User Management,
Chapter 1 view other ip Methods ip1.1 ip address = ip
View All Nic information.
[Root @ znix ~] # Ip
1: lo: <LOOPBACK, UP, LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
Link/loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00
Inet 127.0.0.1/8 scope host lo
Inet6: 1/128 scope host
Valid_lft forever preferred_lft forever
2: eth0: <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
Link/ether 00: 0c: 29: a8: e4: 14 brd ff: ff
Inet 10.0.0.201/24 brd 10.0.0.255 scope global eth0
Inet6 fe80: 20c: 29ff: fea8: e414/64 scope link
Valid_lft forever preferred_lft forever
1.2 ip address show eth0 = ip a s eth0
View the information of the first ENI.
[Root @ znix ~] # Ip a s eth0
2: eth0: <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
Link/ether 00: 0c: 29: a8: e4: 14 brd ff: ff
Inet 10.0.0.201/24 brd 10.0.0.255 scope global eth0
Inet6 fe80: 20c: 29ff: fea8: e414/64 scope link
Valid_lft forever preferred_lft forever
1.3 ip route = ip r
View the gateway.
[Root @ znix ~] # Ip r
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.201
169.254.0.0/16 dev eth0 scope link metric 1002
Default via 10.0.0.2 dev eth0
Chapter 2 vi/vim Common Errors 2nd swap file exist errors 2.1.1 causes
When editing the file, the system suddenly exits, the network is disconnected, and the power is down.
2.1.2 error message
Found a swap file by the name ". 1.swp"
......
Swap file ". 1.swp" already exists!
[O] pen Read-Only, (E) dit anyway, (R) ecover, (D) elete it, (Q) uit, (A) bort:
2.1.3 Solution
(E) dit anyway to continue editing ignore this error
(R) ecover replies to the content not saved just now and continues editing
(D) elete it deletes this temporary file
Solution for versions earlier than 2.1.4 6.x
". 1.swp": Find the. swp hidden file with the same name as the edited file.
Chapter 4 User Management 3rd User Classification
Type UID
Root 0
Virtual user 1-499
When a virtual user is running, each service/process in the system must have a user and a home.
500 + ordinary users
3.1.1 two common Shells
/Bin/bash default command interpreter for common users
/Sbin/nologin used by virtual users
3.2 user-related configuration files
[Root @ znix ~] # Ll/etc/passwd/etc/shadow/etc/group/etc/gshadow
-Rw-r -- 1 root 648 Sep 12 12:05/etc/group user group information
---------- 1 root 529 Sep 12/etc/gshadow user group password
-Rw-r -- 1 root 1271 Sep 12 12:05/etc/passwd user information
---------- 1 root 936 Sep 12/etc/shadow User Password
3.2.1/etc/passwd file details
[Root @ znix ~] # Head-1/etc/passwd
Root: x: 0: 0: root:/bin/bash
Username: the original password storage location: UID: GID: Description: Home Directory: shell (command interpreter)
Chapter 4 User-related directories 4.1.1/etc/skel
The/etc/skel directory is a template for adding a new user's hometown under linux.
4.1.2 create a new user process
The three hidden files in the new user's home directory are the same as those in/etc. skel.
[Root @ znix skel] # useradd alex888
[Root @ znix skel] # su-alex888
[Alex888 @ znix ~] $ Ll-
Total 20
Drwx ------ 2 alex888 alex888 4096 Sep 12.
Drwxr-xr-x. 6 root 4096 Sep 12 :18 ..
-Rw-r -- 1 alex888 alex888 18 Mar 23 08:15. bash_logout
-Rw-r -- 1 alex888 alex888 176 Mar 23. bash_profile
-Rw-r -- 1 alex888 alex888 124 Mar 23. bashrc
4.1.3 file details under the/etc/skel directory
[Root @ znix skel] # ll-a/etc/skel/
Total 20
Drwxr-xr-x. 2 root 4096 Aug 10.
Drwxr-xr-x. 78 root 4096 Sep 12 :18 ..
