用戶管理操作示例
Linux用戶管理操作示例
[plain]
#用戶
root 超級用戶,超級管理員,權限無限大
500以下的 系統帳號 系統軟件運行 沒有登錄的權限
500及以上的 普通用戶
hongyi:x:501:501::/home/hongyi:/bin/bash
hongyi:用戶名
x:密碼占位符,沒有可以不使用密碼登錄,有的話必須使用密碼登錄
501:用戶編號
501:用戶所屬組組編號
::注釋信息,可有可無,可隨便寫,比如Oracle用戶
/home/hongyi:家
/bin/bash:用戶登錄系統默認使用什麼shell
shd:!!:15908::::::
!!:用戶被鎖住,兩把鎖
!:一把鎖
15908:修改這次密碼距離1970.1.1隔多少天
zhink:$6$YJ.smIrY$psvbOkK9YqpsSABEWJLXVIiExUummHIL03NlMmEp1K8gGysgUU3nu1Bk8HzbA.yVJutBtyqlaJSJG.9AJC4.s/:15910:0:99999:7:::
0:密碼最少使用多少天才可以修改
99999:密碼最多可以使用多少天必須修改,否則過期
7:密碼過期時提前多少天給你提示
:
:
[root@larrywen soft]# man shadow
[root@larrywen soft]# man 5 shadow
[root@serv01 test]usermod --help
--修改用戶的編號
[root@serv01 test]# usermod -u 666 zhink
[root@serv01 test]# id zhink
uid=666(zhink) gid=500(hink) groups=500(hink)
--更改用戶zhink為think
[root@serv01 test]# usermod -l think zhink
[root@serv01 test]# id zhink
id: zhink: No such user
[root@serv01 test]# tail -n2 /etc/passwd
hongyi:x:501:501::/home/hongyi:/bin/bash
think:x:666:500::/home/zhink:/bin/bash
--添加編號為666組名為linux的組
[root@serv01 test]# groupadd -g 666 linux
[root@serv01 test]# tail -n1 /etc/group
linux:x:666:
--修改think的組名為linux
[root@serv01 test]# usermod -g linux think
[root@serv01 test]# tail -n1 /etc/passwd
think:x:666:666::/home/zhink:/bin/bash
[root@serv01 test]# id think
uid=666(think) gid=666(linux) groups=666(linux)
--更改用戶think的注釋為this is linux admin
[root@serv01 test]# usermod -c "this is linux admin" think
[root@serv01 test]# tail -n2 /etc/passwd
hongyi:x:501:501::/home/hongyi:/bin/bash
think:x:666:666:this is linux admin:/home/zhink:/bin/bash
[root@serv01 test]# mkdir /rhome
[root@serv01 test]# ls -ld /rhome/
drwxr-xr-x. 2 root root 4096 Jul 24 23:58 /rhome/
--給用戶搬家,失敗
[root@serv01 test]# usermod -m /rhome/think think
usermod: no changes
[root@serv01 test]# tail -n2 /etc/passwd
hongyi:x:501:501::/home/hongyi:/bin/bash
think:x:666:666:this is linux admin:/home/zhink:/bin/bash
[root@serv01 test]# ls /rhome
[root@serv01 test]# ls /home
hongyi test zhink
--給用戶think搬家
[root@serv01 test]# usermod -m -d /rhome/think think
[root@serv01 test]# tail -n2 /etc/passwd
hongyi:x:501:501::/home/hongyi:/bin/bash
think:x:666:666:this is linux admin:/rhome/think:/bin/bash
[root@serv01 test]# ls /rhome
think
[root@serv01 test]# ls /home
hongyi test
#測試禁止登錄
[root@serv01 test]# usermod -s /sbin/nologin think
[root@larrywen Desktop]# ssh
[email protected]
[email protected]'s password:
Last login: Thu Jul 25 00:03:44 2013 from 192.168.1.1
This account is currently not available.
Connection to 192.168.1.11 closed.
[root@serv01 test]# usermod -s /bin/bash think
[root@larrywen Desktop]# ssh
[email protected]
[email protected]'s password:
Last login: Thu Jul 25 00:03:58 2013 from 192.168.1.1
[think@serv01 ~]$
[root@serv01 test]usermod -p
#md5加密
[root@serv01 test]# grub-md5-crypt
Password:
Retype password:
$1$9gmEH1$TxmCSmV4.uJTjCNVlqnBn.
