# vi /etc/passwd
修改 /bin/bash 为 /bin/csh
将永久改变所有用户的shell 为C shell
---------------------------------------------
你可以在 /etc/passwd 里边,修改对应的用户 将 用户后边的shell 配置信息改为 自己想要的shell
bash: idcdpi
:503:503::/home/idcdpi:/bin/bash 比如bash 可以改为 csh source /etc/passwd 后切换到 idcdpi 用户下,发现csh已生效!! 下面将详细说明useradd与usermod 的参数及用法!
切换用户:su
[root@node203 ~]# su - linsco //由超级管理员用户切换成普通用户
[linsco@node203 ~]$ su root
[linsco@node203 ~]$ su - //由普通用户切换成超级管理员用户
Password:
查看用户的UID,GID
[root@node203 home]# id root
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@node203 home]# id linsco
uid=501(linsco) gid=501(linsco) groups=501(linsco)
用户分为:root用户,虚拟用户和普通用户
检查用户身份:
who:查询当前在线的用户
groups :查询当前用户所属的组
id:显示当前用户的信息
finger:查询用户信息
whoami:显示当前用户
w:查询当前用户的信息
/etc/passwd //是系统识别用户的一个文件
root:x:0:0:rsc,runhow,0592-5213966,15932836339:/root:/bin/bash
rscpass:x:100:507:ruanshengchang,runhow health,18859224109,18859224109:/home/rscpass:/bin/bash
root:用户名
x: 用户的密码,X表示密码被映射到/etc/shadow文件中
100:标识用户的UID,root的UID为0
查看UID最大值:/etc/login.defs
如果将别的用户的UID修改为0,那么此用户就有root的权限
507:组群标识号
:/home/rscpass:用户宿主目录
:/bin/bash:用户使用的shell
Usage: passwd [OPTION...] <accountName>
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root only) //删除密码 -d 用户名,不要密码就可以进入
-l, --lock lock the named account (root only) //暂时锁定指定的用户账户
-u, --unlock unlock the named account (root only) //解除锁定
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before
password expiration (root only)
-i, --inactive=DAYS number of days after password expiration when an
account becomes disabled (root only)
-S, --status report password status on the named account (root //显示用户的状态
only)
--stdin read new tokens from stdin (root only)
Help options:
-?, --help Show this help message
--usage Display brief usage message
/etc/shadow //所有系统用户密码文件
root:$1$qwzTSMfi$U3F3sK6/X9FsKuk8DdqD5.:15388:0:99999:7:::
rscpass:$1$pIPEe9Vn$0f1eKKi5TPzb6Rr.lY8Mi/:15389::::::
rpc:!!:15388:0:99999:7:::
rscpass:用户名,与/etc/passwd的用户名相同
$1$pIPEe9Vn$0f1eKKi5TPzb6Rr.lY8Mi:加密的密码
!!:代表此用户不能登录
!qewadfxcvweadsf:以!开头的用户已锁定
*:代表
useradd - create a new user or update default new user information
authconfig 更改密码的存放方式
添加用户;
#useradd tond //添加用户
#passwd tond //设置密码
系统添加用户的标准步骤
编辑/etc/passwd与/etc/group
创建用户主目录
从/etc/skel拷贝文件与目录
让新用户获得其主目录与文件的拥有权限
组新用户一个密码
设置用户UID
#useradd -u 550 tong
#useradd -G root tong
-u:设置UID
-d:设置用户宿主目录,不是系统的目录/home/
-g:设置属于那个组
-s:设置shell类型 禁止用户登陆/sbin/nologin
-n:禁止系统建立与用户名同名的用户组
-l:参数设置用户名
-e:禁用账号的日期,YYYY-MM-DD
-f:天数 口令过期后,帐号禁用前的天数
-M, do not create user's home directory(overrides /etc/login.defs)
-m, --create-home create home directory for the new user
-r, create system account
修改用户帐户:
usermod -d /home/kkk tond
-d:修改宿主目录
-i:修改用户帐号名称
-L:锁定用户密码,使其无效
Options:
-a, --append append the user to the supplemental GROUPS
(use only with -G)
-c, --comment COMMENT new value of the GECOS field //设定用户全名,用finger查看 usermod -c '***' 用户名
-d, --home HOME_DIR new home directory for the user account //更改用户的家目录
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE //设定用户密码过期时间
eg:usermod -e "2009-01-01" linsco
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE //设置密码过期后多久就关闭这个帐号
-g, --gid GROUP force use GROUP as new primary group //更改用户的GID
eg:[root@node203 home]# usermod -g root rsc //修改用户rsc的GID
eg:[root@node203 home]# usermod -g 503 rsc //修改用户rsc的GID 不能修改加入不存在的组
-G, --groups GROUPS new list of supplementary GROUPS //将用户添加组里面
eg:# usermod -G root rsc //将rsc用户加入到root组中 #id rsc 查看
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account //锁定用户
