現單向加密算法的工具備不少
md5: 定長輸出128bits
sha1: 定長輸出160bits 這個是更長的,輸出長度不一樣
[root@linux_basic tmp]# sha
sha1sum sha224sum sha256sum sha384sum sha512sum 安全
Bob --> data, fingerprint --> data,
Bob和Alice通訊,Bob把通訊的數據計算其特徵碼,把數據和特徵碼一併發送過去,對方接收下來後,使用
一樣的算法,來對數據再次進行加密,加密後,這個兩個特徵碼應該是同樣的,若是不同,則說明,數據
和特徵碼之間必有一個發生了改變。
此時仍是存在不安全,由於數據和特徵碼都是明文傳輸的,若是有人把數據竊取下來後,而且修改了,且用
本身的算法計算其特徵碼,在發送到另外一方,那麼另外一方是無從得知數據是否變化的,則必須有一個方法來
保證數據更改後,另外一方能夠發現的方式。
用發送方的私鑰加密數據,則只有獲得與之配對公鑰的人才能解密,可是此時數據被修改後,再加密是會被
接收方發現的。bash
數字簽名:使用本身的私鑰進行加密的,用本身的公鑰解密
/etc/shadow中用戶的加密是使用單向加密的,可是若是兩個用戶的密碼相同,由於是單向加密,因此在/etc/shadow中
看到的加密後的結果是同樣的,爲了防止用戶之間因發現對方的密碼和本身的密碼同樣,則把加密後的數據加入一些雜
質(salt鹽)後,數據就亂了,passwd正是經過這種方式來加密的,那下次用戶登陸時,如何來驗證密碼是設置的密碼呢?
則須要登陸時,帶上所加的雜質就能夠實現成功驗證了
root:$6$0LBho94G$uPzBpRjBrDXJSoyVY6QqYXICQTDd6QHAq0OfT4lga7mYnoIjsOkd7MBQu7UOClBq2rDHIKxVU3d9mzCXZy8cu.:16425:0:99999:7:::
3個$之間的數據組成的雜質(是密碼工具隨機生成的),第一第二個$之間的數據是加密算法, 1 是MD5加密 6 是sha512加密
[root@linux_basic tmp]# whatis passwd
passwd (1) - update user's authentication tokens
passwd (5) - password file
passwd [sslpasswd] (1ssl) - compute password hashes
[root@linux_basic tmp]# man sslpasswd
PASSWD(1) OpenSSL PASSWD(1)併發
NAME
passwd - compute password hashesapp
SYNOPSIS 加密方法
openssl passwd [-crypt] [-1] [-apr1] [-salt string] [-in file] [-stdin] [-noverify] [-quiet] [-table] {password}less
DESCRIPTION
The passwd command computes the hash of a password typed at run-time or the hash of each password in a list. The password
list is taken from the named file for option -in file, from stdin for option -stdin, or from the command line, or from the
terminal otherwise. The Unix standard algorithm crypt and the MD5-based BSD password algorithm 1 and its Apache variant apr1
are available.
若是salt是同樣的,則加密後結果也是同樣的
[root@linux_basic tmp]# openssl passwd -1 -salt 123456
Password:
$1$123456$3GFsiB8xUJ7EaYT.K6Spz0
[root@linux_basic tmp]# openssl passwd -1 -salt 123456 centos
$1$123456$3GFsiB8xUJ7EaYT.K6Spz0
發現這兩個結果是同樣的
[root@linux_basic tmp]# openssl passwd -1 -salt 123456 centos
$1$123456$3GFsiB8xUJ7EaYT.K6Spz0
[root@linux_basic tmp]# openssl passwd -1 -salt 12345 centos 修改一位後,結果發生巨大改變
$1$12345$C9tk/jaUbZsGwjXmhicdZ1
可知即便是同一個密碼,salt不一樣,獲得的結果也是不一樣的,用戶登陸後的驗證是經過屢次計算比較原來的數據是否相同的
passwd
--stdin
-l: lock 鎖定用戶
-l This option is used to lock the specified account and it is available to root only. The locking is performed by ren-
dering the encrypted password into an invalid string (by prefixing the encrypted string with an !).
-u: unlock 解鎖
-u This is the reverse of the -l option - it will unlock the account password by removing the ! prefix. This option is
available to root only. By default passwd will refuse to create a passwordless account (it will not unlock an account
that has only "!" as a password). The force option -f will override this protection.
[root@linux_basic tmp]# passwd user11
Changing password for user user11.