#修改用戶think的密碼
[root@serv01 test]# usermod -p '$1$9gmEH1$TxmCSmV4.uJTjCNVlqnBn.' think
[root@serv01 test]# passwd think
#修改think的密碼,需要root用戶
[root@serv01 test]# passwd think
#用戶think的密碼失效的最小日期為3
[root@serv01 test]# passwd -n 3 think
#用戶think的密碼失效的最小日期為0
[root@serv01 test]# passwd -n 0 think
#用戶失效的日期,此處設置為3天以後
[root@serv01 test]# passwd -i 3 think
#修改用戶think,2013-09-10過期
[root@serv01 test]# usermod -e "2013-09-10" think
#用戶think的密碼失效的警告日期為3,3天後用戶think在登錄時將受到警告
[root@serv01 test]# passwd -w 3 think
[root@serv01 test]# date
Thu Jul 25 00:25:44 CST 2013
[root@serv01 test]# date -s "2013-07-25 16:26:44"
Thu Jul 25 16:26:44 CST 2013
[root@serv01 test]# date
Thu Jul 25 16:26:45 CST 2013
[root@serv01 test]# tail -n2 /etc/shadow
think:$6$B0kGPvNc$xsRV5MLUUhbc1duBQNzKs8qX0FrrchETVv1Z0J5vzWF97wxGWPhYqgfFYpcCNOsldY2/KNAl7sNswovvsGawl1:15910:0:99999:7:::
[root@serv01 test]# passwd think
Changing password for user think.
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@serv01 test]# tail -n2 /etc/shadow
think:$6$xuDtWPxr$9S2ZcJ0mn4CWXnUZqSZCxcgQz263gNH4dPoKrigwdgd9tuRQ07TkvvOvuDxlupnxjXIDjziIfWPs4txJJ3L2h1:15911:0:99999:7:::
#15911:不需要自己修改
[root@serv01 test]# passwd --help
[root@serv01 test]# passwd -n 3 think
Adjusting aging data for user think.
passwd: Success
[root@serv01 test]# tail -n2 /etc/shadow
think:$6$xuDtWPxr$9S2ZcJ0mn4CWXnUZqSZCxcgQz263gNH4dPoKrigwdgd9tuRQ07TkvvOvuDxlupnxjXIDjziIfWPs4txJJ3L2h1:15911:3:99999:7:::
[root@larrywen Desktop]# ssh
[email protected]
[email protected]'s password:
Last login: Thu Jul 25 00:04:23 2013 from 192.168.1.1
[think@serv01 ~]$ passwd
Changing password for user think.
Changing password for think.
(current) UNIX password:
You must wait longer to change your password
passwd: Authentication token manipulation error
[root@serv01 test]# passwd -n 0 think
Adjusting aging data for user think.
passwd: Success
[think@serv01 ~]$ passwd
Changing password for user think.
Changing password for think.
(current) UNIX password:
New password:
BAD PASSWORD: it is too simplistic/systematic
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@serv01 test]# date
Thu Jul 25 16:33:27 CST 2013
[root@serv01 test]# date -s "2013-07-30"
Tue Jul 30 00:00:00 CST 2013
passwd
[root@serv01 test]# date -s "2013-08-25"
[root@larrywen Desktop]# ssh
[email protected]
[email protected]'s password:
Warning: your password will expire in 0 days
Last login: Thu Jul 25 16:29:24 2013 from 192.168.1.1
[root@serv01 test]# date -s "2013-09-01"
Sun Sep 1 00:00:00 CST 2013
[root@larrywen Desktop]# ssh
[email protected]
[email protected]'s password:
You are required to change your password immediately (password aged)
Last login: Tue Aug 20 00:00:28 2013 from 192.168.1.1
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user think.
Changing password for think.
(current) UNIX password:
[root@serv01 test]# passwd -i 3 think
Adjusting aging data for user think.
