1.passwd给用户设置密码

用户自己给自己设置密码直接:passwd.

[root@localhost ~]# passwd 
Changing password for user root.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

学习笔记-第12天-命令合集11_root密码

root用户给普通用户设置密码: passwd+用户名。

--stdin 从标准输入获取信息

[root@localhost ~]# echo 12345|passwd --stdin oldboy 
Changing password for user oldboy.
passwd: all authentication tokens updated successfully.

学习笔记-第12天-命令合集11_bash_02

chpasswd批量设置密码:

bash脚本:

for n in {01..10}

do

useradd oldboy$n

done

[root@localhost ~]# echo oldboy{01..10}
oldboy01 oldboy02 oldboy03 oldboy04 oldboy05 oldboy06 oldboy07 oldboy08 oldboy09 oldboy10
[root@localhost ~]# for n in {01..10}
> do
> useradd oldboy$n
> done
[root@localhost ~]# tail /etc/passwd
oldboy01:x:1000:1000::/home/oldboy01:/bin/bash
oldboy02:x:1001:1001::/home/oldboy02:/bin/bash
oldboy03:x:1002:1002::/home/oldboy03:/bin/bash
oldboy04:x:1003:1003::/home/oldboy04:/bin/bash
oldboy05:x:1004:1004::/home/oldboy05:/bin/bash
oldboy06:x:1005:1005::/home/oldboy06:/bin/bash
oldboy07:x:1006:1006::/home/oldboy07:/bin/bash
oldboy08:x:1007:1007::/home/oldboy08:/bin/bash
oldboy09:x:1008:1008::/home/oldboy09:/bin/bash
oldboy10:x:1009:1009::/home/oldboy10:/bin/bash

学习笔记-第12天-命令合集11_bash_03

[root@localhost ~]# vim user.list
[root@localhost ~]# cat user.list
oldboy01:01
oldboy02:02
oldboy03:03
oldboy04:04
oldboy05:05
[root@localhost ~]# chpasswd <user.list
[root@localhost ~]# su - oldboy01
[oldboy01@localhost ~]$ 
[oldboy01@localhost ~]$ logout
[root@localhost ~]# su - oldboy02
[oldboy02@localhost ~]$ whoam i
-bash: whoam: command not found
[oldboy02@localhost ~]$ whoami
oldboy02
[oldboy02@localhost ~]$ logout
[root@localhost ~]# cat user.list|chpasswd 

学习笔记-第12天-命令合集11_root密码_04

2.chage 查看和更改密码属性(更改用户密码过期信息)

-l 查看用户和更改密码属性

[root@localhost ~]# chage -l oldboy
Last password change					: Jun 07, 2023
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

学习笔记-第12天-命令合集11_用户组_05

-e 设定账户过期时间

uesradd -e “2030/5/20”oldboy11

[root@localhost ~]# useradd -e "2030/5/20" oldboy11
[root@localhost ~]# chage -l oldboy11
Last password change					: Jun 07, 2023
Password expires					: never
Password inactive					: never
Account expires						: May 20, 2030
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

学习笔记-第12天-命令合集11_bash_06

chage -E “2030/5/20”oldboy11

[root@localhost ~]# chage -E "2040/6/20" oldboy11
[root@localhost ~]# chage -l oldboy11
Last password change					: Jun 07, 2023
Password expires					: never
Password inactive					: never
Account expires						: Jun 20, 2040
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

学习笔记-第12天-命令合集11_bash_07

uesradd -e 等于 chage -E

例子:要求oldboy用户7天内不能更改密码,60天以后必须修改密码,过期前10天通知用户,过期后30天后禁止用户登录。

修改的文件:/etc/shadow

查看文件:chage -l 用户名

设置方法 :2个

[root@localhost ~]# chage -l oldboy
Last password change					: Jun 07, 2023
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

学习笔记-第12天-命令合集11_bash_08

passwd -n 7 -x 60 -w 10 -i 30 oldboy  (1)

[root@localhost ~]# passwd -n 7 -x 60 -w 10 -i 30 oldboy
Adjusting aging data for user oldboy.
passwd: Success
[root@localhost ~]# chage -l oldboy
Last password change					: Jun 07, 2023
Password expires					: Aug 06, 2023
Password inactive					: Sep 05, 2023
Account expires						: never
Minimum number of days between password change		: 7
Maximum number of days between password change		: 60
Number of days of warning before password expires	: 10

学习笔记-第12天-命令合集11_bash_09

chage -m8 -M61 -W11 -I31 oldboy  (2)

[root@localhost ~]# chage -m8 -M61 -W11 -I31 oldboy
[root@localhost ~]# chage -l oldboy
Last password change					: Jun 07, 2023
Password expires					: Aug 07, 2023
Password inactive					: Sep 07, 2023
Account expires						: never
Minimum number of days between password change		: 8
Maximum number of days between password change		: 61
Number of days of warning before password expires	: 11

3.用户组相关的命令

groupadd 添加用户组

groupdel  删除用户组

练习:

[root@localhost ~]# groupadd sa
[root@localhost ~]# tail -n 1 /etc/group /etc/gshadow
==> /etc/group <==
sa:x:1001:

==> /etc/gshadow <==
sa:!::
[root@localhost ~]# groupdel sa
[root@localhost ~]# grep -w sa  /etc/group /etc/gshadow

学习笔记-第12天-命令合集11_bash_10

4.切换用户以及提权管理命令

su

Sudo  相当于皇帝给百姓一个暂时执行皇帝的权限。

su 切换用户角色。从A用户切换到B用户。

su - oldboy  #-表示携带用户环境变量的切换。

显示:root环境变量

[root@localhost ~]# env|grep root
USER=root
MAIL=/var/spool/mail/root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
PWD=/root
HOME=/root
LOGNAME=root

