Unit5
1. User understanding
* User is the identity of the system users
* Users stored in the system as a number of channeling characters + several system configuration files
User information involves the system configuration file:
1./etc/passwd # # #用户信息
User: Password:uid:gid: Description: Home directory: User-used Shell
2./etc/shadow # # #用户认证信息
User: Password: Last password modified this time: Minimum validity: Maximum validity: Warning Period: Inactive period: Account expiration date
3./etc/group # # #组信息
Group name: Group Password: Group ID: Additional Group member
4./etc/gshadow # # #组认证信息
5./home/username # # #用户家目录
6./etc/skel/.* # # #用户骨架文件
View tail-n /etc/*
2. User Management
> 1. User established Useradd user name
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M00/8F/A0/wKiom1jnH8rQ8M9rAAEowUsShVc707.png-wh_500x0-wm_ 3-wmp_4-s_1550357508.png "title=" screenshot from 2017-04-06 13-52-29.png "alt=" Wkiom1jnh8rq8m9raaeowusshvc707.png-wh_50 "/>
Useradd Parameters User name
- u # #指定用户uid
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/8F/9E/wKioL1jnI3vCi2YzAACOVDG2rwk739.png-wh_500x0-wm_ 3-wmp_4-s_2865463769.png "title=" screenshot from 2017-04-06 14-41-52.png "alt=" Wkiol1jni3vci2yzaacovdg2rwk739.png-wh_50 "/>
- G # #指定用户初始组信息, this group must already exist
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/8F/A0/wKiom1jnKuOSvNLmAAC0rw0CY3s366.png-wh_500x0-wm_ 3-wmp_4-s_2821343610.png "title=" screenshot from 2017-04-06 14-49-39.png "alt=" Wkiom1jnkuosvnlmaac0rw0cy3s366.png-wh_50 "/>
- G # #指定附加组, this group must exist
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M01/8F/A0/wKiom1jnKymxNlDCAADwGEMvv_o264.png-wh_500x0-wm_ 3-wmp_4-s_1167488366.png "title=" screenshot from 2017-04-06 14-51-41.png "alt=" wkiom1jnkymxnldcaadwgemvv_ O264.png-wh_50 "/>
- C # #用户说明
- D # #用户家目录
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/8F/9F/wKioL1jnK62SnxRXAAEdLb0ny_4066.png-wh_500x0-wm_ 3-wmp_4-s_2905211026.png "title=" screenshot from 2017-04-06 14-55-33.png "alt=" wkiol1jnk62snxrxaaedlb0ny_4066. Png-wh_50 "/>
- S # #用户所使用的shell,/etc/shells records the name of the user who can use the shell
>2. User Delete
Userdel - R User name -r means delete user information and user's system configuration
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/8F/9F/wKioL1jnI9_hn8y6AACWC5GhIPE216.png-wh_500x0-wm_ 3-wmp_4-s_3299241921.png "title=" screenshot from 2017-04-06 14-42-16.png "alt=" wkiol1jni9_ Hn8y6aacwc5ghipe216.png-wh_50 "/>
3. Establishment of groups
Groupadd - G # #建立组
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/8F/A0/wKiom1jnIrPiyGMUAABbQz6hTLE334.png-wh_500x0-wm_ 3-wmp_4-s_3615660976.png "title=" screenshot from 2017-04-06 14-28-57.png "alt=" Wkiom1jnirpiygmuaabbqz6htle334.png-wh_50 "/>
Groupdel Group name # #删除组
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M01/8F/A0/wKiom1jnIwKyRImSAACsH62GhxA590.png-wh_500x0-wm_ 3-wmp_4-s_3634383435.png "title=" screenshot from 2017-04-06 14-31-15.png "alt=" Wkiom1jniwkyrimsaacsh62ghxa590.png-wh_50 "/>
Monitoring commands for the above experiments:
Watch-n 1 ' tail-n 3/etc/passwd/etc/group;echo ====;ls-l/home;echo ===;ls-l/mnt '
4. User ID Information view
ID Parameters User
- u # #用户uid
- G # #用户初始组id
- G # #用户所有所在组id
- N # #显示名称而不是id数字
-A # #显示所有信息
650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M02/8F/9E/wKioL1jnIPXwZSdsAACHa78L2kc919.png-wh_500x0-wm_ 3-wmp_4-s_1442960124.png "title=" screenshot from 2017-04-06 14-13-31.png "alt=" Wkiol1jnipxwzsdsaacha78l2kc919.png-wh_50 "/>
5. Changes to user information
Usermod Parameters User
- L # #更改用户名称
- u # #更改uid
- G # #更改gid
- G # #更改附加组
-ag # #添加附加组
- C # #更改说明
- D #更改家目录指定
-MD # #更改家目录指定及家目录名称
- S # #更改shell
- L #冻结帐号
- u # #解锁
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/8F/9F/wKioL1jnLACAfhx_AAEDMum3988508.png-wh_500x0-wm_ 3-wmp_4-s_3169771337.png "title=" screenshot from 2017-04-06 15-04-46.png "alt=" wkiol1jnlacafhx_ Aaedmum3988508.png-wh_50 "/>
3. User decentralization
1. In the system, Superuser can delegate actions that ordinary users cannot perform to ordinary users.
Delegated Authority Profile:/etc/sudoers
2. Ways of delegating authority
*) Super User execution Visudo enter edit/etc/sudoers mode
*) Format:
Get rights users Host Name = (acquired user identity) Command
Test desktop0.example.com= (Root) /usr/sbin/useradd
Test user can execute/usr/sbin/useradd as Superuser in desktop0.example.com
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/8F/9F/wKioL1jnLKGjiZLPAAFVKJkGGf4482.png-wh_500x0-wm_ 3-wmp_4-s_4095965299.png "title=" screenshot from 2017-04-06 17-08-46.png "alt=" Wkiol1jnlkgjizlpaafvkjkggf4482.png-wh_50 "/>
3. Implementation of the delegation of authority command
sudo Command # #如果第一次执行sudo需要输入当前用户密码
in /etc/sudoers if the settings are as follows:
Test desktop0.example.com= (Root) nopasswd:/usr/sbin/useradd
indicates that the user does not need their own password when invoking the sudo command
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/8F/A0/wKioL1jnLPThIEdFAAER5-_EEEk389.png-wh_500x0-wm_ 3-wmp_4-s_646259232.png "title=" screenshot from 2017-04-06 17-12-19.png "alt=" Wkiol1jnlpthiedfaaer5-_eeek389.png-wh _50 "/>
4. Control of user authentication information
chage Parameters User
- D # #用户密码组后一次修改的时间, if set to 0, users must change their password after logging into the system
- M # #最短有效期
- M # #最长有效期
- W # #警告期
- I. # #用户非活跃天数
- e # #帐号到期日格式-E "Yyyy-mm-dd"
650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M01/8F/A0/wKioL1jnLXbCguYqAAELY7AAeqg608.png-wh_500x0-wm_ 3-wmp_4-s_2836357847.png "title=" screenshot from 2017-04-06 17-21-10.png "alt=" Wkiol1jnlxbcguyqaaely7aaeqg608.png-wh_50 "/>
Linux Operations Essentials UNIT5