passwd: Success
[root@serv01 test]# tail -n1 /etc/shadow
think:$6$7yd/Qbel$uAzY/GJKpo7J9aPOy62axAYvWK.tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1:15911:3:30:7:3::
[root@serv01 test]# usermod -f 10 think
[root@serv01 test]# tail -n1 /etc/shadow
think:$6$7yd/Qbel$uAzY/GJKpo7J9aPOy62axAYvWK.tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1:15911:3:30:7:10::
#修改過期時間
[root@serv01 test]# usermod -e "2013-09-10" think
[root@serv01 test]# tail -n1 /etc/shadow
think:$6$7yd/Qbel$uAzY/GJKpo7J9aPOy62axAYvWK.tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1:15911:3:30:7:10:15958:
[root@serv01 test]# date
Sun Sep 1 00:03:45 CST 2013
[root@serv01 test]# date -s "2013-09-20"
Fri Sep 20 00:00:00 CST 2013
[root@larrywen Desktop]# ssh
[email protected]
[email protected]'s password:
Your account has expired; please contact your system administrator
Connection closed by 192.168.1.11
[root@serv01 test]# passwd --help
Usage: passwd [OPTION...] <accountName>
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root
only)
-l, --lock lock the named account (root only)
-u, --unlock unlock the named account (root only)
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before
password expiration (root only)
-i, --inactive=DAYS number of days after password expiration when an
account becomes disabled (root only)
-S, --status report password status on the named account (root
only)
--stdin read new tokens from stdin (root only)
Help options:
-?, --help Show this help message
--usage Display brief usage message
[root@serv01 test]# tail -n1 /etc/group
linux:x:666:
[root@serv01 test]# groupadd --help
#添加oracle用戶到編號為668的組
[root@serv01 test]# groupadd -g 667 oracle
[root@serv01 test]# tail -n2 /etc/group
linux:x:666:
oracle:x:667:
#創建用戶時給用戶添加組,可以使用組名或者組的編號
[root@serv01 test]# useradd -g oracle oracle01
[root@serv01 test]# useradd -g 667 oracle01
[root@serv01 test]# useradd -g oracle oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=667(oracle) groups=667(oracle)
#添加用戶時加入到多個組
[root@serv01 test]# useradd -g oracle -G linux oracle01
[root@serv01 test]# usermod --help
#添加用戶oracle01到linux組
[root@serv01 test]# usermod -G linux oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=667(oracle) groups=667(oracle),666(linux)
[root@serv01 test]# tail -n2 /etc/group
linux:x:666:oracle01
oracle:x:667:
#主組
#添加組
[root@serv01 test]# groupadd dba
[root@serv01 test]# tail -n2 /etc/group
oracle:x:667:
dba:x:668:
#修改用戶的主組
[root@serv01 test]# usermod -g dba oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux)
[root@serv01 test]# tail -n2 /etc/passwd
oracle01:x:667:668::/home/oracle01:/bin/bash
test:x:668:667::/home/test:/bin/bash
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux)
#修改用戶的副組,覆蓋以前的
[root@serv01 test]# usermod -G oracle oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=668(dba) groups=668(dba),667(oracle)
#副組
#添加用戶到多個組
[root@serv01 test]# usermod -G oracle,linux oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux),667(oracle)
[root@serv01 test]# usermod -G oracle oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=668(dba) groups=668(dba),667(oracle)
#添加到多個組,不會覆蓋以前的副組
[root@serv01 test]# usermod -a -G linux oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux),667(oracle)
#從oracle組裡刪除指定用戶
[root@serv01 /]# gpasswd -d oracle01 oracle
Removing user oracle01 from group oracle
[root@serv01 /]# id oracle01
uid=667(oracle01) gid=666(linux) groups=666(linux)
[root@serv01 /]# tail -n2 /etc/passwd
think:x:666:666:this is linux admin:/rhome/think:/bin/bash
oracle01:x:667:666::/home/oracle01:/bin/bash
#刪除用戶,不加參數不刪除主目錄
[root@serv01 /]# userdel hongyi
[root@serv01 /]# ls /home
hongyi learning oracle01
#刪除用戶,並刪除主目錄
[root@serv01 /]# userdel -r oracle01
[root@serv01 /]# ls /home/
hongyi/ learning/
[root@serv01 /]# tail -n3 /etc/passwd
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
think:x:666:666:this is linux admin:/rhome/think:/bin/bash
[root@serv01 /]# tail -n3 /etc/passwd
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
think:x:666:666:this is linux admin:/rhome/think:/bin/bash
[root@serv01 /]# tail -n5 /etc/gruop
tail: cannot open `/etc/gruop' for reading: No such file or directory