-m, --move-home move contents of the home directory to the new
location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-s, --shell SHELL new login shell for the user account //更改用户默认使用的SHELL
eg:# usermod -s /bin/csh rsc
-u, --uid UID new UID for the user account //更改用户的UID
eg:# usermod -u 503 rsc
-U, --unlock unlock the user account//解除用户锁定 查看用户是否锁定:# passwd -S rsc
-Z, --selinux-user new selinux user mapping for the user account
eg:
#useradd -u 600 -g tom -G boobooke zl
新建用户zl,设定uid为600,初始群组为tom,加入到boobooke群组中
#useradd gmy1 -s /bin/csh
userdel [-r] [用户名]//删除或禁止用户帐户
Options:
-f, --force force removal of files, even if not owned by user
-h, --help display this help message and exit
-r, --remove remove home directory and mail spool //删除用户时,一起删除用户家目录
eg:
userdel -r tond
Pwck//校验用户配置文件/etc/passwd和/etc/shadow内容是否合法,完整
[root@localhost ~]# pwck
user adm: directory /var/adm does not exist
user news: directory /etc/news does not exist
user uucp: directory /var/spool/uucp does not exist
user gopher: directory /var/gopher does not exist
user pcap: directory /var/arpwatch does not exist
user sabayon: directory /home/sabayon does not exist
user gaga: no group 510
user gaga: directory /home/gaga does not exist
pwck: no changes
chage //管理用户口令的进效
Usage: chage [options] user
选项 用户名
Options:
-d, --lastday LAST_DAY set last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximim number of days before password
change to MAX_DAYS
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
组 管 理
/etc/group //系统用户所在的组
格式:group_name:passwd:GID:user_list
root:x:0:root
root:用户组名称
X:已设置密码
0:组群号
root:组群成员
/etc/gshadow //是etc/group的加密信息文件
root:::root
daemon:x::root,bin,daemon
jishubu:!::
root:组群名称
!:没有设置密码
root,bin,daemon:组的成员
Groupadd [-g gid [-o] ] [-f] [组群名]
Options:
-f, --force force exit with success status if the specified
group already exists
-r, create system account
-g, --gid GID use GID for the new group // groupadd -g 5600 test
-h, --help display this help message and exit
-K, --key KEY=VALUE overrides /etc/login.defs defaults
-o, --non-unique allow create group with duplicate //可以指定不唯一的组ID值,与-g一起使用
(non-unique) GID
eg:
groupadd hello
groupadd -g 800 hello
Groupmod [-g<组群识别码> <-o>] [-n 新组群名称] [组群名称]
groupmod [-g gid [-o]] [-n name] group
-g GID 组ID值
-n 组群名 更改组名
-o, --non-unique allow create group with duplicate //可以指定不唯一的组ID值,与-g一起使用
eg:
[root@localhost home]# groupmod -g 509 hello
[root@localhost home]# cat /etc/group | grep hello
hello:x:509:
[root@localhost home]# groupadd -r systems
[root@localhost home]# cat /etc/group | grep systems
systems:x:102:
eg:将tom群组名修改为jack
#groupmod -n jack tom
Groupdel [组群名称]
eg:
groupdel hello
Gpasswd//设置组群的密码,一般不设置密码
初始用户群组,有效用户群组
初始用户群组:在新建用户或群组时,默认建立与用户名相同的群组名
有效用户群组:通过newgrp修改过的群组名
Usage: gpasswd [-r|-R] group
gpasswd [-a user] group
gpasswd [-d user] group
gpasswd [-A user,...] [-M user,...] group
eg:
gpasswd -a rscpass root //将rscpass用户加入到root组中
gpasswd -d rscpass root
[root@localhost ~]# gpasswd rscpass //设置组群密码
[root@localhost ~]# gpasswd -r rscpass//取消密码
mygroup:x:513: //没有设置密码
test:$1$48IgiHfr$H48yG/UdLGkOGGaF3GjN20:5600: //设置了密码
newgrp//以另一个组群的身份登录,前题是一个用户属于多个组才可以
Usage: newgrp [-] [group]
eg:
newgrp [组群名]
newgrp rscpass
groups//显示指定用户的组群成员身份
groups [用户名]
eg:
groups root //显示root属于那几个组
[root@localhost ~]# groups root
root : root bin daemon sys adm disk wheel
id//显示用户的ID以及所属组群的ID
id[选项] [用户名]
Usage: id [OPTION]... [USERNAME]
Print information for USERNAME, or the current user.