-Rw-r --. 1 root 18 Mar 23 08:15. bash_logout
-Rw-r --. 1 root 176 Mar 23 08:15. bash_profile
-Rw-r --. 1 root 124 Mar 23 08:15. bashrc
. Bash_logout the content in this file is run when the user logs out.
. Bash_profile environment variable
. Bashrc stores user aliases
4.2-bash-4.1 $ error solution 4.2.1 cause
Because the files related to environment variables in the user's home directory are deleted
. Bash_profile
. Bashrc
4.2.2 Solution
Step 1 switch to this user
[Root @ znix skel] # su-alex888
Bash-4.1 $
Step 2 copy the file under/etc/skel (. bash * hides the file)
Note: When copying hidden files, use. bash *.
-Bash-4.1 $ cp/etc/skel/. bash *~
-Bash-4.1 $ ll-
Total 24
Drwx ------ 2 alex888 alex888 4096 Sep 12.
Drwxr-xr-x. 6 root 4096 Sep 12 :18 ..
-Rw ------- 1 alex888 alex888 23 Sep 12 10:25. bash_history
-Rw-r -- 1 alex888 alex888 18 Sep 12 :27. bash_logout
-Rw-r -- 1 alex888 alex888 176 Sep 12. bash_profile
-Rw-r -- 1 alex888 alex888 124 Sep 12. bashrc
Step 3 Exit and reconnect
-Bash-4.1 $ logout
[Root @ znix skel] # su-alex888
[Alex888 @ znix ~] $
4.3. * extremely dangerous
. * Match when searching ..
.. Is the parent directory
Try to be as accurate as possible when operating files. bash *
Chapter 4 User-related commands 5th Add User useradd5.1.1 useradd and adduser
[Root @ znix home] # ls-l 'which useradd adduser'
Lrwxrwxrwx. 1 root 7 Aug 10 18:36/usr/sbin/adduser-> useradd
-Rwxr-x ---. 1 root 111320 May 11 2016/usr/sbin/useradd
5.1.2 description of useradd Parameters
-C: Add instructions
-U indicates the uid of the user.
-S: Specify the default command interpreter/bin/bash/sbin/nologin when adding a user
-M: do not create a home directory
-When you add a user to g, a home with the same user name will be created by default.
5.1.3 add user-specified uid to 666 prohibit user from logging on to the system and not creating home directories
[Root @ znix ~] # Useradd znix-u 666-M-s/sbin/nologin
[Root @ znix ~] # Grep znix/etc/passwd
Znix: x: 666: 666:/home/znix:/sbin/nologin
[Root @ znix ~] # Id znix
Uid = 666 (znix) gid = 666 (znix) groups = 666 (znix)
5.1.4/etc/login. defs controls the user's default information
The/etc/login. defs file defines user restrictions that match/etc/password and/etc/shadow. This file is required and missing does not affect the system usage, but may produce unexpected errors.
If the/etc/shadow file has the same options, the setting in/etc/shadow prevails. That is to say, the configuration priority of/etc/shadow is higher than that of/etc/login. defs.
5.1.5 basic information when adding a user (default information)
[Root @ znix ~] # Cat/etc/default/useradd
# Useradd defaults file
GROUP = 100
HOME =/home
INACTIVE =-1
EXPIRE =
SHELL =/bin/bash
SKEL =/etc/skel
CREATE_MAIL_SPOOL = yes
5.2 delete user userdel5.2.1 method 1 comment/etc/passwd
In/etc/passwd, add # comment on this line before this user line.
Try not to use userdel to delete users. Unexpected errors may occur.
5.2.2 Delete common error messages from users
[Root @ znix ~] # Userdel alex888
Userdel: user alex888 is currently used by process 23823
Tip: the user is in use by the 23823 process.
