zoukankan      html  css  js  c++  java
  • 用户管理操作示例

    #用户
    root 超级用户,超级管理员,权限无限大
    500以下的 系统帐号 系统软件运行 没有登录的权限
    500及以上的 普通用户
    
    hongyi:x:501:501::/home/hongyi:/bin/bash
    hongyi:用户名
    x:密码占位符,没有可以不使用密码登录,有的话必须使用密码登录
    501:用户编号
    501:用户所属组组编号
    ::注释信息,可有可无,可随便写,比如Oracle用户
    /home/hongyi:家
    /bin/bash:用户登录系统默认使用什么shell
    
    shd:!!:15908::::::
    !!:用户被锁住,两把锁
    !:一把锁
    15908:修改这次密码距离1970.1.1隔多少天
    zhink:$6$YJ.smIrY$psvbOkK9YqpsSABEWJLXVIiExUummHIL03NlMmEp1K8gGysgUU3nu1Bk8HzbA.yVJutBtyqlaJSJG.9AJC4.s/:15910:0:99999:7:::
    0:密码最少使用多少天才可以修改
    99999:密码最多可以使用多少天必须修改,否则过期
    7:密码过期时提前多少天给你提示
    :
    :
    
    
    [root@larrywen soft]# man shadow
    [root@larrywen soft]# man 5 shadow
    
    [root@serv01 test]usermod --help
    --修改用户的编号
    [root@serv01 test]# usermod -u 666 zhink
    
    [root@serv01 test]# id zhink
    uid=666(zhink) gid=500(hink) groups=500(hink)
    
    --更改用户zhink为think
    [root@serv01 test]# usermod -l think zhink
    [root@serv01 test]# id zhink
    id: zhink: No such user
    [root@serv01 test]# tail -n2 /etc/passwd
    hongyi:x:501:501::/home/hongyi:/bin/bash
    think:x:666:500::/home/zhink:/bin/bash
    
    --添加编号为666组名为linux的组
    [root@serv01 test]# groupadd -g 666 linux
    [root@serv01 test]# tail -n1 /etc/group
    linux:x:666:
    
    --修改think的组名为linux
    [root@serv01 test]# usermod -g linux think
    [root@serv01 test]# tail -n1 /etc/passwd
    think:x:666:666::/home/zhink:/bin/bash
    
    [root@serv01 test]# id think
    uid=666(think) gid=666(linux) groups=666(linux)
    
    --更改用户think的注释为this is linux admin
    [root@serv01 test]# usermod -c "this is linux admin" think
    [root@serv01 test]# tail -n2 /etc/passwd
    hongyi:x:501:501::/home/hongyi:/bin/bash
    think:x:666:666:this is linux admin:/home/zhink:/bin/bash
    
    [root@serv01 test]# mkdir /rhome
    [root@serv01 test]# ls -ld /rhome/
    drwxr-xr-x. 2 root root 4096 Jul 24 23:58 /rhome/
    
    --给用户搬家,失败
    [root@serv01 test]# usermod -m /rhome/think think
    usermod: no changes
    [root@serv01 test]# tail -n2 /etc/passwd
    hongyi:x:501:501::/home/hongyi:/bin/bash
    think:x:666:666:this is linux admin:/home/zhink:/bin/bash
    [root@serv01 test]# ls /rhome
    [root@serv01 test]# ls /home
    hongyi  test  zhink
    
    --给用户think搬家
    [root@serv01 test]# usermod -m -d /rhome/think think
    [root@serv01 test]# tail -n2 /etc/passwd
    hongyi:x:501:501::/home/hongyi:/bin/bash
    think:x:666:666:this is linux admin:/rhome/think:/bin/bash
    [root@serv01 test]# ls /rhome
    think
    [root@serv01 test]# ls /home
    hongyi  test
    
    #测试禁止登录
    [root@serv01 test]# usermod -s /sbin/nologin think
    [root@larrywen Desktop]# ssh think@192.168.1.11
    think@192.168.1.11's password: 
    Last login: Thu Jul 25 00:03:44 2013 from 192.168.1.1
    This account is currently not available.
    Connection to 192.168.1.11 closed.
    [root@serv01 test]# usermod -s /bin/bash think
    [root@larrywen Desktop]# ssh think@192.168.1.11
    think@192.168.1.11's password: 
    Last login: Thu Jul 25 00:03:58 2013 from 192.168.1.1
    [think@serv01 ~]$ 
    
    [root@serv01 test]usermod -p
    #md5加密
    [root@serv01 test]# grub-md5-crypt 
    Password: 
    Retype password: 
    $1$9gmEH1$TxmCSmV4.uJTjCNVlqnBn.
    