-a ignore, for compatibility with other versions
-Z, --context print only the context of the current process
-g, --group print only the effective group ID
-G, --groups print all group IDs
-n, --name print a name instead of a number, for -ugG
-r, --real print the real ID instead of the effective ID, with -ugG
-u, --user print only the effective user ID
--help display this help and exit
--version output version information and exit
Without any OPTION, print some useful set of identified information.
eg:
id rscpass
id -g rscpass
id -u rscpass
W //详细查询已登录当前系统的用户
[root@localhost ~]# w --help
w: invalid option -- -
usage: w -hlsufV [user]
-h skip header
-l long listing (default)
-s short listing
-u ignore uid of processes
-f toggle FROM field (default on)
-V display version
Who//显示已登录当前计算机用户的简单信息
[root@localhost ~]# who --help
Usage: who [OPTION]... [ FILE | ARG1 ARG2 ]
-a, --all same as -b -d --login -p -r -t -T -u
-b, --boot time of last system boot
-d, --dead print dead processes
-H, --heading print line of column headings
-l, --login print system login processes
--lookup attempt to canonicalize hostnames via DNS
-m only hostname and user associated with stdin
-p, --process print active processes spawned by init
-q, --count all login names and number of users logged on
-r, --runlevel print current runlevel
-s, --short print only name, line, and time (default)
-t, --time print last system clock change
-T, -w, --mesg add user's message status as +, - or ?
-u, --users list users logged in
--message same as -T
--writable same as -T
--help display this help and exit
--version output version information and exit
Chsh//改变用户的shell类型
[root@localhost ~]# chsh --help
Usage: chsh [ -s shell ] [ --list-shells ] [ --help ] [ --version ] [ username ]
eg:
chsh -s /bin/ksh root
Su//切换用户帐户进行登录
-, -l, --login make the shell a login shell
-g --group=group specify the primary group
-G --supp-group=group specify a supplemental group
-c, --commmand=COMMAND pass a single COMMAND to the shell with -c
--session-command=COMMAND pass a single COMMAND to the shell with -c
and do not create a new session
-f, --fast pass -f to the shell (for csh or tcsh)
-m, --preserve-environment do not reset environment variables
-p same as -m
-s, --shell=SHELL run SHELL if /etc/shells allows it
--help display this help and exit
--version output version information and exit
/etc/skel目录
新建用户的初始化目录,当新建一个用户,这个目录下的所有文件将复制到新建用户的宿主目录下
/etc/login.defs配置文件
是新用户的一些默认设置
/etc/default/useradd
使用useradd命令的一些规则文件
创建帐户
1.直接修改帐户配置文件来创建帐户
2.执行pwconv来让/etc/passwd和etc/shadow同步
创建组
1.直接修改组帐户配置文件来创建组帐户
2.执行grpconv来让/etc/group和etc/gshadow同步
1.newusers
newusers [input] 批量导入按/etc/passwd格式的文件
创建userfile.txt
2.chpasswd //批量更新用户密码工具
创建userpwdfile.txt
3.pwconv
eg:
newusers userfile.txt
chpasswd < userpwdfile.txt
pwconv
finger//查找并显示用户
finger [选项] [用户名]
[root@localhost ~]# finger --help
finger: invalid option -- -
usage: finger [-lmps] [login ...]