Linux User Management Case (version 2)

Linux User Management Case (version 2)
Batch add users

1. Write the user information file users.info in the format of/etc/passwd.

Xiaofang01: 1001: 503:/home/xiaofang01:/bin/bash # note that you cannot leave blank lines. Otherwise, an error is reported.

2. newusers <users.info # newusers command to import the user information file

3. pwunconv # disable the shadow password Function

4. Write the password file passwd.info in the format of [User name: Password]

5. chpasswd <passwd.info # import the password file

6. pwconv # Write the password to the shadow file

[Script-based programming is actually more efficient]

Restrict normal user su to root

1. groupadd sugroup

2. chmod 4550/bin/su // clear all others' Permissions

3. Change chgrp sugroup/bin/su // to sugroup

At this point: ls-l/bin/su

4. usermod-G sugroup test // Add User test to the sugroup group Group

Replace su with sudo:

-Temporarily become root when executing the sudo command

-The root password will not be leaked.

-Only provide users with limited command use Permissions

Configuration File:/etc/sudoers [edit the mongodo command for configuring this file]. Directly modifying the configuration file/etc/sudoers with vi will not take effect.

/Etc/sudoers file format

Username [% group name] host name [or IP address] = Command [use absolute path]

Case-authorize normal users to add/delete users [useradd/userdel]

1. mongodo

2. xiaofang hadoop =/usr/sbin/useradd,/usr/sbin/userdel

[Switch to this user]

3. sudo/usr/sbin/useradd test # Run The useradd Command [add sudo and absolute path]

4. Enter the password # xiaofang, not the root password

5. sudo-l # view the commands authorized by the current user to be executed only by the root user.

 

Note:

1. sudo allows common users to execute commands as root instead of commands that can be executed only by root.

2. When editing/etc/sudoers, you can make the command more accurate.

Example: guest hadoop =/sbin/shutdown-h now

Execute the-h now option only for guest. None of the other options can be executed.

Case study: authorize a common user to manage Apache

1. design the permissions that the user should have:

(1) edit the Apache configuration file

(2) Use the Apache Startup Script

(3) Update webpages, etc.

2. Implement function 1

Method 1: Change the owner of the file chown

Method 2: Change the group to which the file belongs, grant w permissions to the group, and then add the user to the group [more common]

Method 3: Do Method

Add: User address =/bin/vi/etc/httpd/conf/httpd. conf

3. Implement function 2

User host name =/etc/rc. d/init. d/http start,/etc/rc. d/init. d/http reload,/etc/rc. d/init. d/http fullstatus,/etc/rc. d/init. d/http configtest

4. function 3

You must have the write permission on the/var/www/html directory # change the owner/Group of the Directory

 

 

Detect User Password strength (Crack user password)

1. Install the cracking tool John the ripper

Http://www.openwall.com/john/

2. grep liming/etc/passwd>/test/liming. passwd # extract user information

3. grep liming/etc/shadow>/test/liming. shadow # extract the encrypted ciphertext of the User Password

4./test/john-1.6.6/run/unshadow/test/liming. *>/test/liming. john # merge into a file.

5./test/john-1.6.6/run/john/test/liming. john # crack the user password.

6./test/john-1.6.6/run/john/etc/shadow # crack passwords of all users