    #修改用户think的密码
    [root@serv01 test]# usermod -p '$1$9gmEH1$TxmCSmV4.uJTjCNVlqnBn.' think
    [root@serv01 test]# passwd think
    
    #修改think的密码,需要root用户
    [root@serv01 test]# passwd think
    	
    #用户think的密码失效的最小日期为3
    [root@serv01 test]# passwd -n 3 think
    	
    #用户think的密码失效的最小日期为0
    [root@serv01 test]# passwd -n 0 think
    
    #用户失效的日期,此处设置为3天以后
    [root@serv01 test]# passwd -i 3 think
    
    #修改用户think,2013-09-10过期
    [root@serv01 test]# usermod -e "2013-09-10" think
    
    #用户think的密码失效的警告日期为3,3天后用户think在登录时将受到警告
    [root@serv01 test]# passwd -w 3 think
    
    [root@serv01 test]# date
    Thu Jul 25 00:25:44 CST 2013
    [root@serv01 test]# date -s "2013-07-25 16:26:44"
    Thu Jul 25 16:26:44 CST 2013
    [root@serv01 test]# date
    Thu Jul 25 16:26:45 CST 2013
    [root@serv01 test]# tail -n2 /etc/shadow
    think:$6$B0kGPvNc$xsRV5MLUUhbc1duBQNzKs8qX0FrrchETVv1Z0J5vzWF97wxGWPhYqgfFYpcCNOsldY2/KNAl7sNswovvsGawl1:15910:0:99999:7:::
    [root@serv01 test]# passwd think
    Changing password for user think.
    New password: 
    BAD PASSWORD: it is based on a dictionary word
    BAD PASSWORD: is too simple
    Retype new password: 
    passwd: all authentication tokens updated successfully.
    [root@serv01 test]# tail -n2 /etc/shadow
    think:$6$xuDtWPxr$9S2ZcJ0mn4CWXnUZqSZCxcgQz263gNH4dPoKrigwdgd9tuRQ07TkvvOvuDxlupnxjXIDjziIfWPs4txJJ3L2h1:15911:0:99999:7:::
    
    #15911:不需要自己修改
    [root@serv01 test]# passwd --help
    [root@serv01 test]# passwd -n 3 think
    Adjusting aging data for user think.
    passwd: Success
    [root@serv01 test]# tail -n2 /etc/shadow
    think:$6$xuDtWPxr$9S2ZcJ0mn4CWXnUZqSZCxcgQz263gNH4dPoKrigwdgd9tuRQ07TkvvOvuDxlupnxjXIDjziIfWPs4txJJ3L2h1:15911:3:99999:7:::
    
    [root@larrywen Desktop]# ssh think@192.168.1.11
    think@192.168.1.11's password: 
    Last login: Thu Jul 25 00:04:23 2013 from 192.168.1.1
    [think@serv01 ~]$ passwd
    Changing password for user think.
    Changing password for think.
    (current) UNIX password: 
    You must wait longer to change your password
    passwd: Authentication token manipulation error
    
    [root@serv01 test]# passwd -n 0 think
    Adjusting aging data for user think.
    passwd: Success
    
    [think@serv01 ~]$ passwd
    Changing password for user think.
    Changing password for think.
    (current) UNIX password: 
    New password: 
    BAD PASSWORD: it is too simplistic/systematic
    New password: 
    Retype new password: 
    passwd: all authentication tokens updated successfully.
    
    [root@serv01 test]# date
    Thu Jul 25 16:33:27 CST 2013
    [root@serv01 test]# date -s "2013-07-30"
    Tue Jul 30 00:00:00 CST 2013
    
    passwd
    
    [root@serv01 test]# date -s "2013-08-25"
    [root@larrywen Desktop]# ssh think@192.168.1.11
    think@192.168.1.11's password: 
    Warning: your password will expire in 0 days
    Last login: Thu Jul 25 16:29:24 2013 from 192.168.1.1
    
    [root@serv01 test]# date -s "2013-09-01"
    Sun Sep  1 00:00:00 CST 2013
    
    [root@larrywen Desktop]# ssh think@192.168.1.11
    think@192.168.1.11's password: 
    You are required to change your password immediately (password aged)
    Last login: Tue Aug 20 00:00:28 2013 from 192.168.1.1
    WARNING: Your password has expired.
    You must change your password now and login again!
    Changing password for user think.
    Changing password for think.
    (current) UNIX password: 
    
