Linux账户和组管理
个人学习笔记!!有图有真相!!
一步步教你学习linux!
超详细实验记录!
************************************** 四个主要文件: /etc/passwd /etc/shadow /etc/group /etc/gshadow 控制文件: #vim /etc/login.defs 用户帐号 /etc/passwd /etc/shadow uid 0--500( 系统帐号)500---60000 普通账号 组帐号 /etc/group /etc/gshadow gid 0---60000 图形化工具•
system-config-users 监控登录•
连接了的用户:w•
最近的登录:last、lastb,lastloglast 用户登录详细信息 lastb 尝试登录失败信息 lastlog 用户真实登录情况
用户管理:/etc/passwd /etc/shadow 创建用户:useradduseradd 命令用来建立用户帐号和创建用户的起始目录,使用权限是超级用户。
语法格式: useradd [options] LOGIN useradd –u uid –o 允许重复 -d 家目录 -s shell -g gid –r 系统帐号 -m创建家目录 -M不创建家目录 username示例如下: #useradd u1 //创建普通用户 #passwd u1 #useradd –u 0 –o u2 //-u uid –o允许 uid重复 #passwd u2 //创建超级管理员 #通过网络测试,可以成功登录,并且为超级管理员 #useradd –d /tmp/u3 u3 //-d指定家目录 #grep “u3” /etc/passwd #ll /tmp|grep u3 #grep “u3” /etc/passwd #grep “u3”/etc/group #grep –g 503 u4 //注: 503为已经存在的组的gid #id u4 //创建用户时指定所属组 #useradd –s /bin/sh u5 //-s指定新建用户所使用的 shell #grep u5 /etc/passwd #passwd u5 //系统提示输入密码太短,输入长密码即可 #通过一终端登录,显示已经改变 shell #useradd –r u6 //-r创建系统账户 #ll /home //默认情况下:系统不为系统账户创建家目录 #useradd –r –m u7 //-m 创建家目录 #ll /home //使用 -m为系统账户创建家目录
批量创建账户:示例如下: [[email protected] ~]# vim useradd.sh #!/bin/bash for I in {1..10};do useradd user$I done [[email protected] ~]# chmod a+x useradd.sh [[email protected] ~]# ll useradd.sh -rwxr-xr-x 1 root root 52 Sep 26 23:46 useradd.sh [[email protected] ~]# ./useradd.sh [[email protected] ~]# tail /etc/passwd user1:x:505:505::/home/user1:/bin/bash [[email protected] ~]# ll /home |tail drwx------ 3 user1 user1 4096 Sep 26 23:48 user1
************************************************************ 修改用户:usermod Usage: usermod [options] LOGIN -u uid –g gid –o 允许重复 –d 家目录 –s shell -l 新名字 旧名字 –L 锁定 –U 解锁 –G 组名称示例如下: [[email protected] ~]# grep u1 /etc/passwd u1:x:501:501::/home/u1:/bin/bash [[email protected] ~]# usermod -l qq u1 //修改用户名 [[email protected] ~]# grep u1 /etc/passwd qq:x:501:501::/home/u1:/bin/bash [[email protected] ~]# usermod –G test user1 [[email protected] ~]#usermod –G test user2 //修改用户所属组 [[email protected] ~]#groups user1
删除用户:userdel Usage: userdel [options] LOGIN Options: -f, --force 强制 -r, --remove删除关联文件示例如下: [[email protected] ~]# ll /home |grep user3 drwx------ 3 user3 user3 4096 Sep 26 23:48 user3 [[email protected] ~]# userdel user3 [[email protected] ~]# ll /home |grep user3 drwx------ 3 507 507 4096 Sep 26 23:48 user3 [[email protected] ~]# [[email protected] ~]# ll /home |grep user4 drwx------ 3 user4 user4 4096 Sep 26 23:48 user4 [[email protected] ~]# userdel -r user4 //-r同时删除账户关联的文件 [[email protected] ~]# ll /home |grep user4 [[email protected] ~]#
口令:passwd Usage: passwd [OPTION...] <accountName> -S, --status -d, --delete -l, --lock -u, --unlock --stdinread new tokens from stdin (root only) 示例如下: [[email protected] ~]# useradd yy [[email protected] ~]# grep yy /etc/shadow yy:!!:15243:0:99999:7::: [[email protected] ~]# passwd -S yy yy LK 2011-09-26 0 99999 7 -1 (Password locked.) [[email protected] ~]# passwd yy Changing password for user yy. New UNIX password: BAD PASSWORD: it is WAY too short Retype new UNIX password: passwd: all authentication tokens updated successfully. [[email protected] ~]# grep yy /etc/shadow yy:$1$65RxuUJg$YgSzBSSe1T4CFflIYftoV0:15243:0:99999:7::: [[email protected] ~]# passwd -S yy //-S显示账户密码的状态 yy PS 2011-09-26 0 99999 7 -1 (Password set, MD5 crypt.) [[email protected] ~]# passwd -d yy //-d删除账户密码 Removing password for user yy. passwd: Success [[email protected] ~]# grep yy /etc/shadow yy::15243:0:99999:7::: [[email protected] ~]# passwd -S yy yy NP 2011-09-26 0 99999 7 -1 (Empty password.) [[email protected] ~]#
[[email protected] ~]# echo "123456" |passwd --stdin qq Changing password for user qq. // 标准输入缓存(称为 STDIN ) passwd: all authentication tokens updated successfully.