Step 1 check the process
[Root @ znix ~] # Ps-ef | grep 23864
Alex888 23864 23863 0 00:00:00 pts/1-bash
Root 23885 23718 0 00:00:00 pts/0 grep -- color = auto 23864
Step 2 force the process kill-9
[Root @ znix ~] # Kill-9 23864
Step 3 check whether this process exists
[Root @ znix ~] # Ps-ef | grep 23864
Root 23923 23904 0 00:00:00 pts/1 grep -- color = auto 23864
#Another prompt in the login window
[Alex888 @ znix ~] $ Killed
[Root @ znix ~] #
Step 4: delete a user. If there are no processes in use, no error will be reported if the user is deleted.
[Root @ znix ~] # Userdel alex888
5.2.3 common parameters
Userdel does not delete home directories and mailboxes by default.
-R: delete all user-Related Files
#########Try not to use userdelTo delete a user.
5.3 modify user information usermod5.3.1 view user information
[Root @ znix ~] # Grep znix/etc/passwd
Znix: x: 666: 666: znix super:/home/znix:/sbin/nologin
5.3.2 Add instructions to users
[Root @ znix ~] # Usermod-c "Super User" znix
[Root @ znix ~] # Grep znix/etc/passwd
Znix: x: 666: 666: Super User:/home/znix:/sbin/nologin
5.3.3 let users belong to new families
[Root @ znix ~] # Id znix
Uid = 666 (znix) gid = 666 (znix) groups = 666 (znix)
[Root @ znix ~] # Usermod-g root znix
[Root @ znix ~] # Id znix
Uid = 666 (znix) gid = 0 (root) groups = 0 (root)
5.3.4 the user belongs to multiple families (additional groups)
[Root @ znix ~] # Id znix
Uid = 666 (znix) gid = 666 (znix) groups = 666 (znix)
[Root @ znix ~] # Usermod-G root, oldboy znix
[Root @ znix ~] # Id znix
Uid = 666 (znix) gid = 666 (znix) groups = 666 (znix), 0 (root), 500 (oldboy)
5.3.5 common usermod Parameters
-C modify description information
-S: Modify the user's command interpreter
-G: let users belong to new families.
-G users belong to multiple families (additional groups)
5.4 passwd Change User Password 5.4.1 Interactive Modification
[Root @ znix ~] # Passwd znix
Changing password for user znix.
New password:
Bad password: it is too simplistic/systematic
Bad password: is too simple
#It indicates that the password is too weak.
Retype new password:
Passwd: all authentication tokens updated successfully.
Enter the password twice in interactive mode.
Only one user's password can be modified at a time
5.4.2 set a non-interactive password -- stdin
[Root @ znix ~] # Echo 123456 | passwd -- stdin oldboy
Changing password for user oldboy.
Passwd: all authentication tokens updated successfully.
5.5 password management software
Keeppass
Record password to hard disk (Local Management)
Lastpass
Other users who store passwords in online software (cloud Management)
Unified AD management
Dynamic Password
5.6 make the system more secure 5.6.1 Method
View logs/var/log/secure and find failed for analysis
Chattr + I + a adds file system permissions to main files
Fingerprint Encryption
5.6.2 fingerprint encryption md5sum command
The encrypted information changes as long as the file content is variable.
Step 1: Create a fingerprint for a file
[Root @ znix ~] # Md5sum oldboy.txt
058c5119928950d06f48d901a101511a oldboy.txt
Step 2: add the fingerprint to a file.
[Root @ znix ~] # Md5sum oldboy.txt> list.txt
Step 3: Check the file correctly. OK is displayed. Inconsistent display: Failed
[Root @ znix ~] # Md5sum-c list.txt
Oldboy.txt: OK
[Root @ znix ~] #> Oldboy.txt
[Root @ znix ~] # Md5sum-c list.txt
Oldboy.txt: FAILED
Md5sum: WARNING: 1 of 1 computed checksum did NOT match
BecauseFile relative pathThe fingerprint file must be in the same file as the target file.
5.7 [enterprise interview questions] 5.7.1 add three stu01, stu02, and stu03 users in batches, and set 123456 (for, while, and other cycles are prohibited)
[Root @ znix ~] # Echo stu {01 .. 3} | xargs-n1-exec useradd
Add Password
[Root @ znix ~] # Echo 123456 | passwd -- stdin stu01 stu02 stu03