9.1 用户组管理常用命令和文件
9.1.1 常用命令
用户管理:
useradd, userdel, usermod, passwd, chsh, chfn, finger, id, chage
组管理:
groupadd, groupdel, groupmod, gpasswd
权限管理:
chown, chgrp, chmod, umask
9.1.3 常用文件及其内容
/etc/passwd:
用户名:密码:UID:GID:注释:家目录:默认SHELL
[root@Daniel-R480 default]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
/etc/group:
组名:密码:GID:以此组为其附加组的用户列表
[root@Daniel-R480 default]# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
/etc/shadow:
用户名:密码:最近一次修改密码的时间:最短使用期限:最长使用期限:警告时间:非活动时间:过期时间:
[root@Daniel-R480 default]# cat /etc/shadow
root:$6$PFQ4zANu$LyrKxl8kGT/lYge0N0zj1f1ltbuvXaJIFale65FJ4gA/llvFXABl6kOL9KvQTMJ01W6Jxu81GSLx9qIBnq4Sv1:18782:0:99999:7:::
bin:*:17834:0:99999:7:::
daemon:*:17834:0:99999:7:::
adm:*:17834:0:99999:7:::
9.2 添加用户
useradd [options] USERNAME
-u UID 指定UID
-g GID(基本组)
-G GID,... (附加组)
-c "COMMENT" 指定注释信息
-d /path/to/directory 指定某个目录
-s SHELL 指定shell路径(一定要在/etc/shells里面)
-m -k 创建用户家目录并且将/etc/skel/下面的用户配置文件导过来
-M 不为用户创建家目录
-r: 添加系统用户
/etc/login.defs:文件用于在Linux创建用户时,对用户的一些基本属性做默认设置,例如指定用户 UID 和 GID 的范围,用户的过期时间,密码的最大长度,等等。
[root@Daniel-R480 ~]# ueradd -u 1000 test
-bash: ueradd: command not found
[root@Daniel-R480 ~]# useradd -u 1000 test
useradd: UID 1000 is not unique
[root@Daniel-R480 ~]#
[root@Daniel-R480 ~]# useradd -u 10011 test
[root@Daniel-R480 ~]#
[root@Daniel-R480 ~]#
[root@Daniel-R480 ~]# tail -1 /etc/passwd
test:x:10011:10011::/home/test:/bin/bash
[root@Daniel-R480 ~]# useradd -g hellosa test1
useradd: group 'hellosa' does not exist
[root@Daniel-R480 ~]# useradd -g mygroup test1
useradd: group 'mygroup' does not exist
[root@Daniel-R480 ~]# groupadd test
groupadd: group 'test' already exists
[root@Daniel-R480 ~]# useradd -g test test1
[root@Daniel-R480 ~]#
[root@Daniel-R480 ~]#
[root@Daniel-R480 ~]# tail -1 /etc/passwd
test1:x:10012:10011::/home/test1:/bin/bash
[root@Daniel-R480 ~]# useradd -G test test2
[root@Daniel-R480 ~]#
[root@Daniel-R480 ~]#
[root@Daniel-R480 ~]# tail -1 /etc/passwd
test2:x:10013:10013::/home/test2:/bin/bash
[root@Daniel-R480 ~]# useradd -s /sbin/nologin test3
[root@Daniel-R480 ~]# su - test3
This account is currently not available.
[root@Daniel-R480 ~]# useradd -M test4
[root@Daniel-R480 ~]# su - test4
su: warning: cannot change directory to /home/test4: No such file or directory
-bash-4.2$
-bash-4.2$
-bash-4.2$
-bash-4.2$
-bash-4.2$ pwd
/root
-bash-4.2$ exit
logout
环境变量:
PATH
HISTSIZE
SHELL(保存当前用户的默认shell)
/etc/shells:指定了当前系统可用的安全shell
9.3 用户删除
userdel:删除用户
userdel [option] USERNAME(默认不删除用户的家目录)
-r: 同时删除用户的家目录
id:查看用户的帐号属性信息,可直接加用户
-u 查看UID
-g 查看可用的GID
-G 查看所有的GID
-n 查看名称
[root@Daniel-R480 ~]# id test
uid=10011(test) gid=10011(test) groups=10011(test)
[root@Daniel-R480 ~]# id -u test
10011
[root@Daniel-R480 ~]# id -g test
10011
[root@Daniel-R480 ~]# id -G test
10011
[root@Daniel-R480 ~]# id -u -n test
test
[root@Daniel-R480 ~]# id -g -n test
test
[root@Daniel-R480 ~]# id -G -n test
test
finger: 查看用户帐号信息
finger USERNAME
[root@Daniel-R480 ~]# finger test
Login: test Name:
Directory: /home/test Shell: /bin/bash
Never logged in.