New password:
BAD PASSWORD: it is too simplistic/systematic
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@linux_basic tmp]# tail -1 /etc/shadow
user11:$6$QfWm2Sr9$XpXFyonX4w8rd6h39PTqzFgMrfVZJ1XsQZlynYXhFxZNrkYU7SKy4Z4EqGvdyiLa6ka6WtTnPEFpQcXHUcFGV/:16426:0:99999:7:::
[root@linux_basic tmp]# passwd -l user11
Locking password for user user11.
passwd: Success
[root@linux_basic tmp]# tail -1 /etc/shadow 鎖定用戶後,會在/etc/shadow加密的密碼前面添加兩個!!號的
user11:!!$6$QfWm2Sr9$XpXFyonX4w8rd6h39PTqzFgMrfVZJ1XsQZlynYXhFxZNrkYU7SKy4Z4EqGvdyiLa6ka6WtTnPEFpQcXHUcFGV/:16426:0:99999:7:::
鎖定後,用戶是不能登陸的
解鎖用戶
[root@linux_basic tmp]# passwd -u user11
Unlocking password for user user11.
passwd: Success
[root@linux_basic tmp]# tail -1 /etc/shadow
user11:$6$QfWm2Sr9$XpXFyonX4w8rd6h39PTqzFgMrfVZJ1XsQZlynYXhFxZNrkYU7SKy4Z4EqGvdyiLa6ka6WtTnPEFpQcXHUcFGV/:16426:0:99999:7:::
/etc/shadow文件格式
用戶名:加密的密碼:最近一次修改密碼的時間:密碼最短使用期限:密碼最長使用期限:密碼過時警告區間:密碼非活動期限:賬號過時期限:保留區域
[root@linux_basic tmp]# man 5 shadow
SHADOW(5) File Formats and Conversions SHADOW(5)
NAME
shadow - shadowed password file
DESCRIPTION
shadow is a file which contains the password information for the system′s accounts and optional aging information.
This file must not be readable by regular users if password security is to be maintained.
Each line of this file contains 9 fields, separated by colons (「:」), in the following order:
login name
It must be a valid account name, which exist on the system.
encrypted password
Refer to crypt(3) for details on how this string is interpreted.
If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, the user will not
be able to use a unix password to log in (but the user may log in the system by other means).
This field may be empty, in which case no passwords are required to authenticate as the specified login name. However,
some applications which read the /etc/shadow file may decide not to permit any access at all if the password field is
empty.
A password field which starts with a exclamation mark means that the password is locked. The remaining characters on the
line represent the password field before the password was locked.
date of last password change 最近一次修改密碼的時間,是從unix元年到最近一次修改密碼的天數
The date of the last password change, expressed as the number of days since Jan 1, 1970.
The value 0 has a special meaning, which is that the user should change her pasword the next time she will log in the
system.
An empty field means that password aging features are disabled.
minimum password age 密碼的最短使用期限 用天數計數的
The minimum password age is the number of days the user will have to wait before she will be allowed to change her
password again.
An empty field and value 0 mean that there are no minimum password age.
maximum password age 密碼最長使用期限,限定知足密碼策略的,到期時必須修改密碼
The maximum password age is the number of days after which the user will have to change her password.
After this number of days is elapsed, the password may still be valid. The user should be asked to change her password
the next time she will log in.
An empty field means that there are no maximum password age, no password warning period, and no password inactivity
period (see below).
If the maximum password age is lower than the minimum password age, the user cannot change her password.
password warning period 密碼過時的警告時間
The number of days before a password is going to expire (see the maximum password age above) during which the user should
be warned.
An empty field and value 0 mean that there are no password warning period.
password inactivity period 密碼過時後還可使用的時間,登陸後,必須修改時間,不修改則不容許操做
The number of days after a password has expired (see the maximum password age above) during which the password should
still be accepted (and the user should update her password during the next login).
After expiration of the password and this expiration period is elapsed, no login is possible using the current user′s
password. The user should contact her administrator.
An empty field means that there are no enforcement of an inactivity period.
account expiration date 帳號的截止日期,指定時間後,到了即不能再使用了
The date of expiration of the account, expressed as the number of days since Jan 1, 1970.
Note that an account expiration differs from a password expiration. In case of an acount expiration, the user shall not
be allowed to login. In case of a password expiration, the user is not allowed to login using her password.
An empty field means that the account will never expire.
The value 0 should not be used as it is interpreted as either an account with no expiration, or as an expiration on Jan
1, 1970.
reserved field 保留的
This field is reserved for future use.
userdel:
userdel [options] USERNAME
NAME
userdel - delete a user account and related files
SYNOPSIS
userdel [options] LOGIN
DESCRIPTION
The userdel command modifies the system account files, deleting all entries that refer to the user name LOGIN. The named user
must exist.