学习笔记-第12天-命令合集11_用户组_11

练习:加不加-的区别

[root@localhost ~]# su oldboy
[oldboy@localhost root]$ env|grep root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
MAIL=/var/spool/mail/root
PWD=/root
[oldboy@localhost root]$ env|grep oldboy
USER=oldboy
HOME=/home/oldboy
LOGNAME=oldboy
[oldboy@localhost root]$ exit
exit
[root@localhost ~]# su - oldboy
Last login: Wed Jun  7 15:41:06 CST 2023 on pts/0
[oldboy@localhost ~]$ env|grep root
[oldboy@localhost ~]$ env|grep oldboy
USER=oldboy
MAIL=/var/spool/mail/oldboy
PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/oldboy/.local/bin:/home/oldboy/bin
PWD=/home/oldboy
HOME=/home/oldboy
LOGNAME=oldboy

学习笔记-第12天-命令合集11_用户组_12

-c 以oldboy用户身份执行命令,然后退回当下用户。

[root@localhost ~]# su - oldboy -c pwd
/home/oldboy
[root@localhost ~]# su - oldboy -c ls

学习笔记-第12天-命令合集11_用户组_13

用普通用户登录管理,su - root切换到root管理。

普通用户必须要知道root密码,登录到root,他就可以改了密码,让你登录不上。(适合运维部门人少的时候。)

更规范的管理方法:

不切换到root,在操作命令同时,拥有root权限,一旦操作完成,权限就消失。而且不需要root密码sudo。

sudo配置文件是/etc/sudoers

通过visudo管理sudo配胃文件/etc/sudoers

[root@localhost ~]# ls /etc/sudoers -l
-r--r-----. 1 root root 4328 Sep 30  2020 /etc/sudoers

vim /etc/sudoers

root        ALL=(ALL)          ALL

oldboy      ALL =(ALL)ALL

root        ALL=(ALL)          ALL

用户     主机,切换的角色    执行命令

设置oldboy用户在所有主机上,可以切换到所有角色,执行所有命令。

oldboy      ALL =(ALL)ALL

oldboy就相当于root,不是root。

[oldboy@localhost ~]$ useradd bingbing
useradd: Permission denied.
useradd: cannot lock /etc/passwd; try again later.
[oldboy@localhost ~]$ sudo bingbing

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for oldboy: 
sudo: no password was provided
[oldboy@localhost ~]$ sudo useradd bingbing

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for oldboy: 
Sorry, try again.  ##   创建一个密码:passwd+用户名  修改密码。

学习笔记-第12天-命令合集11_root密码_14学习笔记-第12天-命令合集11_用户组_15

生产管理方法;给用户设置具体的命令。

oldboy  ALL=(ALL)    /usr/sbin/useradd,/usr/sbin/userdel    ##执行命令,越小越具体越好。

#设置粒度,最小是一个命令,允许他执行这个命令时拥有root权限。

sudo优点:

1)不是root用户,还是自己。

2)指定命令拥有root权限,可以完成管理员分配的任务。

3)不需要root密码。

sudo缺点:

1)切换到root

2)拥有所有权限。

查看用户信息命令:

id

Whoami

Who

w

[root@localhost ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@localhost ~]# id oldboy
uid=10024(oldboy) gid=10024(oldboy) groups=10024(oldboy)
[root@localhost ~]# id -g oldboy
10024
[root@localhost ~]# id -u oldboy
10024
[root@localhost ~]# whoami
root
[root@localhost ~]# who
root     pts/0        2023-06-07 17:03 (192.168.1.1)
[root@localhost ~]# w
 17:13:19 up 10 min,  1 user,  load average: 0.00, 0.02, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    192.168.1.1      17:03    7.00s  0.03s  0.00s w

学习笔记-第12天-命令合集11_用户组_16

查看用户日志:

Last

Lastlog

cat /var/log/secure 远程登录安全日志学习笔记-第12天-命令合集11_bash_17

chown更改文件属性:

更改用户所属用户和组: chown  #change owner

更改用户组: chgrp  #change group

chown  用户.用户组    文件 #.可以用;替代  更改用户和组。

chown  用户          文件 #更改用户

chown  .用户组       文件 #更改用户组,等价:chgrp 用户组   文件

前提:  用户和组必须要存在。

[root@localhost ~]# touch test.txt
[root@localhost ~]# ls -l test.txt
-rw-r--r-- 1 root root 0 Jun  7 17:24 test.txt
[root@localhost ~]# chown oldboy.oldboy test.txt
[root@localhost ~]# ls -l test.txt
-rw-r--r-- 1 oldboy oldboy 0 Jun  7 17:24 test.txt
[root@localhost ~]# chown root test.txt
[root@localhost ~]# ls -l test.txt
-rw-r--r-- 1 root oldboy 0 Jun  7 17:24 test.txt
[root@localhost ~]# chown .root test.txt
[root@localhost ~]# ls -l test.txt
-rw-r--r-- 1 root root 0 Jun  7 17:24 test.txt

学习笔记-第12天-命令合集11_root密码_18

-R参数  递归更改

练习:

[root@localhost ~]# mkdir asd
[root@localhost ~]# touch asd{1..3}
[root@localhost ~]# ls -ld asd
drwxr-xr-x 2 root root 6 Jun  7 17:37 asd
[root@localhost ~]# ls -l asd
total 0
[root@localhost ~]# chown -R oldboy asd/
[root@localhost ~]# ls -l asd
total 0

学习笔记-第12天-命令合集11_root密码_19