No mail.
No Plan.
9.4 修改用户帐号属性:
usermod
-u UID 修改用户UID
-g GID 修改用户GID
-a -G GID:不使用-a选项,会覆盖此前的附加组;
-c 使用注释信息
-d -m:给用户创建新的家目录,并将之前家目录的文件拷贝到新的家目录中
-s 修改用户shell
-l loginname 修改用户登录名
-L:锁定帐号
-U:解锁帐号
[root@Daniel-R480 ~]# id test
uid=10011(test) gid=10011(test) groups=10011(test)
[root@Daniel-R480 ~]# usermod -u 2002 test
[root@Daniel-R480 ~]# id test
uid=2002(test) gid=10011(test) groups=10011(test)
chsh:
修改用户的默认shell
[root@Daniel-R480 ~]# finger test
Login: test Name:
Directory: /home/test Shell: /bin/bash
Never logged in.
No mail.
No Plan.
[root@Daniel-R480 ~]# id test
uid=10011(test) gid=10011(test) groups=10011(test)
[root@Daniel-R480 ~]# usermod -u 2002 test
[root@Daniel-R480 ~]# id test
uid=2002(test) gid=10011(test) groups=10011(test)
[root@Daniel-R480 ~]# finger test
Login: test Name:
Directory: /home/test Shell: /bin/bash
Never logged in.
No mail.
No Plan.
[root@Daniel-R480 ~]# chsh test
Changing shell for test.
New shell [/bin/bash]: /bin/tcsh
chsh: "/bin/tcsh" does not exist
[root@Daniel-R480 ~]# cat /etc/shells
/bin/sh
/bin/bash
/usr/bin/sh
/usr/bin/bash
[root@Daniel-R480 ~]# cat /etc/shells chsh test
/bin/sh
/bin/bash
/usr/bin/sh
/usr/bin/bash
cat: chsh: No such file or directory
cat: test: No such file or directory
[root@Daniel-R480 ~]# chsh test
Changing shell for test.
New shell [/bin/bash]: /bin/sh
Shell changed.
[root@Daniel-R480 ~]# finger test
Login: test Name:
Directory: /home/test Shell: /bin/sh
Never logged in.
No mail.
No Plan.
[root@Daniel-R480 ~]#
chfn:
修改注释信息
chage:
改变密码过期信息
-d: 最近一次的修改时间
-E: 过期时间
-I:非活动时间
-m: 最短使用期限
-M: 最长使用期限
-W: 警告时间
9.5 密码管理:
passwd [USERNAME]
--stdin 用标准输入读取密码,可用来在脚本中创建用户账号及密码
-l 锁定用户密码
-u 解锁用户密码
-d: 删除用户密码
-n:设定密码最短使用期限
-x:设定密码最长使用期限
[root@Daniel-R480 ~]# echo "redhat"
redhat
[root@Daniel-R480 ~]# echo "redhat" | passwd --stdin test
Changing password for user test.
passwd: all authentication tokens updated successfully.
[root@Daniel-R480 ~]# tail /etc/shadow
nfsnobody:!!:17924::::::
sshd:!!:17924::::::
postfix:!!:17924::::::
chrony:!!:17924::::::
daniel:$6$e6rwtpqp$awkNfQl9GtXO7vJNrRrlyJfIE7OcxzOuJZBAR3OueOSBIPtK9ZyuJoBH1s9Ln666KZD8zr9pSnsRg90Wiupj7.:18782:0:99999:7:::
test:$6$c5y8U2BO$7AFRriEzYrC2qiH7DeQrl9sMpswUCpFzJ4n/2wcwUifUhlwSKsZzWlv0l75WDEvSTKAeGi3kxzmkumgk0p1ZX0:18782:0:99999:7:::
test1:!!:18782:0:99999:7:::
test2:!!:18782:0:99999:7:::
test3:!!:18782:0:99999:7:::
test4:!!:18782:0:99999:7:::
[root@Daniel-R480 ~]#
[root@Daniel-R480 ~]# passwd -d test
Removing password for user test.
