1.用户创建流程
创建用户时系统会自动匹配 /etc/login.defs /etc/default/useradd 配置文件读取默认设置参数 若人为设定参数则采用个人设定参数
cp -a /etc/skel/.*bash 恢复用户相关环境
2.用户组的管理
组是一个逻辑概念 ,将多个用户捆绑成一个组,当我们针对组操作时就相当于在操作组下的所有用户。
1.用户组分类
==基本组==:创建是指定的组
==私有组==:创建时没有指定 ,默认创建用户名的同名的组
==附加组==:对于用户可以有多个组
注: 1.首先得有组 2.再进行加入
2.组的信息存放位置
/etc/group
QQ图片20200313103420.jpg
/etc/gshadow
QQ图片20200313103525.jpg
3.创建组 ==groupadd==
groupadd
-g 设定gid
4.修改组 ==groupmod==
选项 ==-g== 修改gid
选项 ==-n== 修改组名字
5.删除组 ==groupdel==
私有组 :删除私有组用户 则私有组一起被删除
基本组 : 要想删除组 需要删除组下所有成员才能删除组
查询组下所有成员
grep “gid”|/etc/passwd
6.linux shell 配置文件介绍
个人配置文件 ~/.bash_profile ~/.bashrc
全局配置文件:/etc/profile /etc/profile/.sh* /etc/bashrc
| profile类文件 | 设定环境变量文件,登录前运行的脚本和命令 |
| bashrc | 设定本地变量 定义别名(alias) |
==su -== 命令
su - xxxx用户名 登录xxxx用户
注:当前用户为root 登录其他普通用户不需要密码 登录root则 需要root密码
7.sudo 提权
特殊用户组 wheel
创建用户 并设置附加组为wheel 附加组wheel拥有一切权限
[root@wangjc ~]# useradd wjc -G wheel #创建 用户wjc 设置附加组为 wheel
[root@wangjc ~]# id wjc
uid=5004(wjc) gid=5004(wjc) groups=5004(wjc),10(wheel)
[root@wangjc ~]# echo "123456"|passwd --stdin wjc #设置wjc 用户的密码为123456
Changing password for user wjc.
passwd: all authentication tokens updated successfully.
[wjc@wangjc ~]$ sudo -l # 验证sudo 可执行命令
Matching Defaults entries for wjc on wangjc:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset,
env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME
LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES",
env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE
LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User wjc may run the following commands on wangjc:
(ALL) ALL
方法一:
用户 oldxu oldqiang ==运维 OPS
用户 oldli oldguo == DBA
步骤一 :创建用户
#创建相应用户
[root@wangjc ~]# useradd oldxu
[root@wangjc ~]# useradd oldqiang
[root@wangjc ~]# useradd oldli
[root@wangjc ~]# useradd oldguo
#创建用户密码
[root@wangjc oldxu]# echo "123456"|passwd --stdin oldxu
[root@wangjc oldxu]# echo "123456"|passwd --stdin oldqiang
[root@wangjc oldxu]# echo "123456"|passwd --stdin oldli
[root@wangjc oldxu]# echo "123456"|passwd --stdin oldguo
步骤二 : 编辑 sudo 文件 ==visudo==
User_Alias OPS = oldxu,oldqiang #用户组别名
User_Alias DBA = oldli,oldguo
Cmnd_Alias NETWORKING = /sbin/ifconfig, /bin/ping #命令别名
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/yum
Cmnd_Alias SERVICES = /sbin/service, /usr/bin/systemctl start
Cmnd_Alias STORAGE = /bin/mount, /bin/umount
Cmnd_Alias DELEGATING = /bin/chown, /bin/chmod, /bin/chgrp
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
OPS ALL=(ALL) NETWORKING,SOFTWARE,SERVICES,STORAGE,DELEGATING,PROCESSES
#用户组可使用的命令
DBA ALL=(ALL) SOFTWARE,PROCESSES
步骤三 :登录用户 验证sudo命令 ==sudo - l==
[root@wangjc oldxu]# su - oldxu
[oldxu@wangjc ~]$ sudo -l
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for oldxu: #输入 密码
Matching Defaults entries for oldxu on wangjc:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset,
env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME
LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES",
env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE
LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User oldxu may run the following commands on wangjc:
(ALL) /sbin/ifconfig, /bin/ping, /bin/rpm, /usr/bin/yum, /sbin/service, /usr/bin/systemctl start,
/bin/mount, /bin/umount, /bin/chown, /bin/chmod, /bin/chgrp, /bin/nice, /bin/kill, /usr/bin/kill,
/usr/bin/killall
方法二:
创建组
用户 oldxu oldqiang ==运维 OPS
用户 oldli oldguo == DBA
步骤一:创建组 并添加用户组
#创建相应的组
[root@wangjc ~]# groupadd OPS
[root@wangjc ~]# groupadd DBA
#用户加入相应的组
[root@wangjc ~]# usermod -G OPS oldxu
[root@wangjc ~]# usermod -G OPS oldqiang
[root@wangjc ~]# usermod -G DBA oldli
[root@wangjc ~]# usermod -G DBA oldguo
步骤二:编辑sudo ==visudo==
Cmnd_Alias NETWORKING = /sbin/ifconfig, /bin/ping
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/yum
Cmnd_Alias SERVICES = /sbin/service, /usr/bin/systemctl start
Cmnd_Alias STORAGE = /bin/mount, /bin/umount
Cmnd_Alias DELEGATING = /bin/chown, /bin/chmod, /bin/chgrp
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
#% 真实的组
%OPS ALL=(ALL) NETWORKING,SOFTWARE,SERVICES,STORAGE,DELEGATING,PROCESSES
%DBA ALL=(ALL) SOFTWARE,PROCESSES
步骤三 登录验证 ==sudo -l==
[root@wangjc ~]# su - oldli
[oldli@wangjc ~]$ sudo -l
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for oldli: #输入密码
Matching Defaults entries for oldli on wangjc:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset,
env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME
LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES",
env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE
LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User oldli may run the following commands on wangjc:
(ALL) /bin/rpm, /usr/bin/yum, /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
[oldli@wangjc ~]$