-r: 一併刪除用戶及其家目錄
-r, --remove
Files in the user′s home directory will be removed along with the home directory itself and the user′s mail spool. Files
located in other file systems will have to be searched for and deleted manually.
[root@linux_basic tmp]# ls /home/
cactiuser user1 user10 user11 user2 user3 user4 user5 user7 user8
[root@linux_basic tmp]# userdel -r user2
[root@linux_basic tmp]# ls /home/
cactiuser user1 user10 user11 user3 user4 user5 user7 user8
groupdel:
groupdel GRPNAME
NAME
groupdel - delete a group
SYNOPSIS
groupdel group
DESCRIPTION
The groupdel command modifies the system account files, deleting all entries that refer to group. The named group must exist.
刪除組,若是組內有用戶會發生什麼狀況呢? 查詢用戶組的組名是不存在了,組id依然存在
[root@linux_basic tmp]# groupadd mytest
[root@linux_basic tmp]# tail -1 /etc/group
mytest:x:1009:
[root@linux_basic tmp]# chown root.mytest A
[root@linux_basic tmp]# groupdel mytest
[root@linux_basic tmp]# ls -l A
-rw-r--r--. 1 root 1009 0 Dec 20 18:04 A
id -G查看到組id 是組必定得存在,不存在組id 就查看不到
usermod:
NAME
usermod - modify a user account 修改用戶帳號
SYNOPSIS
usermod [options] LOGIN
DESCRIPTION
The usermod command modifies the system account files to reflect the changes that are specified on the command line.
usermod命令修改系統賬戶文件以反映在命令行上指定的變化。
to reflect 反映
-u UID
-u, --uid UID 修改用戶的uid
The new numerical value of the user′s ID.
This value must be unique, unless the -o option is used. The value must be non-negative. Values between 0 and 999 are
這個值必須是惟一的,除非使用-o選項。
typically reserved for system accounts.
這個值在0-999是表明爲系統用戶而保留的
The user′s mailbox, and any files which the user owns and which are located in the user′s home directory will have the
file user ID changed automatically.
The ownership of files outside of the user′s home directory must be fixed manually.
[root@linux_basic ~]# id user1
uid=501(user1) gid=501(user1) groups=501(user1)
[root@linux_basic ~]# usermod -u 510 user1
[root@linux_basic ~]# id user1
uid=510(user1) gid=501(user1) groups=501(user1)
-g GID: 修改用戶的基本組
-g, --gid GROUP
The group name or number of the user′s new initial login group. The group must exist.
組必須存在才能修改
[root@linux_basic ~]# groupadd hello
[root@linux_basic ~]# usermod -g hello user1
[root@linux_basic ~]# id user1
uid=510(user1) gid=1009(hello) groups=1009(hello)
-G GID,...:修改用戶的附加組; 此選項經過跟-a一塊兒使用以追加方式修改附加組
-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with
no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option.
If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour
can be changed via the -a option, which appends the user to the current supplementary group list.
[root@linux_basic ~]# id user1
uid=510(user1) gid=1009(hello) groups=1009(hello)
[root@linux_basic ~]# groupadd love
[root@linux_basic ~]# groupadd to
[root@linux_basic ~]# usermod -a -G love,to user1
[root@linux_basic ~]# id user1
uid=510(user1) gid=1009(hello) groups=1009(hello),1010(love),1011(to)
[root@linux_basic ~]# groupadd me
[root@linux_basic ~]# usermod -G me user1 不指定-a會覆蓋原來的附加組
[root@linux_basic ~]# id user1
uid=510(user1) gid=1009(hello) groups=1009(hello),1012(me)
-c COMMENT:
-c, --comment COMMENT
The new value of the user′s password file comment field. It is normally modified using the chfn(1) utility.
-d /path/to/somewhere: 修改家目錄的位置;同時使用-m選項可保證建立家目錄,並將用戶原有的文件移動至新的家目錄中;
-d, --home HOME_DIR
The user′s new login directory.
If the -m option is given, the contents of the current home directory will be moved to the new home directory, which is
created if it does not already exist. If the current home directory does not exist the new home directory will not be
created.
[root@linux_basic tmp]# mkdir /home/you
[root@linux_basic tmp]# usermod -d /home/you user
[root@linux_basic tmp]# su - user
-bash-4.1$
[root@linux_basic tmp]# usermod -m -d /home/how user3
[root@linux_basic tmp]# su - user3
[user3@linux_basic ~]$ exit
logout
[root@linux_basic tmp]# ls -a /home/how/
. .. .bash_history .bash_logout .bash_profile .bashrc
-s SHELL: 改變用戶的shell
若是當前用戶登陸了,修改其shell後要到下此登陸才能生效
-l LOGIN_NAME: 修改用戶名
-l, --login NEW_LOGIN
The name of the user will be changed from LOGIN to NEW_LOGIN. Nothing else is changed. In particular, the user′s home
directory name should probably be changed manually to reflect the new login name.
