<<<五-六单元练习>>>
1.新建用户组,shengchan,caiwu,jishu

[root@localhost ~]# groupadd shengchan
[root@localhost ~]# groupadd caiwu
[root@localhost ~]# groupadd jishu

2.新建用户要求如下:
        * tom 是shengchan组的附加用户
        * harry 是caiwu组的附加用户
        * leo 是jishu组的附加用户
        * 新建admin用户,此用户不属于以上提到的三个部门[root@localhost ~]# useradd -G shengchan tom
[root@localhost ~]# useradd -G caiwu harry
[root@localhost ~]# useradd -G jishu leo
[root@localhost ~]# useradd admin

3.新建目录要求如下:
        * /pub目录为公共存储目录对所有用户可以读,写,执行,但用户只能删除属于自己的文件
        * /sc 目录为生产部存储目录只能对生产部人员可以写入,
          并且生产部人员所建立的文件都自动归属到shengchan组中
        * /cw 目录为财务部存储目录只能对财务部人员可以写入,
          并且财务部人员所建立的文件都自动归属到caiwu组中
        * admin用户能用touch工具在/sc目录和/cw目录中任意建立文件,但不能删除文件。

[root@localhost ~]# mkdir /pub
[root@localhost ~]# chmod 1777 /pub/
[root@localhost ~]# mkdir /sc
[root@localhost ~]# chgrp shengchan /sc
[root@localhost ~]# ls -ld /sc
drwxr-xr-x. 2 root shengchan 6 10月 10 20:29 /sc
[root@localhost ~]# chmod 2770 /sc
[root@localhost ~]# mkdir /cw
[root@localhost ~]# chgrp caiwu /cw/
[root@localhost ~]# chmod 2770 /cw
[root@localhost ~]# whereis touch
touch: /usr/bin/touch /usr/share/man/man1/touch.1.gz /usr/share/man/man1p/touch.1p.gz
[root@localhost ~]# cp /usr/bin/touch /home/admin/
[root@localhost ~]# ls -ld /home/admin/touch
-rwxr-xr-x. 1 root root 62432 10月 10 20:37 /home/admin/touch
[root@localhost ~]# chmod u+s /home/admin/touch
[root@localhost ~]# su - adm
[admin@localhost ~]$ /home/admin/touch /sc/root
[admin@localhost ~]$ logout
[root@localhost ~]# cd /sc
[root@localhost sc]# ls
root            ##创建成功

4.设定普通用户新建文件权限为"r--r-----"[root@localhost sc]# vim /etc/bashrc
[root@localhost sc]# vim /etc/profile
[root@localhost sc]# source /etc/bashrc
[root@localhost sc]# source /etc/profile
[root@localhost sc]# su - leo
[leo@localhost ~]$ umask
0226
[leo@localhost ~]$ touch file
[leo@localhost ~]$ ls -l ./file
-r--r-----. 1 leo leo 0 Oct 10 20:52 ./file

5.设定admin用户可以通过sudo自由建立新用户

[root@localhost sc]# visudo
root    ALL=(ALL)       ALL
admin     ALL=(root)        NOPASSWD: /usr/bin/touch
[root@localhost sc]# su - admin
[admin@localhost ~]$ sudo touch /root/file
[admin@localhost ~]$ touch /root/file1
touch: cannot touch ‘/root/file1’: Permission denied
<<<第九单元练习>>>
1.在desktop主机中建立用户westos,并设定其密码为westoslinux
[root@localhost ~]# useradd westos
[root@localhost ~]# passwd westos
Changing password for user westos.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
2.配置desktop中的sshd服务要求如下:
*)设定sshd服务只允许westos用户可以被访问使用
*)创建westos用户的key认证方式
*)设定westos用户只允许使用key认证方式,屏蔽其系统密码认证方式
[root@localhost ~]# vim /etc/ssh/sshd_config
         更改:PermitRootLogin no
    更改:AllowUsers westos
[root@localhost /]# systemctl restart sshd.service   ##重起sshd服务
*)创建westos用户的key认证方式
[root@localhost /]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
2a:57:39:44:fc:07:14:bd:4a:4f:7f:15:12:50:35:ed root@localhost
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
|       ...o+oooo.|
|       .. . .. .o|
|        .. . ....|
|       . .o +   E|
|        S. = .  .|
|       o .. . . .|
|    . o        . |
|     o           |
|                 |
+-----------------+
[root@localhost /]# ls /root/.ssh/
authorized_keys  id_rsa  id_rsa.pub
[root@localhost /]# ssh-copy-id -i /root/.ssh/id_rsa.pub  westos@172.25.254.10
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
westos@172.25.254.10's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'westos@172.25.254.10'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost /]# ssh westos@172.25.254.10
Last failed login: Tue Oct 11 07:26:52 EDT 2016 from 172.25.254.10 on ssh:notty
There were 3 failed login attempts since the last successful login.
*)设定westos用户只允许使用key认证方式,屏蔽其系统密码认证方式
[root@localhost /]# vim /etc/ssh/sshd_config    ##修改配置文件
    PasswordAuthentication no        ##屏蔽密码验证
[root@localhost /]# systemctl restart sshd.service    ##重起系统服务

<<<第十二单元练习>>>
1.在server主机中把/etc目录打包压缩到/mnt中,名字为etc.tar.gz
2.复制server主机中的etc.tar.gz到desktop主机的/mnt中
3.同步server主机中的/etc中的所有文件到desktop主机中/mnt中,包含链接文件
1.在server主机中把/etc目录打包压缩到/mnt中,名字为etc.tar.gz
    [root@localhost /]# tar -zcf /mnt/etc.tar.gz /etc
    tar: Removing leading `/' from member names
    [root@localhost /]# ls -all /mnt/etc.tar.gz
    -rw--w--w-. 1 root root 8741910 10月 11 07:41 /mnt/etc.tar.gz
2.制server主机中的etc.tar.gz到desktop主机的/mnt中
    [root@localhost /]# scp /mnt/etc.tar.gz root@172.25.254.11:/mnt/
    The authenticity of host '172.25.254.11 (172.25.254.11)' can't be established.
    ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '172.25.254.11' (ECDSA) to the list of known hosts.
    root@172.25.254.11's password:
    etc.tar.gz                                    100% 8537KB   8.3MB/s   00:00
    [root@localhost /]# ssh root@172.25.254.11
    root@172.25.254.11's password:
    Last login: Tue Oct 11 07:12:26 2016 from 172.25.254.98
    [root@localhost ~]# cd /mnt/
    [root@localhost mnt]# ls
    etc.tar.gz
    [root@localhost mnt]# logout
    Connection to 172.25.254.11 closed.
3.同步server主机中的/etc中的所有文件到desktop主机中/mnt中,包含链接文件
    [root@localhost /]# rsync -lr /etc/ root@172.25.254.11:/mnt
    root@172.25.254.11's password:
    [root@localhost /]# ssh root@172.25.254.11
    root@172.25.254.11's password:
    Last login: Tue Oct 11 07:49:38 2016 from 172.25.254.10
    [root@localhost ~]# cd /mnt/
    [root@localhost mnt]# ls -all
    total 9960