学习笔记-第12天-命令合集11

原创

mb646abfbcb0041 2023-06-22 21:15:56 ©著作权

©著作权归作者所有：来自51CTO博客作者mb646abfbcb0041的原创作品，请联系作者获取转载授权，否则将追究法律责任

1.passwd给用户设置密码

用户自己给自己设置密码直接：passwd.

[root@localhost ~]# passwd 
Changing password for user root.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

学习笔记-第12天-命令合集11_root密码

root用户给普通用户设置密码： passwd+用户名。

--stdin 从标准输入获取信息

[root@localhost ~]# echo 12345|passwd --stdin oldboy 
Changing password for user oldboy.
passwd: all authentication tokens updated successfully.

学习笔记-第12天-命令合集11_root密码_02

chpasswd批量设置密码：

bash脚本：

for n in {01..10}

useradd oldboy$n

done

[root@localhost ~]# echo oldboy{01..10}
oldboy01 oldboy02 oldboy03 oldboy04 oldboy05 oldboy06 oldboy07 oldboy08 oldboy09 oldboy10
[root@localhost ~]# for n in {01..10}
> do
> useradd oldboy$n
> done
[root@localhost ~]# tail /etc/passwd
oldboy01:x:1000:1000::/home/oldboy01:/bin/bash
oldboy02:x:1001:1001::/home/oldboy02:/bin/bash
oldboy03:x:1002:1002::/home/oldboy03:/bin/bash
oldboy04:x:1003:1003::/home/oldboy04:/bin/bash
oldboy05:x:1004:1004::/home/oldboy05:/bin/bash
oldboy06:x:1005:1005::/home/oldboy06:/bin/bash
oldboy07:x:1006:1006::/home/oldboy07:/bin/bash
oldboy08:x:1007:1007::/home/oldboy08:/bin/bash
oldboy09:x:1008:1008::/home/oldboy09:/bin/bash
oldboy10:x:1009:1009::/home/oldboy10:/bin/bash

学习笔记-第12天-命令合集11_bash_03

[root@localhost ~]# vim user.list
[root@localhost ~]# cat user.list
oldboy01:01
oldboy02:02
oldboy03:03
oldboy04:04
oldboy05:05
[root@localhost ~]# chpasswd <user.list
[root@localhost ~]# su - oldboy01
[oldboy01@localhost ~]$ 
[oldboy01@localhost ~]$ logout
[root@localhost ~]# su - oldboy02
[oldboy02@localhost ~]$ whoam i
-bash: whoam: command not found
[oldboy02@localhost ~]$ whoami
oldboy02
[oldboy02@localhost ~]$ logout
[root@localhost ~]# cat user.list|chpasswd

学习笔记-第12天-命令合集11_用户组_04

2.chage 查看和更改密码属性(更改用户密码过期信息)

-l 查看用户和更改密码属性

[root@localhost ~]# chage -l oldboy
Last password change					: Jun 07, 2023
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

学习笔记-第12天-命令合集11_root密码_05

-e 设定账户过期时间

uesradd -e “2030/5/20”oldboy11

[root@localhost ~]# useradd -e "2030/5/20" oldboy11
[root@localhost ~]# chage -l oldboy11
Last password change					: Jun 07, 2023
Password expires					: never
Password inactive					: never
Account expires						: May 20, 2030
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

学习笔记-第12天-命令合集11_bash_06

chage -E “2030/5/20”oldboy11

[root@localhost ~]# chage -E "2040/6/20" oldboy11
[root@localhost ~]# chage -l oldboy11
Last password change					: Jun 07, 2023
Password expires					: never
Password inactive					: never
Account expires						: Jun 20, 2040
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

学习笔记-第12天-命令合集11_用户组_07

uesradd -e 等于 chage -E

例子：要求oldboy用户7天内不能更改密码，60天以后必须修改密码，过期前10天通知用户，过期后30天后禁止用户登录。

修改的文件：/etc/shadow

查看文件：chage -l 用户名

设置方法：2个

[root@localhost ~]# chage -l oldboy
Last password change					: Jun 07, 2023
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

学习笔记-第12天-命令合集11_bash_08

passwd -n 7 -x 60 -w 10 -i 30 oldboy (1)

[root@localhost ~]# passwd -n 7 -x 60 -w 10 -i 30 oldboy
Adjusting aging data for user oldboy.
passwd: Success
[root@localhost ~]# chage -l oldboy
Last password change					: Jun 07, 2023
Password expires					: Aug 06, 2023
Password inactive					: Sep 05, 2023
Account expires						: never
Minimum number of days between password change		: 7
Maximum number of days between password change		: 60
Number of days of warning before password expires	: 10

学习笔记-第12天-命令合集11_root密码_09

chage -m8 -M61 -W11 -I31 oldboy (2)

[root@localhost ~]# chage -m8 -M61 -W11 -I31 oldboy
[root@localhost ~]# chage -l oldboy
Last password change					: Jun 07, 2023
Password expires					: Aug 07, 2023
Password inactive					: Sep 07, 2023
Account expires						: never
Minimum number of days between password change		: 8
Maximum number of days between password change		: 61
Number of days of warning before password expires	: 11

3.用户组相关的命令

groupadd 添加用户组

groupdel 删除用户组

练习：

[root@localhost ~]# groupadd sa
[root@localhost ~]# tail -n 1 /etc/group /etc/gshadow
==> /etc/group <==
sa:x:1001:

==> /etc/gshadow <==
sa:!::
[root@localhost ~]# groupdel sa
[root@localhost ~]# grep -w sa  /etc/group /etc/gshadow