passwd: Success
[root@Daniel-R480 ~]# tail /etc/shadow
nfsnobody:!!:17924::::::
sshd:!!:17924::::::
postfix:!!:17924::::::
chrony:!!:17924::::::
daniel:$6$e6rwtpqp$awkNfQl9GtXO7vJNrRrlyJfIE7OcxzOuJZBAR3OueOSBIPtK9ZyuJoBH1s9Ln666KZD8zr9pSnsRg90Wiupj7.:18782:0:99999:7:::
test::18782:0:99999:7:::
test1:!!:18782:0:99999:7:::
test2:!!:18782:0:99999:7:::
test3:!!:18782:0:99999:7:::
test4:!!:18782:0:99999:7:::
[root@Daniel-R480 ~]#
pwck:(passwd check)检查用户帐号完整性
[root@Daniel-R480 ~]# pwck
user 'ftp': directory '/var/ftp' does not exist
user 'test4': directory '/home/test4' does not exist
pwck: no changes
[root@Daniel-R480 ~]#
9.6 组管理:
1、groupadd 创建组:
-g GID指定gid
-r:添加为系统组
[root@Daniel-R480 ~]# useradd -r apache
[root@Daniel-R480 ~]# tail -1 /etc/passwd
apache:x:997:994::/home/apache:/bin/bash
[root@Daniel-R480 ~]# groupadd -r nginx
[root@Daniel-R480 ~]# tail -1 /etc/group
nginx:x:993:
[root@Daniel-R480 ~]#
2、groupmod 修改组信息
-g GID 修改GID
-n GRPNAME 修改组名
3、groupdel 删除组
4、gpasswd:为组设定密码
newgrp 为用户临时指定新的组
[root@Daniel-R480 ~]# gpasswd test
Changing the password for group test
New Password:
Re-enter new password:
[root@Daniel-R480 ~]#
[root@Daniel-R480 ~]#
[root@Daniel-R480 ~]# newgrp test
[root@Daniel-R480 ~]# su - apache
su: warning: cannot change directory to /home/apache: No such file or directory
-bash-4.2$
-bash-4.2$
-bash-4.2$ newgrp test
Password:
bash-4.2$ ginger
练习:
1、创建一个用户mandriva,其ID号为2002,基本组为distro(组ID为3003),附加组为linux;
[root@Daniel-R480 ~]# groupadd -g 3003 distro
[root@Daniel-R480 ~]# groupadd linux
[root@Daniel-R480 ~]# useradd -u 2002 -g distro -G linux mandriva
[root@Daniel-R480 ~]# id mandriva
uid=2002(mandriva) gid=3003(distro) groups=3003(distro),3004(linux)
[root@Daniel-R480 ~]#
2、创建一个用户fedora,其全名为Fedora Community,默认shell为tcsh;
[root@Daniel-R480 ~]# useradd -c "Fedora Community" -s /bin/tcsh fedora
[root@Daniel-R480 ~]# tail -1 /etc/passwd
fedora:x:2003:2003:Fedora Community:/home/fedora:/bin/tcsh
[root@Daniel-R480 ~]#
3、修改mandriva的ID号为4004,基本组为linux,附加组为distro和fedora;
[root@Daniel-R480 ~]# usermod -u 4004 -g linux -G distro,fedora mandriva
[root@Daniel-R480 ~]# id mandriva
uid=4004(mandriva) gid=3004(linux) groups=3004(linux),3003(distro),2003(fedora)
[root@Daniel-R480 ~]#
4、给fedora加密码,并设定其密码最短使用期限为2天,最长为50天;
[root@Daniel-R480 ~]# passwd -n 2 -x 50 fedora
Adjusting aging data for user fedora.
passwd: Success
[root@Daniel-R480 ~]# tail -1 /etc/passwd
fedora:x:2003:2003:Fedora Community:/home/fedora:/bin/tcsh
[root@Daniel-R480 ~]# tail -1 /etc/shadow
fedora:!!:18810:2:50:7:::
[root@Daniel-R480 ~]#
5、将mandriva的默认shell改为/bin/bash;
[root@Daniel-R480 ~]# usermod -s /bin/sh mandriva
[root@Daniel-R480 ~]# usermod -s /bin/bash mandriva
[root@Daniel-R480 ~]# tail -2 /etc/passwd
mandriva:x:4004:3004::/home/mandriva:/bin/bash
fedora:x:2003:2003:Fedora Community:/home/fedora:/bin/tcsh
[root@Daniel-R480 ~]#
6、添加系统用户hbase,且不允许其登录系统;
[root@Daniel-R480 ~]# useradd -r -s /sbin/nologin hbase
[root@Daniel-R480 ~]# su hbase
This account is currently not available.
[root@Daniel-R480 ~]#
Comments Closed.