Linux賬戶群組管理
個人學習筆記!!有圖有真相!!
一步步教你學習linux!
超詳細實驗記錄!
************************************** 四個主要檔案: /etc/passwd /etc/shadow /etc/group /etc/gshadow 控制檔案: #vim /etc/login.defs 使用者帳号 /etc/passwd /etc/shadow uid 0--500( 系統帳号)500---60000 普通賬号 組帳号 /etc/group /etc/gshadow gid 0---60000 圖形化工具•
system-config-users 監控登入•
連接配接了的使用者:w•
最近的登入:last、lastb,lastloglast 使用者登入詳細資訊 lastb 嘗試登入失敗資訊 lastlog 使用者真實登入情況
使用者管理:/etc/passwd /etc/shadow 建立使用者:useradduseradd 指令用來建立使用者帳号和建立使用者的起始目錄,使用權限是超級使用者。
文法格式: useradd [options] LOGIN useradd –u uid –o 允許重複 -d 家目錄 -s shell -g gid –r 系統帳号 -m建立家目錄 -M不建立家目錄 username示例如下: #useradd u1 //建立普通使用者 #passwd u1 #useradd –u 0 –o u2 //-u uid –o允許 uid重複 #passwd u2 //建立超級管理者 #通過網絡測試,可以成功登入,并且為超級管理者 #useradd –d /tmp/u3 u3 //-d指定家目錄 #grep “u3” /etc/passwd #ll /tmp|grep u3 #grep “u3” /etc/passwd #grep “u3”/etc/group #grep –g 503 u4 //注: 503為已經存在的組的gid #id u4 //建立使用者時指定所屬組 #useradd –s /bin/sh u5 //-s指定建立使用者所使用的 shell #grep u5 /etc/passwd #passwd u5 //系統提示輸入密碼太短,輸入長密碼即可 #通過一終端登入,顯示已經改變 shell #useradd –r u6 //-r建立系統賬戶 #ll /home //預設情況下:系統不為系統賬戶建立家目錄 #useradd –r –m u7 //-m 建立家目錄 #ll /home //使用 -m為系統賬戶建立家目錄
批量建立賬戶:示例如下: [[email protected] ~]# vim useradd.sh #!/bin/bash for I in {1..10};do useradd user$I done [[email protected] ~]# chmod a+x useradd.sh [[email protected] ~]# ll useradd.sh -rwxr-xr-x 1 root root 52 Sep 26 23:46 useradd.sh [[email protected] ~]# ./useradd.sh [[email protected] ~]# tail /etc/passwd user1:x:505:505::/home/user1:/bin/bash [[email protected] ~]# ll /home |tail drwx------ 3 user1 user1 4096 Sep 26 23:48 user1
************************************************************ 修改使用者:usermod Usage: usermod [options] LOGIN -u uid –g gid –o 允許重複 –d 家目錄 –s shell -l 新名字 舊名字 –L 鎖定 –U 解鎖 –G 組名稱示例如下: [[email protected] ~]# grep u1 /etc/passwd u1:x:501:501::/home/u1:/bin/bash [[email protected] ~]# usermod -l qq u1 //修改使用者名 [[email protected] ~]# grep u1 /etc/passwd qq:x:501:501::/home/u1:/bin/bash [[email protected] ~]# usermod –G test user1 [[email protected] ~]#usermod –G test user2 //修改使用者所屬組 [[email protected] ~]#groups user1
删除使用者:userdel Usage: userdel [options] LOGIN Options: -f, --force 強制 -r, --remove删除關聯檔案示例如下: [[email protected] ~]# ll /home |grep user3 drwx------ 3 user3 user3 4096 Sep 26 23:48 user3 [[email protected] ~]# userdel user3 [[email protected] ~]# ll /home |grep user3 drwx------ 3 507 507 4096 Sep 26 23:48 user3 [[email protected] ~]# [[email protected] ~]# ll /home |grep user4 drwx------ 3 user4 user4 4096 Sep 26 23:48 user4 [[email protected] ~]# userdel -r user4 //-r同時删除賬戶關聯的檔案 [[email protected] ~]# ll /home |grep user4 [[email protected] ~]#
密碼:passwd Usage: passwd [OPTION...] <accountName> -S, --status -d, --delete -l, --lock -u, --unlock --stdinread new tokens from stdin (root only) 示例如下: [[email protected] ~]# useradd yy [[email protected] ~]# grep yy /etc/shadow yy:!!:15243:0:99999:7::: [[email protected] ~]# passwd -S yy yy LK 2011-09-26 0 99999 7 -1 (Password locked.) [[email protected] ~]# passwd yy Changing password for user yy. New UNIX password: BAD PASSWORD: it is WAY too short Retype new UNIX password: passwd: all authentication tokens updated successfully. [[email protected] ~]# grep yy /etc/shadow yy:$1$65RxuUJg$YgSzBSSe1T4CFflIYftoV0:15243:0:99999:7::: [[email protected] ~]# passwd -S yy //-S顯示賬戶密碼的狀态 yy PS 2011-09-26 0 99999 7 -1 (Password set, MD5 crypt.) [[email protected] ~]# passwd -d yy //-d删除賬戶密碼 Removing password for user yy. passwd: Success [[email protected] ~]# grep yy /etc/shadow yy::15243:0:99999:7::: [[email protected] ~]# passwd -S yy yy NP 2011-09-26 0 99999 7 -1 (Empty password.) [[email protected] ~]#
[[email protected] ~]# echo "123456" |passwd --stdin qq Changing password for user qq. // 标準輸入緩存(稱為 STDIN ) passwd: all authentication tokens updated successfully.