学习笔记-第12天-命令合集11_用户组_10

4.切换用户以及提权管理命令

Sudo 相当于皇帝给百姓一个暂时执行皇帝的权限。

su 切换用户角色。从A用户切换到B用户。

su - oldboy #-表示携带用户环境变量的切换。

显示：root环境变量

[root@localhost ~]# env|grep root
USER=root
MAIL=/var/spool/mail/root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
PWD=/root
HOME=/root
LOGNAME=root

学习笔记-第12天-命令合集11_root密码_11

练习：加不加-的区别

[root@localhost ~]# su oldboy
[oldboy@localhost root]$ env|grep root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
MAIL=/var/spool/mail/root
PWD=/root
[oldboy@localhost root]$ env|grep oldboy
USER=oldboy
HOME=/home/oldboy
LOGNAME=oldboy
[oldboy@localhost root]$ exit
exit
[root@localhost ~]# su - oldboy
Last login: Wed Jun  7 15:41:06 CST 2023 on pts/0
[oldboy@localhost ~]$ env|grep root
[oldboy@localhost ~]$ env|grep oldboy
USER=oldboy
MAIL=/var/spool/mail/oldboy
PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/oldboy/.local/bin:/home/oldboy/bin
PWD=/home/oldboy
HOME=/home/oldboy
LOGNAME=oldboy

学习笔记-第12天-命令合集11_bash_12

-c 以oldboy用户身份执行命令，然后退回当下用户。

[root@localhost ~]# su - oldboy -c pwd
/home/oldboy
[root@localhost ~]# su - oldboy -c ls

学习笔记-第12天-命令合集11_bash_13

用普通用户登录管理，su - root切换到root管理。

普通用户必须要知道root密码，登录到root，他就可以改了密码，让你登录不上。(适合运维部门人少的时候。)

更规范的管理方法:

不切换到root，在操作命令同时，拥有root权限，一旦操作完成，权限就消失。而且不需要root密码sudo。

sudo配置文件是/etc/sudoers

通过visudo管理sudo配胃文件/etc/sudoers

[root@localhost ~]# ls /etc/sudoers -l
-r--r-----. 1 root root 4328 Sep 30  2020 /etc/sudoers

vim /etc/sudoers

root ALL=(ALL) ALL

oldboy ALL =(ALL)ALL

root ALL=(ALL) ALL

用户主机,切换的角色执行命令

设置oldboy用户在所有主机上，可以切换到所有角色，执行所有命令。

oldboy ALL =(ALL)ALL

oldboy就相当于root，不是root。

[oldboy@localhost ~]$ useradd bingbing
useradd: Permission denied.
useradd: cannot lock /etc/passwd; try again later.
[oldboy@localhost ~]$ sudo bingbing

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for oldboy: 
sudo: no password was provided
[oldboy@localhost ~]$ sudo useradd bingbing

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for oldboy: 
Sorry, try again.  ##   创建一个密码：passwd+用户名  修改密码。

学习笔记-第12天-命令合集11_用户组_14 学习笔记-第12天-命令合集11_bash_15

生产管理方法；给用户设置具体的命令。

oldboy ALL=(ALL) /usr/sbin/useradd,/usr/sbin/userdel ##执行命令，越小越具体越好。

#设置粒度，最小是一个命令，允许他执行这个命令时拥有root权限。

sudo优点：

1)不是root用户，还是自己。

2)指定命令拥有root权限，可以完成管理员分配的任务。

3)不需要root密码。

sudo缺点：

1)切换到root

2)拥有所有权限。

查看用户信息命令：

Whoami

Who

[root@localhost ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@localhost ~]# id oldboy
uid=10024(oldboy) gid=10024(oldboy) groups=10024(oldboy)
[root@localhost ~]# id -g oldboy
10024
[root@localhost ~]# id -u oldboy
10024
[root@localhost ~]# whoami
root
[root@localhost ~]# who
root     pts/0        2023-06-07 17:03 (192.168.1.1)
[root@localhost ~]# w
 17:13:19 up 10 min,  1 user,  load average: 0.00, 0.02, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    192.168.1.1      17:03    7.00s  0.03s  0.00s w

学习笔记-第12天-命令合集11_用户组_16

查看用户日志：

Last

Lastlog

cat /var/log/secure 远程登录安全日志 学习笔记-第12天-命令合集11_bash_17

chown更改文件属性：

更改用户所属用户和组： chown #change owner

更改用户组： chgrp #change group

chown 用户.用户组文件 #.可以用；替代更改用户和组。

chown 用户文件 #更改用户

chown .用户组文件 #更改用户组，等价：chgrp 用户组文件

前提：用户和组必须要存在。

[root@localhost ~]# touch test.txt
[root@localhost ~]# ls -l test.txt
-rw-r--r-- 1 root root 0 Jun  7 17:24 test.txt
[root@localhost ~]# chown oldboy.oldboy test.txt
[root@localhost ~]# ls -l test.txt
-rw-r--r-- 1 oldboy oldboy 0 Jun  7 17:24 test.txt
[root@localhost ~]# chown root test.txt
[root@localhost ~]# ls -l test.txt
-rw-r--r-- 1 root oldboy 0 Jun  7 17:24 test.txt
[root@localhost ~]# chown .root test.txt
[root@localhost ~]# ls -l test.txt
-rw-r--r-- 1 root root 0 Jun  7 17:24 test.txt

学习笔记-第12天-命令合集11_用户组_18

-R参数递归更改

练习：

[root@localhost ~]# mkdir asd
[root@localhost ~]# touch asd{1..3}
[root@localhost ~]# ls -ld asd
drwxr-xr-x 2 root root 6 Jun  7 17:37 asd
[root@localhost ~]# ls -l asd
total 0
[root@localhost ~]# chown -R oldboy asd/
[root@localhost ~]# ls -l asd
total 0

学习笔记-第12天-命令合集11_root密码_19