    [root@serv01 test]# passwd -i 3 think
    Adjusting aging data for user think.
    passwd: Success
    [root@serv01 test]# tail -n1 /etc/shadow
    think:$6$7yd/Qbel$uAzY/GJKpo7J9aPOy62axAYvWK.tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1:15911:3:30:7:3::
    [root@serv01 test]# usermod -f 10 think
    [root@serv01 test]# tail -n1 /etc/shadow
    think:$6$7yd/Qbel$uAzY/GJKpo7J9aPOy62axAYvWK.tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1:15911:3:30:7:10::
    
    #修改过期时间
    [root@serv01 test]# usermod -e "2013-09-10" think
    [root@serv01 test]# tail -n1 /etc/shadow
    think:$6$7yd/Qbel$uAzY/GJKpo7J9aPOy62axAYvWK.tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1:15911:3:30:7:10:15958:
    [root@serv01 test]# date
    Sun Sep  1 00:03:45 CST 2013
    [root@serv01 test]# date -s "2013-09-20"
    Fri Sep 20 00:00:00 CST 2013
    
    [root@larrywen Desktop]# ssh think@192.168.1.11
    think@192.168.1.11's password: 
    Your account has expired; please contact your system administrator
    Connection closed by 192.168.1.11
    
    
    [root@serv01 test]# passwd --help
    Usage: passwd [OPTION...] <accountName>
      -k, --keep-tokens       keep non-expired authentication tokens
      -d, --delete            delete the password for the named account (root
    only)
      -l, --lock              lock the named account (root only)
      -u, --unlock            unlock the named account (root only)
      -f, --force             force operation
      -x, --maximum=DAYS      maximum password lifetime (root only)
      -n, --minimum=DAYS      minimum password lifetime (root only)
      -w, --warning=DAYS      number of days warning users receives before
    password expiration (root only)
      -i, --inactive=DAYS     number of days after password expiration when an
    account becomes disabled (root only)
      -S, --status            report password status on the named account (root
    only)
      --stdin                 read new tokens from stdin (root only)
    
    Help options:
      -?, --help              Show this help message
      --usage                 Display brief usage message
    
    [root@serv01 test]# tail -n1 /etc/group
    linux:x:666:
    [root@serv01 test]# groupadd --help
    
    #添加oracle用户到编号为668的组
    [root@serv01 test]# groupadd -g 667 oracle
    [root@serv01 test]# tail -n2 /etc/group
    linux:x:666:
    oracle:x:667:
    
    #创建用户时给用户添加组,可以使用组名或者组的编号
    [root@serv01 test]# useradd -g oracle oracle01
    [root@serv01 test]# useradd -g 667 oracle01
    
    [root@serv01 test]# useradd -g oracle oracle01
    [root@serv01 test]# id oracle01
    uid=667(oracle01) gid=667(oracle) groups=667(oracle)
    
    #添加用户时加入到多个组
    [root@serv01 test]# useradd -g oracle -G linux oracle01
    [root@serv01 test]# usermod --help
    #添加用户oracle01到linux组
    [root@serv01 test]# usermod -G linux oracle01
    [root@serv01 test]# id oracle01
    uid=667(oracle01) gid=667(oracle) groups=667(oracle),666(linux)
    
    [root@serv01 test]# tail -n2 /etc/group
    linux:x:666:oracle01
    oracle:x:667:
    
    #主组
    
    #添加组
    [root@serv01 test]# groupadd dba
    [root@serv01 test]# tail -n2 /etc/group
    oracle:x:667:
    dba:x:668:
    #修改用户的主组
    [root@serv01 test]# usermod -g dba oracle01
    [root@serv01 test]# id oracle01
    uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux)
    [root@serv01 test]# tail -n2 /etc/passwd
    oracle01:x:667:668::/home/oracle01:/bin/bash
    test:x:668:667::/home/test:/bin/bash
    
    
    [root@serv01 test]# id oracle01
    uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux)
    #修改用户的副组,覆盖以前的
    [root@serv01 test]# usermod -G oracle oracle01
    [root@serv01 test]# id oracle01
    uid=667(oracle01) gid=668(dba) groups=668(dba),667(oracle)
    
    #副组
    #添加用户到多个组
    [root@serv01 test]# usermod -G oracle,linux oracle01
    [root@serv01 test]# id oracle01
    uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux),667(oracle)
    
    [root@serv01 test]# usermod -G oracle oracle01
    [root@serv01 test]# id oracle01
    uid=667(oracle01) gid=668(dba) groups=668(dba),667(oracle)
    #添加到多个组,不会覆盖以前的副组
    [root@serv01 test]# usermod -a -G linux oracle01
    [root@serv01 test]# id oracle01
    uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux),667(oracle)
    