鎖定賬戶:示例如下: ① passwd –l & -u 鎖定 &解鎖 [[email protected] ~]# grep ww /etc/shadow ww:$1$XSn2.KMx$kxLe1ELD2.Zu0Vvg29s7f/:15380:0:99999:7:: [[email protected] ~]# passwd -S ww ww PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.) [[email protected] ~]# passwd -l ww //-u鎖定賬戶 Locking password for user ww. passwd: Success [[email protected] ~]# grep ww /etc/shadow ww: !!$1$XSn2.KMx$kxLe1ELD2.Zu0Vvg29s7f/:15380:0:99999:7: //!!表示該賬戶已被鎖定,此時無法登入系統 [[email protected] ~]# passwd -S ww ww LK 2012-02-10 0 99999 7 -1 (Password locked.) [[email protected] ~]# passwd -u ww //-u解鎖賬戶 Unlocking password for user ww. passwd: Success. [[email protected] ~]# grep ww /etc/shadow ww:$1$XSn2.KMx$kxLe1ELD2.Zu0Vvg29s7f/:15380:0:99999:7:: : //使用 -u解鎖賬戶,此時可以登入系統 [[email protected] ~]# passwd -S ww ww PS 2012-02-10 0 99999 7 -1 ( Password set, MD5 crypt.) ② usermod –L & -U 鎖定 &解鎖 [[email protected] ~]# grep qq /etc/shadow qq:$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.) [[email protected] ~]# usermod -L qq [[email protected] ~]# grep qq /etc/shadow qq:!$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq LK 2012-02-10 0 99999 7 -1 (Password locked.) [[email protected] ~]# usermod -U qq [[email protected] ~]# grep qq /etc/shadow qq:$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.) ③ usermod -L鎖定 & passwd -u解鎖 [[email protected] ~]# grep qq /etc/shadow qq:$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.) [[email protected] ~]# usermod -L qq [[email protected] ~]# grep qq /etc/shadow qq:!$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq LK 2012-02-10 0 99999 7 -1 (Password locked.) [[email protected] ~]# passwd -u qq Unlocking password for user qq. passwd: Success. [[email protected] ~]# grep qq /etc/shadow qq:$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.) ④ passwd -l鎖定 & usermod -U解鎖 此時需要用 usermod –U 解鎖兩次,才能解鎖。 [[email protected] ~]# grep qq /etc/shadow qq:$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.) [[email protected] ~]# passwd -l qq Locking password for user qq. passwd: Success [[email protected] ~]# grep qq /etc/shadow qq:!!$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq LK 2012-02-10 0 99999 7 -1 (Password locked.) [[email protected] ~]# usermod -U qq [[email protected] ~]# grep qq /etc/shadow qq: !$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq LK 2012-02-10 0 99999 7 -1 (Password locked.) [[email protected] ~]# usermod -U qq [[email protected] ~]# grep qq /etc/shadow qq:$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.)