[root@linux_basic tmp]# usermod -l user user1
[root@linux_basic tmp]# id user
uid=510(user) gid=1009(hello) groups=1009(hello),1012(me)
-L: 鎖定用戶
-L, --lock
Lock a user′s password. This puts a ′!′ in front of the encrypted password, effectively disabling the password. You can′t
use this option with -p or -U.
-U:解鎖用戶
-U, --unlock
Unlock a user′s password. This removes the ′!′ in front of the encrypted password. You can′t use this option with -p or
-L.
Note: if you wish to unlock the account (not only access with a password), you should also set the EXPIRE_DATE (for
example to 99999, or to the EXPIRE value from /etc/default/useradd).
[root@linux_basic ~]# cat /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
[root@linux_basic tmp]# usermod -L user
[root@linux_basic tmp]# tail -1 /etc/shadow
user:!$6$rt4j2U0Y$twv03e.7/P6FNEtICOiKxrjlPK33NA4RkJ7PZxTbW.5RtmLmG9ZstIQDDTPqCdPKPWWKUFQbKGczPUlfohd/I1:16425:0:99999:7:::
[root@linux_basic tmp]# su - user
-bash-4.1$ \q
-bash: q: command not found
-bash-4.1$ exit
logout
[root@linux_basic tmp]# ssh user@192.168.20.120
The authenticity of host '192.168.20.120 (192.168.20.120)' can't be established.
RSA key fingerprint is 15:87:f9:09:a7:e6:e3:42:b1:3c:b1:56:04:7d:f6:5c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.20.120' (RSA) to the list of known hosts.
user@192.168.20.120's password:
Permission denied, please try again.
user@192.168.20.120's password:
[root@linux_basic tmp]# usermod -U user
[root@linux_basic tmp]# ssh user@192.168.20.120
user@192.168.20.120's password:
-bash-4.1$ exit
logout
Connection to 192.168.20.120 closed.
chsh USERNAME 修改shell的
chfn USERNAME 修改註釋信息
chage:
NAME
chage - change user password expiry information
SYNOPSIS
chage [options] [LOGIN] 用來改變密碼的使用期限
DESCRIPTION
The chage command changes the number of days between password changes and the date of the last password change. This
information is used by the system to determine when a user must change his/her password.
-d, --lastday LAST_DAY 最近一次修改密碼的時間
-E, --expiredate EXPIRE_DATE 帳號的截止日期
-I, --inactive INACTIVE 密碼過時後,可使用的時間
-m, --mindays MIN_DAYS
-M, --maxdays MAX_DAYS
-W, --warndays WARN_DAYS
-l, --list show account aging information 列出用戶的實效日期
[root@linux_basic tmp]# chage -l user
Last password change : Dec 21, 2014
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@linux_basic tmp]# chage -d 6000 user
[root@linux_basic tmp]# chage -l user
Last password change : Jun 06, 1986
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@linux_basic ~]# chage -E 500 user
[root@linux_basic ~]# chage -l user
Last password change : May 16, 1971
Password expires : never
Password inactive : never
Account expires : May 16, 1971
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@linux_basic ~]# chage -I 500 user
[root@linux_basic ~]# chage -l user
Last password change : May 16, 1971
Password expires : never
Password inactive : never
Account expires : May 16, 1971
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@linux_basic ~]# chage -M 500 user
[root@linux_basic ~]# chage -l user
Last password change : May 16, 1971
Password expires : Sep 27, 1972
Password inactive : Feb 09, 1974
Account expires : May 16, 1971
Minimum number of days between password change : 0
Maximum number of days between password change : 500
Number of days of warning before password expires : 7
[root@linux_basic ~]# chage -m 200 user
[root@linux_basic ~]# chage -l user
Last password change : May 16, 1971
Password expires : Sep 27, 1972
Password inactive : Feb 09, 1974
Account expires : May 16, 1971
Minimum number of days between password change : 200
Maximum number of days between password change : 500
Number of days of warning before password expires : 7
查看用戶信息:
id USERNAME
-g
-G
-n
-u
id -gn
可用來判斷用戶是否存在
[root@linux_basic ~]# id -ng user
hello
[root@linux_basic ~]# id user
uid=510(user) gid=1009(hello) groups=1009(hello),1012(me)
who
whoami
finger 查看用戶信息 centos 6默認沒有安裝的,須要安裝
切換用戶:
su: switch user
su [option] USERNAME
-l: 徹底切換,l可省略
兩種狀況下,查看 PATH有很大不一樣的
-c 'COMMAND': 僅以指定用戶運行命令,並取回結果
su username -c 'command'
[root@linux_basic ~]# su cactiuser -c 'ls /home/'
cactiuser how me user1 user10 user11 user4 user5 user7 user8 you
[root@linux_basic ~]# su cactiuser
[cactiuser@linux_basic root]$ echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[cactiuser@linux_basic root]$ exit
exit
[root@linux_basic ~]# su - cactiuser
[cactiuser@linux_basic ~]$ echo $PATH
/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/cactiuser/bin
[cactiuser@linux_basic ~]$ exit
logout
修改組:
groupmod
-g GID
-n NEW_GRP_NAME
給組設定密碼:
gpasswd
切換新的基本組
newgrp
學習命令w
[root@linux_basic ~]# whatis w
w (1) - Show who is logged on and what they are doing
[root@linux_basic ~]# type w
w is /usr/bin/w
[root@linux_basic ~]# man w
W(1) Linux User’s Manual W(1)
NAME
w - Show who is logged on and what they are doing.
