Linux User Management Case (second edition)

Bulk Add Users

1. Write user information files according to/etc/passwd file format Users.info

Xiaofang01::1001:503::/home/xiaofang01:/bin/bash #注意不能有空行, or you'll get an error.

2, newusers < users.info#newusers command Import user information file

3, pwunconv# cancel shadow password function

4. Write the password file in the format of [username: password] Passwd.info

5, chpasswd < passwd.info# import Password file

6. pwconv# write password to shadow file

"Scripting is actually more efficient."

restrict normal user su to root

1, Groupadd Sugroup

2, chmod 4550/bin/su//the rights of others to clear all

3. Chgrp sugroup/bin/su//Change Su's owning group to Sugroup

At this time: Ls-l/bin/su

4, usermod-g sugroup test//Add user test to the Sugroup group

use sudo instead of SU:

-When executing the sudo command, temporarily becomes root

-No root password leakage

-Provide limited command access to users only

Config file:/etc/sudoers[edit config This file command Visudo], directly modify the configuration file with VI/etc/sudoers will not take effect

/etc/sudoers file format

User name [% Group name] hostname [or IP address]= command [to use absolute path]

Case-authorizing a normal user to add/remove users [Useradd/userdel]

1, Visudo

2, Xiaofang Hadoop=/usr/sbin/useradd,/usr/sbin/userdel

[Switch to this user]

3, sudo/usr/sbin/useradd test# execution useradd command [plus sudo, plus absolute path]

4, enter password #xiaofang password, not root password

5, sudo-l# to see the current user is authorized to execute only the root command

Description

1, sudo can enable the normal user to execute the command as root, not just the root to execute the command

2, when editing/etc/sudoers, you can make the command accurate

such as: Guest hadoop=/sbin/shutdown-h now

Only allow guest to perform the-H now option, no other options can be performed

Case - authorizing an ordinary user to manage Apache in full

1, the concept of the user should have the right to:

(1) Editing the Apache configuration file

(2) using Apache's startup script

(3) Update pages, etc.

2, realize the function 1

Act One, change the owner of the file Chown

Act II, change the owning group of the file and grant the W permission to the group, and then the user joins the group [more frequently]

Law III, Visudo law

Add: User Address =/bin/vi/etc/httpd/conf/httpd.conf

3, realize the function 2

User host name =/etc/rc.d/init.d/http start,/etc/rc.d/init.d/http reload,/etc/rc.d/init.d/http fullstatus,/etc/rc.d/init.d/ HTTP configtest

4. Function Realization 3

That requires write access to the/var/www/html directory # change the owner/group of the Directory

Detect user Password strength (crack user password)

1. Installation Hack tool: John the Ripper

http://www.openwall.com/john/

2. grep liming/etc/passwd >/TEST/LIMING.PASSWD #提取用户信息

3. grep Liming/etc/shadow >/test/liming.shadow #提取用户密码的加密密文

4,/test/john-1.6.6/run/unshadow/test/liming.* >/test/liming.john# merged into one file

5,/test/john-1.6.6/run/john/test/liming.john #破解该用户密码

6,/test/john-1.6.6/run/john/etc/shadow# crack all user's password

Linux User Management Case (second edition)