    #从oracle组里删除指定用户
    [root@serv01 /]# gpasswd -d oracle01 oracle
    Removing user oracle01 from group oracle
    [root@serv01 /]# id oracle01
    uid=667(oracle01) gid=666(linux) groups=666(linux)
    [root@serv01 /]# tail -n2 /etc/passwd
    think:x:666:666:this is linux admin:/rhome/think:/bin/bash
    oracle01:x:667:666::/home/oracle01:/bin/bash
    
    #删除用户,不加参数不删除主目录
    [root@serv01 /]# userdel hongyi
    [root@serv01 /]# ls /home
    hongyi  learning  oracle01
    
    #删除用户,并删除主目录
    [root@serv01 /]# userdel -r oracle01
    [root@serv01 /]# ls /home/
    hongyi/   learning/ 
    
    [root@serv01 /]# tail -n3 /etc/passwd
    avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
    sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
    think:x:666:666:this is linux admin:/rhome/think:/bin/bash
    
    [root@serv01 /]# tail -n3 /etc/passwd
    avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
    sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
    think:x:666:666:this is linux admin:/rhome/think:/bin/bash
    [root@serv01 /]# tail -n5 /etc/gruop
    tail: cannot open `/etc/gruop' for reading: No such file or directory
    [root@serv01 /]# tail -n5 /etc/group
    sshd:x:74:
    hink:x:500:
    linux:x:666:
    oracle:x:667:
    dba:x:668:
    [root@serv01 /]# userdel hongyi
    userdel: user 'hongyi' does not exist
    [root@serv01 /]# rm -rf /home/hongyi
    #删除组linux
    [root@serv01 /]# groupdel linux
    groupdel: cannot remove the primary group of user 'think'
    [root@serv01 /]# userdel -r think
    [root@serv01 /]# groupdel dba
    [root@serv01 /]# groupdel linux
    [root@serv01 /]# groupdel oracle
    
    #集群:指定编号,不重复
    #不一样的机器ID保持一样 用户名保持一样
    
    [root@serv01 /]# groupadd oracle
    [root@serv01 /]# groupadd linux
    [root@serv01 /]# groupadd dba
    [root@serv01 /]# tail -n3 /etc/group
    oracle:x:501:
    linux:x:502:
    dba:x:503:
    
    #一个用户属于多个组,添加到多个组
    [root@serv01 /]# useradd -g oracle -G linux,dba zhink
    [root@serv01 /]# id zhink
    uid=500(zhink) gid=501(oracle) groups=501(oracle),502(linux),503(dba)
    [root@serv01 /]# groupadd admin
    [root@serv01 /]# groupadd oper
    [root@serv01 /]# usermod -a -G admin,oper zhink
    [root@serv01 /]# id zhink
    uid=500(zhink) gid=501(oracle)
    groups=501(oracle),502(linux),503(dba),504(admin),505(oper)
    
    
    [root@serv01 /]# tail -n1 /etc/group
    oper:x:505:
    #修改组的名字
    [root@serv01 /]# groupmod -n opr oper
    [root@serv01 /]# tail -n1 /etc/group
    opr:x:505:
    
    #修改组的编号
    [root@serv01 /]# tail -n1 /etc/group
    opr:x:505:
    [root@serv01 /]# groupmod -g 666 opr
    [root@serv01 /]# tail -n1 /etc/group
    opr:x:666:
    
    #一个组里添加多个成员
    
    [root@serv01 /]# useradd -G admin hongyi
    Creating mailbox file: File exists
    
    [root@serv01 /]# id hongyi
    uid=501(hongyi) gid=667(hongyi) groups=667(hongyi),504(admin)
    [root@serv01 /]# useradd up01
    [root@serv01 /]# useradd up02
    [root@serv01 /]# useradd up03
    [root@serv01 /]# tail -n10 /etc/group
    hink:x:500:
    oracle:x:501:
    linux:x:502:zhink
    dba:x:503:zhink
    admin:x:504:zhink,hongyi
    opr:x:666:
    hongyi:x:667:
    up01:x:668:
    up02:x:669:
    up03:x:670:
    
    #追加up01到admin组
    [root@serv01 /]# gpasswd -a up01 admin
    Adding user up01 to group admin
    [root@serv01 /]# tail -n10 /etc/group
    hink:x:500:
    oracle:x:501:
    linux:x:502:zhink
    dba:x:503:zhink
    admin:x:504:zhink,hongyi,up01
    opr:x:666:
    hongyi:x:667:
    up01:x:668:
    up02:x:669:
    up03:x:670:
    