useradd –D 檢視建立賬戶的預設值 useradd -D useradd -D [options] -b HOME_DIR -g, --gid GROUP -s, --shell SHELL -D, --defaultsprint or save modified default useradd configuration 示例如下: [[email protected] f1]# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes [[email protected] f1]# [[email protected] f1]# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes [[email protected] f1]# useradd -D -b /tmp [[email protected] f1]# useradd -D -s /bin/sh [[email protected] f1]# useradd -D GROUP=100 HOME=/tmp INACTIVE=-1 EXPIRE= SHELL=/bin/sh SKEL=/etc/skel CREATE_MAIL_SPOOL=yes [[email protected] f1]# useradd user_qq [[email protected] f1]# grep user_qq /etc/passwd user_qq:x:517:517::/tmp/user_qq:/bin/sh
finger 檢視賬号備注資訊 chfn 修改賬号備注資訊示例如下: [[email protected] f1]# finger qq Login: qq Name: (null) Directory: /home/u1 Shell: /bin/bash Never logged in. No mail. No Plan. [[email protected] f1]# grep qq /etc/passwd qq:x:501:501:: /home/u1:/bin/bash [[email protected] f1]# chfn qq Changing finger information for qq. Name []: xjzhujunjie Office []:china_henan_zhengzhou Office Phone []: 0371-66668888 Home Phone []: 1523875**** Finger information changed [[email protected] f1]# finger qq Login: qq Name: xjzhujunjie Directory: /home/u1 Shell: /bin/bash Office: china_henan_zhengzhou Office Phone: 0371-66668888 Home Phone: 1523875**** Never logged in. No mail. No Plan. [[email protected] f1]# grep qq /etc/passwd qq:x:501:501:xjzhujunjie,china_henan_zhengzhou,0371-66668888,1523875****:/home/u1:/bin/bash
/etc/shadow 檔案詳解:/etc/shadow檔案是隻有系統管理者才有權利進行檢視和修改的檔案 ,管理者進行使用者管理。由若幹個字段組成,字段之間用“:”隔開。這些字段分别是: 登入名:加密密碼:最後一次修改時間(距19700101的天數):最小時間間隔:最大時間間隔:警告時間:不活動時間:失效時間:标志 通過
chage修改/etsc/shadow中的密碼時效:Usage: chage [options] user 示例如下: [[email protected] f1]# chage -l qq [[email protected] f1]# grep qq /etc/shadow qq:$1$dSj3rn4h$8fBNoYhOonBQcVizGLCrz1:15380:0: 99999:7::: [[email protected] f1]# chage -M 10 –W 3 qq [[email protected] f1]# chage -l qq [[email protected] f1]# grep qq /etc/shadow qq:$1$dSj3rn4h$8fBNoYhOonBQcVizGLCrz1:15380:0:10:3::: [[email protected] f1]#
群組管理:/etc/group /etc/gshadow使用者組的所有資訊都存放在/etc/group檔案中。字段有: 組名 :密碼:組辨別号:組内使用者清單 /etc/gshadow是使用者組 /etc/group的密碼管理檔案,字段有: 使用者組名:使用者組密碼:使用者組管理者的名稱:支援的賬号名稱
groups 檢視所屬組: 增加組:groupadd Usage: groupadd [options] group-f, --force -g, --gid GID -o, --non-unique -r,系統組 示例如下: [[email protected] ~]#groupadd test [[email protected] ~]#usermod –G test user1
修改組:groupmod Usage: groupmod [-g gid [-o]] [-n name] group示例如下: [[email protected] ~]# groupmod –n qq test1 [[email protected] ~]# //修改組名
删除組:groupdel Usage: groupdel group示例如下: [[email protected] ~]# groupdel qq
gpasswd 組管理: Usage: gpasswd [-r|-R] group gpasswd [-a user] group gpasswd [-d user] group gpasswd [-A user,...] [-M user,...] group示例如下: [[email protected] ~]#gpasswd –a user5 test [[email protected] ~]#gpasswd –a user6 test [[email protected] ~]#gpasswd –d user5 test [[email protected] ~]#gpasswd –d user6 test [[email protected] ~]#grep test /etc/group [[email protected] ~]# [[email protected] ~]# gpasswd –A user7 –M user7,user8,user9 test1 [[email protected] ~]#grep test1 /etc/gshadow [[email protected] ~]# //-A管理者, -M組員清單
// 切換user8身份,沒有權限删除組員 // 切換user7身份,可以删除組員 --xjzhujunjie --2012/02/10 -- 華軟國際教育訓練_學習筆記 ************************************************************ 請下載下傳........位址:Linux賬戶群組管理_華軟國際教育訓練學習筆記 http://down.51cto.com/download.php?do=data&tid=327915
轉載于:https://blog.51cto.com/xjzhujunjie/776795