[root@serv01 /]# tail -n5 /etc/group
sshd:x:74:
hink:x:500:
linux:x:666:
oracle:x:667:
dba:x:668:
[root@serv01 /]# userdel hongyi
userdel: user 'hongyi' does not exist
[root@serv01 /]# rm -rf /home/hongyi
#刪除組linux
[root@serv01 /]# groupdel linux
groupdel: cannot remove the primary group of user 'think'
[root@serv01 /]# userdel -r think
[root@serv01 /]# groupdel dba
[root@serv01 /]# groupdel linux
[root@serv01 /]# groupdel oracle
#集群:指定編號,不重復
#不一樣的機器ID保持一樣 用戶名保持一樣
[root@serv01 /]# groupadd oracle
[root@serv01 /]# groupadd linux
[root@serv01 /]# groupadd dba
[root@serv01 /]# tail -n3 /etc/group
oracle:x:501:
linux:x:502:
dba:x:503:
#一個用戶屬於多個組,添加到多個組
[root@serv01 /]# useradd -g oracle -G linux,dba zhink
[root@serv01 /]# id zhink
uid=500(zhink) gid=501(oracle) groups=501(oracle),502(linux),503(dba)
[root@serv01 /]# groupadd admin
[root@serv01 /]# groupadd oper
[root@serv01 /]# usermod -a -G admin,oper zhink
[root@serv01 /]# id zhink
uid=500(zhink) gid=501(oracle)
groups=501(oracle),502(linux),503(dba),504(admin),505(oper)
[root@serv01 /]# tail -n1 /etc/group
oper:x:505:
#修改組的名字
[root@serv01 /]# groupmod -n opr oper
[root@serv01 /]# tail -n1 /etc/group
opr:x:505:
#修改組的編號
[root@serv01 /]# tail -n1 /etc/group
opr:x:505:
[root@serv01 /]# groupmod -g 666 opr
[root@serv01 /]# tail -n1 /etc/group
opr:x:666:
#一個組裡添加多個成員
[root@serv01 /]# useradd -G admin hongyi
Creating mailbox file: File exists
[root@serv01 /]# id hongyi
uid=501(hongyi) gid=667(hongyi) groups=667(hongyi),504(admin)
[root@serv01 /]# useradd up01
[root@serv01 /]# useradd up02
[root@serv01 /]# useradd up03
[root@serv01 /]# tail -n10 /etc/group
hink:x:500:
oracle:x:501:
linux:x:502:zhink
dba:x:503:zhink
admin:x:504:zhink,hongyi
opr:x:666:
hongyi:x:667:
up01:x:668:
up02:x:669:
up03:x:670:
#追加up01到admin組
[root@serv01 /]# gpasswd -a up01 admin
Adding user up01 to group admin
[root@serv01 /]# tail -n10 /etc/group
hink:x:500:
oracle:x:501:
linux:x:502:zhink
dba:x:503:zhink
admin:x:504:zhink,hongyi,up01
opr:x:666:
hongyi:x:667:
up01:x:668:
up02:x:669:
up03:x:670:
#添加多個用戶到一個組裡,會覆蓋以前的
[root@serv01 /]# gpasswd -M up01,up02,up03 admin
[root@serv01 /]# tail -n10 /etc/group
hink:x:500:
oracle:x:501:
linux:x:502:zhink
dba:x:503:zhink
admin:x:504:up01,up02,up03
opr:x:666:
hongyi:x:667:
up01:x:668:
up02:x:669:
up03:x:670:
rm -rf *
#手動刪除用戶:逆向思維創建用戶
#修改組的密碼
[root@serv01 /]# tail -n1 /etc/gshadow
linux:!::zhink
[root@serv01 /]# gpasswd linux
Changing the password for group linux
New Password:
Re-enter new password:
[root@serv01 /]# tail -n1 /etc/gshadow
linux:$6$Qkm/5/Xju/N/U$cmxuQ0KEcDJzISIhlhEaAkKi/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3.UAmiS/kQzjrnBs7Kbg7DriXaCJ1::zhink
useradd zhink
passwd zhink
#以zhink用戶登錄
[root@larrywen Desktop]# ssh
[email protected]
[email protected]'s password:
#修改zhink用戶到linux組
[zhink@serv01 ~]$ newgrp linux
Password:
Invalid password.
#RHEL5支持添加到其他組需要密碼,6不支持
#修改用戶up01到linux組,成為該組的管理員
[root@serv01 /]# gpasswd -A up01 linux
[root@serv01 /]# tail -n1 /etc/gshadow
linux:$6$Qkm/5/Xju/N/U$cmxuQ0KEcDJzISIhlhEaAkKi/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3.UAmiS/kQzjrnBs7Kbg7DriXaCJ1:up01:
[root@serv01 /]# passwd up01
#以up01用戶登錄,然後把zhink添加到linux組
[root@larrywen Desktop]# ssh
[email protected]
[email protected]'s password:
[up01@serv01 ~]$ gpasswd -a zhink linux
Adding user zhink to group linux
[up01@serv01 ~]$ id zhink
uid=500(zhink) gid=501(oracle) groups=501(oracle),502(linux),503(dba)
[root@serv01 /]# tail -n1 /etc/gshadow
linux:$6$Qkm/5/Xju/N/U$cmxuQ0KEcDJzISIhlhEaAkKi/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3.UAmiS/kQzjrnBs7Kbg7DriXaCJ1:up01:zhink
#修改up02的密碼
[root@serv01 /]# passwd up02
[root@larrywen Desktop]# ssh
[email protected]
#以up02登錄,然後將zhink添加到linux組,發現失敗
[email protected]'s password:
[up02@serv01 ~]$ id zhink
uid=500(zhink) gid=501(oracle) groups=501(oracle),502(linux),503(dba)
[up02@serv01 ~]$ gpasswd -a zhink linux
gpasswd: Permission denied.
#添加用戶時的定義
[root@serv01 /]# vim /etc/default/useradd
[root@serv01 etc]# ls -l /var/mail /var/spool/mail/ -id
417 lrwxrwxrwx. 1 root root 10 Jul 23 00:54 /var/mail -> spool/mail
424 drwxrwxr-x. 2 root mail 4096 Sep 20 17:37 /var/spool/mail/