SYNOPSIS
w - [husfV] [user]
[root@linux_basic ~]# w user
14:56:50 up 2 days, 2:25, 3 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
[root@linux_basic ~]# w
14:56:54 up 2 days, 2:26, 3 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.20.93 07:14 39:26 0.47s 0.47s -bash
root pts/1 192.168.20.93 10:37 10:27 0.51s 0.51s -bash
root pts/2 192.168.20.93 14:15 0.00s 0.12s 0.01s w
命令總結:useradd, userdel, passwd, usermod, chage, chsh, chfn, who, id, finger, groupadd, groupdel, groupmod, gpasswd, newgrp, su, w
練習:
一、建立用戶mandriva, 其ID爲2200, 基本組爲distro,組ID爲3300, 附加組爲peguin;
# groupadd -g 3300 distro
# groupadd peguin
# useradd -u 2200 -g distro -G peguin mandriva
二、建立用戶gentoo,其全名爲「Gentoo」,默認shell爲/bin/tcsh;
# useradd -c "Gentoo" -s /bin/tcsh gentoo
三、修改mandriva的UID爲4400, 基本組爲linux, 附加組爲distro和gentoo;
# usermod -u 4400 -g linux -a -G distro,gentoo mandriva
四、給gentoo添加密碼,並設定其密碼最短使用期限爲2天,最長爲60天,警告爲3天,非活動期限爲7天; # echo 'gentoo' | passwd --stdin gentoo # chage
- 1. linux中的用戶和組管理(進階篇)
- 2. Linux 用戶和組管理
- 3. 用戶和組管理
- 4. 0321用戶和組管理
- 5. Linux用戶和組管理
- 6. vCenter用戶和組管理
- 7. 用戶和組的管理
- 8. 用戶和組管理(1.0)
- 9. 用戶和組管理(2.0)
- 10. Centos7 用戶和組管理
- 更多相關文章...
- • Rust 組織管理 - RUST 教程
- • Swarm 集羣管理 - Docker教程
- • 適用於PHP初學者的學習線路和建議
- • Java Agent入門實戰(三)-JVM Attach原理與使用
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 融合阿里雲,牛客助您找到心儀好工作
- 2. 解決jdbc(jdbctemplate)在測試類時不報錯在TomCatb部署後報錯
- 3. 解決PyCharm GoLand IntelliJ 等 JetBrains 系列 IDE無法輸入中文
- 4. vue+ant design中關於圖片請求不顯示的問題。
- 5. insufficient memory && Native memory allocation (malloc) failed
- 6. 解決IDEA用Maven創建的Web工程不能創建Java Class文件的問題
- 7. [已解決] Error: Cannot download ‘https://start.spring.io/starter.zip?
- 8. 在idea讓java文件夾正常使用
- 9. Eclipse啓動提示「subversive connector discovery」
- 10. 帥某-技巧-快速轉帖博主文章(article_content)
- 1. linux中的用戶和組管理(進階篇)
- 2. Linux 用戶和組管理
- 3. 用戶和組管理
- 4. 0321用戶和組管理
- 5. Linux用戶和組管理
- 6. vCenter用戶和組管理
- 7. 用戶和組的管理
- 8. 用戶和組管理(1.0)
- 9. 用戶和組管理(2.0)
- 10. Centos7 用戶和組管理