1.passwd给用户设置密码
用户自己给自己设置密码直接:passwd.
[root@localhost ~]# passwd
Changing password for user root.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
root用户给普通用户设置密码: passwd+用户名。
--stdin 从标准输入获取信息
[root@localhost ~]# echo 12345|passwd --stdin oldboy
Changing password for user oldboy.
passwd: all authentication tokens updated successfully.
chpasswd批量设置密码:
bash脚本:
for n in {01..10}
do
useradd oldboy$n
done
[root@localhost ~]# echo oldboy{01..10}
oldboy01 oldboy02 oldboy03 oldboy04 oldboy05 oldboy06 oldboy07 oldboy08 oldboy09 oldboy10
[root@localhost ~]# for n in {01..10}
> do
> useradd oldboy$n
> done
[root@localhost ~]# tail /etc/passwd
oldboy01:x:1000:1000::/home/oldboy01:/bin/bash
oldboy02:x:1001:1001::/home/oldboy02:/bin/bash
oldboy03:x:1002:1002::/home/oldboy03:/bin/bash
oldboy04:x:1003:1003::/home/oldboy04:/bin/bash
oldboy05:x:1004:1004::/home/oldboy05:/bin/bash
oldboy06:x:1005:1005::/home/oldboy06:/bin/bash
oldboy07:x:1006:1006::/home/oldboy07:/bin/bash
oldboy08:x:1007:1007::/home/oldboy08:/bin/bash
oldboy09:x:1008:1008::/home/oldboy09:/bin/bash
oldboy10:x:1009:1009::/home/oldboy10:/bin/bash
[root@localhost ~]# vim user.list
[root@localhost ~]# cat user.list
oldboy01:01
oldboy02:02
oldboy03:03
oldboy04:04
oldboy05:05
[root@localhost ~]# chpasswd <user.list
[root@localhost ~]# su - oldboy01
[oldboy01@localhost ~]$
[oldboy01@localhost ~]$ logout
[root@localhost ~]# su - oldboy02
[oldboy02@localhost ~]$ whoam i
-bash: whoam: command not found
[oldboy02@localhost ~]$ whoami
oldboy02
[oldboy02@localhost ~]$ logout
[root@localhost ~]# cat user.list|chpasswd 
2.chage 查看和更改密码属性(更改用户密码过期信息)
-l 查看用户和更改密码属性
[root@localhost ~]# chage -l oldboy
Last password change : Jun 07, 2023
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
-e 设定账户过期时间
uesradd -e “2030/5/20”oldboy11
[root@localhost ~]# useradd -e "2030/5/20" oldboy11
[root@localhost ~]# chage -l oldboy11
Last password change : Jun 07, 2023
Password expires : never
Password inactive : never
Account expires : May 20, 2030
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
chage -E “2030/5/20”oldboy11
[root@localhost ~]# chage -E "2040/6/20" oldboy11
[root@localhost ~]# chage -l oldboy11
Last password change : Jun 07, 2023
Password expires : never
Password inactive : never
Account expires : Jun 20, 2040
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
uesradd -e 等于 chage -E
例子:要求oldboy用户7天内不能更改密码,60天以后必须修改密码,过期前10天通知用户,过期后30天后禁止用户登录。
修改的文件:/etc/shadow
查看文件:chage -l 用户名
设置方法 :2个
[root@localhost ~]# chage -l oldboy
Last password change : Jun 07, 2023
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
passwd -n 7 -x 60 -w 10 -i 30 oldboy (1)
[root@localhost ~]# passwd -n 7 -x 60 -w 10 -i 30 oldboy
Adjusting aging data for user oldboy.