锁定账户:示例如下: ① passwd –l & -u 锁定 &解锁 [[email protected] ~]# grep ww /etc/shadow ww:$1$XSn2.KMx$kxLe1ELD2.Zu0Vvg29s7f/:15380:0:99999:7:: [[email protected] ~]# passwd -S ww ww PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.) [[email protected] ~]# passwd -l ww //-u锁定账户 Locking password for user ww. passwd: Success [[email protected] ~]# grep ww /etc/shadow ww: !!$1$XSn2.KMx$kxLe1ELD2.Zu0Vvg29s7f/:15380:0:99999:7: //!!表示该账户已被锁定,此时无法登录系统 [[email protected] ~]# passwd -S ww ww LK 2012-02-10 0 99999 7 -1 (Password locked.) [[email protected] ~]# passwd -u ww //-u解锁账户 Unlocking password for user ww. passwd: Success. [[email protected] ~]# grep ww /etc/shadow ww:$1$XSn2.KMx$kxLe1ELD2.Zu0Vvg29s7f/:15380:0:99999:7:: : //使用 -u解锁账户,此时可以登录系统 [[email protected] ~]# passwd -S ww ww PS 2012-02-10 0 99999 7 -1 ( Password set, MD5 crypt.) ② usermod –L & -U 锁定 &解锁 [[email protected] ~]# grep qq /etc/shadow qq:$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.) [[email protected] ~]# usermod -L qq [[email protected] ~]# grep qq /etc/shadow qq:!$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq LK 2012-02-10 0 99999 7 -1 (Password locked.) [[email protected] ~]# usermod -U qq [[email protected] ~]# grep qq /etc/shadow qq:$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.) ③ usermod -L锁定 & passwd -u解锁 [[email protected] ~]# grep qq /etc/shadow qq:$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.) [[email protected] ~]# usermod -L qq [[email protected] ~]# grep qq /etc/shadow qq:!$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq LK 2012-02-10 0 99999 7 -1 (Password locked.) [[email protected] ~]# passwd -u qq Unlocking password for user qq. passwd: Success. [[email protected] ~]# grep qq /etc/shadow qq:$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.) ④ passwd -l锁定 & usermod -U解锁 此时需要用 usermod –U 解锁两次,才能解锁。 [[email protected] ~]# grep qq /etc/shadow qq:$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.) [[email protected] ~]# passwd -l qq Locking password for user qq. passwd: Success [[email protected] ~]# grep qq /etc/shadow qq:!!$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq LK 2012-02-10 0 99999 7 -1 (Password locked.) [[email protected] ~]# usermod -U qq [[email protected] ~]# grep qq /etc/shadow qq: !$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq LK 2012-02-10 0 99999 7 -1 (Password locked.) [[email protected] ~]# usermod -U qq [[email protected] ~]# grep qq /etc/shadow qq:$1$ukgilOOD$i9wNeSG92yY/PXqiWSZ7x1:15380:0:99999:7::: [[email protected] ~]# passwd -S qq qq PS 2012-02-10 0 99999 7 -1 (Password set, MD5 crypt.)