    #添加多个用户到一个组里,会覆盖以前的
    [root@serv01 /]# gpasswd -M up01,up02,up03 admin
    [root@serv01 /]# tail -n10 /etc/group
    hink:x:500:
    oracle:x:501:
    linux:x:502:zhink
    dba:x:503:zhink
    admin:x:504:up01,up02,up03
    opr:x:666:
    hongyi:x:667:
    up01:x:668:
    up02:x:669:
    up03:x:670:
    
    rm -rf *
    
    #手动删除用户:逆向思维创建用户
    
    #修改组的密码
    [root@serv01 /]# tail -n1 /etc/gshadow
    linux:!::zhink
    
    [root@serv01 /]# gpasswd linux
    Changing the password for group linux
    New Password: 
    Re-enter new password: 
    [root@serv01 /]# tail -n1 /etc/gshadow
    linux:$6$Qkm/5/Xju/N/U$cmxuQ0KEcDJzISIhlhEaAkKi/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3.UAmiS/kQzjrnBs7Kbg7DriXaCJ1::zhink
    
    useradd zhink
    passwd zhink
    #以zhink用户登录
    [root@larrywen Desktop]# ssh zhink@192.168.1.11
    zhink@192.168.1.11's password: 
    #修改zhink用户到linux组
    [zhink@serv01 ~]$ newgrp linux
    Password: 
    Invalid password.
    
    #RHEL5支持添加到其他组需要密码,6不支持
    
    #修改用户up01到linux组,成为该组的管理员
    [root@serv01 /]# gpasswd -A up01 linux
    [root@serv01 /]# tail -n1 /etc/gshadow
    linux:$6$Qkm/5/Xju/N/U$cmxuQ0KEcDJzISIhlhEaAkKi/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3.UAmiS/kQzjrnBs7Kbg7DriXaCJ1:up01:
    [root@serv01 /]# passwd up01
    #以up01用户登录,然后把zhink添加到linux组
    [root@larrywen Desktop]# ssh up01@192.168.1.11
    up01@192.168.1.11's password: 
    [up01@serv01 ~]$ gpasswd -a zhink linux
    Adding user zhink to group linux
    [up01@serv01 ~]$ id zhink
    uid=500(zhink) gid=501(oracle) groups=501(oracle),502(linux),503(dba)
    [root@serv01 /]# tail -n1 /etc/gshadow
    linux:$6$Qkm/5/Xju/N/U$cmxuQ0KEcDJzISIhlhEaAkKi/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3.UAmiS/kQzjrnBs7Kbg7DriXaCJ1:up01:zhink
    
    #修改up02的密码
    [root@serv01 /]# passwd up02
    [root@larrywen Desktop]# ssh up02@192.168.1.11
    #以up02登录,然后将zhink添加到linux组,发现失败
    up02@192.168.1.11's password: 
    [up02@serv01 ~]$ id zhink
    uid=500(zhink) gid=501(oracle) groups=501(oracle),502(linux),503(dba)
    
    [up02@serv01 ~]$ gpasswd -a zhink linux
    gpasswd: Permission denied.
    
    #添加用户时的定义
    [root@serv01 /]# vim /etc/default/useradd 
    
    [root@serv01 etc]# ls -l /var/mail /var/spool/mail/ -id
    417 lrwxrwxrwx. 1 root root   10 Jul 23 00:54 /var/mail -> spool/mail
    424 drwxrwxr-x. 2 root mail 4096 Sep 20 17:37 /var/spool/mail/


    我的邮箱wgbno27@163.com  新浪微博@Wentasy27
      微信公众平台:JustOracle(微信号:justoracle)
      数据库技术交流群:336882565(加群时验证 From CSDN XXX)
      Oracle交流讨论组https://groups.google.com/d/forum/justoracle
      By Larry Wen
    


    katoon Sina CSDN
    @Wentasy 博文仅供参考,欢迎大家来访。如有错误之处,希望批评指正。原创博文如需转载请注明出处,谢谢 :) [CSDN博客]
  • 相关阅读:
    dede文章插入分页符不起作用,编辑器中出现分页符,导致文章显示不全
    dedecms 图集标签{dede:productimagelist} {dede:field name='imgurls'}&nbs
    dede织梦怎么修改description的字数
    dede 内容页文章标题显示不全的更改方法
    amazon company
    rapleaf
    nope
    数据库事务隔离级别与锁
    nosql=not only sql
    Lustre是开放源代码的集群文件系统
  • 原文地址:https://www.cnblogs.com/javawebsoa/p/3237105.html
Copyright © 2011-2022 走看看