passwd: Success
[root@localhost ~]# chage -l oldboy
Last password change : Jun 07, 2023
Password expires : Aug 06, 2023
Password inactive : Sep 05, 2023
Account expires : never
Minimum number of days between password change : 7
Maximum number of days between password change : 60
Number of days of warning before password expires : 10
chage -m8 -M61 -W11 -I31 oldboy (2)
[root@localhost ~]# chage -m8 -M61 -W11 -I31 oldboy
[root@localhost ~]# chage -l oldboy
Last password change : Jun 07, 2023
Password expires : Aug 07, 2023
Password inactive : Sep 07, 2023
Account expires : never
Minimum number of days between password change : 8
Maximum number of days between password change : 61
Number of days of warning before password expires : 113.用户组相关的命令
groupadd 添加用户组
groupdel 删除用户组
练习:
[root@localhost ~]# groupadd sa
[root@localhost ~]# tail -n 1 /etc/group /etc/gshadow
==> /etc/group <==
sa:x:1001:
==> /etc/gshadow <==
sa:!::
[root@localhost ~]# groupdel sa
[root@localhost ~]# grep -w sa /etc/group /etc/gshadow
4.切换用户以及提权管理命令
su
Sudo 相当于皇帝给百姓一个暂时执行皇帝的权限。
su 切换用户角色。从A用户切换到B用户。
su - oldboy #-表示携带用户环境变量的切换。
显示:root环境变量
[root@localhost ~]# env|grep root
USER=root
MAIL=/var/spool/mail/root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
PWD=/root
HOME=/root
LOGNAME=root
练习:加不加-的区别
[root@localhost ~]# su oldboy
[oldboy@localhost root]$ env|grep root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
MAIL=/var/spool/mail/root
PWD=/root
[oldboy@localhost root]$ env|grep oldboy
USER=oldboy
HOME=/home/oldboy
LOGNAME=oldboy
[oldboy@localhost root]$ exit
exit
[root@localhost ~]# su - oldboy
Last login: Wed Jun 7 15:41:06 CST 2023 on pts/0
[oldboy@localhost ~]$ env|grep root
[oldboy@localhost ~]$ env|grep oldboy
USER=oldboy
MAIL=/var/spool/mail/oldboy
PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/oldboy/.local/bin:/home/oldboy/bin
PWD=/home/oldboy
HOME=/home/oldboy
LOGNAME=oldboy
-c 以oldboy用户身份执行命令,然后退回当下用户。
[root@localhost ~]# su - oldboy -c pwd
/home/oldboy
[root@localhost ~]# su - oldboy -c ls
用普通用户登录管理,su - root切换到root管理。
普通用户必须要知道root密码,登录到root,他就可以改了密码,让你登录不上。(适合运维部门人少的时候。)
更规范的管理方法:
不切换到root,在操作命令同时,拥有root权限,一旦操作完成,权限就消失。而且不需要root密码sudo。
sudo配置文件是/etc/sudoers
通过visudo管理sudo配胃文件/etc/sudoers
[root@localhost ~]# ls /etc/sudoers -l
-r--r-----. 1 root root 4328 Sep 30 2020 /etc/sudoersvim /etc/sudoers
root ALL=(ALL) ALL
oldboy ALL =(ALL)ALL
root ALL=(ALL) ALL
用户 主机,切换的角色 执行命令
设置oldboy用户在所有主机上,可以切换到所有角色,执行所有命令。
oldboy ALL =(ALL)ALL
oldboy就相当于root,不是root。
[oldboy@localhost ~]$ useradd bingbing
useradd: Permission denied.
useradd: cannot lock /etc/passwd; try again later.
[oldboy@localhost ~]$ sudo bingbing
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for oldboy:
sudo: no password was provided
[oldboy@localhost ~]$ sudo useradd bingbing
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for oldboy:
Sorry, try again. ## 创建一个密码:passwd+用户名 修改密码。
生产管理方法;给用户设置具体的命令。
oldboy ALL=(ALL) /usr/sbin/useradd,/usr/sbin/userdel ##执行命令,越小越具体越好。
#设置粒度,最小是一个命令,允许他执行这个命令时拥有root权限。
sudo优点:
1)不是root用户,还是自己。
2)指定命令拥有root权限,可以完成管理员分配的任务。
3)不需要root密码。
sudo缺点:
1)切换到root
2)拥有所有权限。
查看用户信息命令:
id
Whoami
Who
w
[root@localhost ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@localhost ~]# id oldboy
uid=10024(oldboy) gid=10024(oldboy) groups=10024(oldboy)
[root@localhost ~]# id -g oldboy
10024
[root@localhost ~]# id -u oldboy
10024
[root@localhost ~]# whoami
root
[root@localhost ~]# who
root pts/0 2023-06-07 17:03 (192.168.1.1)
[root@localhost ~]# w
17:13:19 up 10 min, 1 user, load average: 0.00, 0.02, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.1.1 17:03 7.00s 0.03s 0.00s w
查看用户日志:
Last
Lastlog
cat /var/log/secure 远程登录安全日志
chown更改文件属性:
更改用户所属用户和组: chown #change owner
更改用户组: chgrp #change group
chown 用户.用户组 文件 #.可以用;替代 更改用户和组。
chown 用户 文件 #更改用户
chown .用户组 文件 #更改用户组,等价:chgrp 用户组 文件
前提: 用户和组必须要存在。
[root@localhost ~]# touch test.txt
[root@localhost ~]# ls -l test.txt
-rw-r--r-- 1 root root 0 Jun 7 17:24 test.txt
[root@localhost ~]# chown oldboy.oldboy test.txt
[root@localhost ~]# ls -l test.txt
-rw-r--r-- 1 oldboy oldboy 0 Jun 7 17:24 test.txt
[root@localhost ~]# chown root test.txt
[root@localhost ~]# ls -l test.txt
-rw-r--r-- 1 root oldboy 0 Jun 7 17:24 test.txt
[root@localhost ~]# chown .root test.txt
[root@localhost ~]# ls -l test.txt
-rw-r--r-- 1 root root 0 Jun 7 17:24 test.txt
-R参数 递归更改
练习:
[root@localhost ~]# mkdir asd
[root@localhost ~]# touch asd{1..3}
[root@localhost ~]# ls -ld asd
drwxr-xr-x 2 root root 6 Jun 7 17:37 asd
[root@localhost ~]# ls -l asd
total 0
[root@localhost ~]# chown -R oldboy asd/
[root@localhost ~]# ls -l asd
total 0