useradd –D 查看创建账户的默认值 useradd -D useradd -D [options] -b HOME_DIR -g, --gid GROUP -s, --shell SHELL -D, --defaultsprint or save modified default useradd configuration 示例如下: [[email protected] f1]# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes [[email protected] f1]# [[email protected] f1]# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes [[email protected] f1]# useradd -D -b /tmp [[email protected] f1]# useradd -D -s /bin/sh [[email protected] f1]# useradd -D GROUP=100 HOME=/tmp INACTIVE=-1 EXPIRE= SHELL=/bin/sh SKEL=/etc/skel CREATE_MAIL_SPOOL=yes [[email protected] f1]# useradd user_qq [[email protected] f1]# grep user_qq /etc/passwd user_qq:x:517:517::/tmp/user_qq:/bin/sh
finger 查看账号备注信息 chfn 修改账号备注信息示例如下: [[email protected] f1]# finger qq Login: qq Name: (null) Directory: /home/u1 Shell: /bin/bash Never logged in. No mail. No Plan. [[email protected] f1]# grep qq /etc/passwd qq:x:501:501:: /home/u1:/bin/bash [[email protected] f1]# chfn qq Changing finger information for qq. Name []: xjzhujunjie Office []:china_henan_zhengzhou Office Phone []: 0371-66668888 Home Phone []: 1523875**** Finger information changed [[email protected] f1]# finger qq Login: qq Name: xjzhujunjie Directory: /home/u1 Shell: /bin/bash Office: china_henan_zhengzhou Office Phone: 0371-66668888 Home Phone: 1523875**** Never logged in. No mail. No Plan. [[email protected] f1]# grep qq /etc/passwd qq:x:501:501:xjzhujunjie,china_henan_zhengzhou,0371-66668888,1523875****:/home/u1:/bin/bash
/etc/shadow 文件详解:/etc/shadow文件是只有系统管理员才有权利进行查看和修改的文件 ,管理员进行用户管理。由若干个字段组成,字段之间用“:”隔开。这些字段分别是: 登录名:加密口令:最后一次修改时间(距19700101的天数):最小时间间隔:最大时间间隔:警告时间:不活动时间:失效时间:标志 通过
chage修改/etsc/shadow中的密码时效:Usage: chage [options] user 示例如下: [[email protected] f1]# chage -l qq [[email protected] f1]# grep qq /etc/shadow qq:$1$dSj3rn4h$8fBNoYhOonBQcVizGLCrz1:15380:0: 99999:7::: [[email protected] f1]# chage -M 10 –W 3 qq [[email protected] f1]# chage -l qq [[email protected] f1]# grep qq /etc/shadow qq:$1$dSj3rn4h$8fBNoYhOonBQcVizGLCrz1:15380:0:10:3::: [[email protected] f1]#
群组管理:/etc/group /etc/gshadow用户组的所有信息都存放在/etc/group文件中。字段有: 组名 :口令:组标识号:组内用户列表 /etc/gshadow是用户组 /etc/group的密码管理文件,字段有: 用户组名:用户组密码:用户组管理员的名称:支持的账号名称
groups 查看所属组: 增加组:groupadd Usage: groupadd [options] group-f, --force -g, --gid GID -o, --non-unique -r,系统组 示例如下: [[email protected] ~]#groupadd test [[email protected] ~]#usermod –G test user1
修改组:groupmod Usage: groupmod [-g gid [-o]] [-n name] group示例如下: [[email protected] ~]# groupmod –n qq test1 [[email protected] ~]# //修改组名
删除组:groupdel Usage: groupdel group示例如下: [[email protected] ~]# groupdel qq
gpasswd 组管理: Usage: gpasswd [-r|-R] group gpasswd [-a user] group gpasswd [-d user] group gpasswd [-A user,...] [-M user,...] group示例如下: [[email protected] ~]#gpasswd –a user5 test [[email protected] ~]#gpasswd –a user6 test [[email protected] ~]#gpasswd –d user5 test [[email protected] ~]#gpasswd –d user6 test [[email protected] ~]#grep test /etc/group [[email protected] ~]# [[email protected] ~]# gpasswd –A user7 –M user7,user8,user9 test1 [[email protected] ~]#grep test1 /etc/gshadow [[email protected] ~]# //-A管理员, -M组员列表
// 切换user8身份,没有权限删除组员 // 切换user7身份,可以删除组员 --xjzhujunjie --2012/02/10 -- 华软国际培训_学习笔记 ************************************************************ 请下载........地址:Linux账户和组管理_华软国际培训学习笔记 http://down.51cto.com/download.php?do=data&tid=327915
转载于:https://blog.51cto.com/xjzhujunjie/776795