1.概述
Users and groups
. Every process (running program) on the system runs as a particular user.
系统上的每个进程(运行的程序)都是作为特定用户运行的
. Every file is owned by a particular user.
每个文件是由一个特定的用户拥有
. Access to files and directories are restricted by user.
访问文件和目录受到用户的限制
. The user associated with a running process determines the files and directories accessible to that process.
与正在运行的进程相关联的用户确定该进程可访问的文件和目录
-
查看当前登录的用户信息:
[root@tianyun ~]# id uid(用户的身份信息)=0(root) gid(用户所属组)=0(root) groups(用户所有的组)=0(root) -
查看文件的owner:
[root@tianyun ~]# ll /home/ -
查看运行进程的username:
[root@tianyun ~]# ps aux |grep **** USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND -
和用户组相关的一些文件:
vim /etc/passwd root:x:0:0:root:/root:/bin/bash 用户信息 用户名:x:uid:gid:描述:HOME:shell x密码占位符 /etc/shadow root:$1$MYG2NDG6$a1wtyr5GDM2esAPjug0YP0:15636:0:99999:7:: : 密码信息 user:$id$salt$encrypted:生成时间: /etc/group root:x:0: 组信息 加密算法$id:
$1: MD5
$5: SHA-256
$6: SHA-512
- 系统约定: centos7
uid: 0 特权用户root
uid: 1~1000 系统用户
uid: 500+ 普通用户
2.管理
组管理
[root@tianyun ~]# groupadd hr //创建组
[root@tianyun ~]# groupadd net01 -g 2000 //添加组net01,并指定gid 2000
[root@tianyun ~]# groupdel hr //删除组
用户管理
-
用户创建
[root@tianyun ~]# useradd user01 //创建用户 [root@tianyun ~]# useradd user02 -u 503 //创建用户usr02,指定uid [root@tianyun ~]# useradd user03 -d /aaa //创建用户user03 指定家目录 [root@tianyun ~]# useradd user05 -s /sbin/nologin //创建用户并指定shell [root@tianyun ~]# useradd user07 -G hr,it,fd //创建用户,指定附加组 [root@tianyun ~]# useradd user10 -u 4000 -s /sbin/nologin //指定uid和shell [root@tianyun ~]# passwd user05 //添加密码 -
用户删除
[root@tianyun ~]# userdel user10 //删除用户user10,但不删除用户家目录和mail spool [root@tianyun ~]# userdel -r user2 //删除所有与user2有关的文件 -
用户查看
[root@tianyun ~]#id user1 //user 1的信息 [root@tianyun ~]#id 0 //uid 为0 的用户信息 -
用户与组
[root@tianyun ~]#usermod -G hr niuniu2 //覆盖原有的附加组 [root@tianyun ~]#usermod -G fd,it niuniu2 //覆盖原有的niuniu组 [root@tianyun ~]#usermod -aG hr niuniu2 //增加新的附加组 [root@tianyun~]#gpasswd -a jack wheel //usermod -aG hr zhuzhu [root@tianyun~]#gpasswd -M zhuzhu,maomao100 hr //将多个用户添加到组中 [root@tianyun~]#gpasswd -d zhuzhu hr //从hr组中移除zhuzhu用户 -
其它选项管理
[root@tianyun ~]# usermod -s /sbin/nologin niuniu2 //指定用户的shell 用户提权sudo
1. 超管组
wheel id=10
2. 配置文件visudo/etc/sudoers
3.使用 进入用户shell,使用#sudo开头
-
login.defs 用户最初创建时的定义
# Please note that the parameters in this configuration file control the # behavior of the tools from the shadow-utils component. None of these # tools uses the PAM mechanism, and the utilities that use PAM (such as the # passwd command) should therefore be configured elsewhere. Refer to # /etc/pam.d/system-auth for more information. # # *REQUIRED* # Directory where mailboxes reside, _or_ name of file, relative to the # home directory. If you _do_ define both, MAIL_DIR takes precedence. # QMAIL_DIR is for Qmail # #QMAIL_DIR Maildir MAIL_DIR /var/spool/mail #MAIL_FILE .mail # Password aging controls: # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_MIN_LEN Minimum acceptable password length. # PASS_WARN_AGE Number of days warning given before a password expires. # PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7 # # Min/max values for automatic uid selection in useradd # UID_MIN 1000 UID_MAX 60000 # System accounts SYS_UID_MIN 201 SYS_UID_MAX 999 # # Min/max values for automatic gid selection in groupadd # GID_MIN 1000 GID_MAX 60000 # System accounts SYS_GID_MIN 201 SYS_GID_MAX 999 # # Please note that the parameters in this configuration file control the # behavior of the tools from the shadow-utils component. None of # tools uses the PAM mechanism, and the utilities that use PAM (such as the # passwd command) should therefore be configured elsewhere. Refer to # /etc/pam.d/system-auth for more information. # # *REQUIRED* # Directory where mailboxes reside, _or_ name of file, relative to the # home directory. If you _do_ define both, MAIL_DIR takes precedence. # QMAIL_DIR is for Qmail # #QMAIL_DIR Maildir MAIL_DIR /var/spool/mail #MAIL_FILE .mail # Password aging controls: # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_MIN_LEN Minimum acceptable password length. # PASS_WARN_AGE Number of days warning given before a password expires. # PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7 # # Min/max values for automatic uid selection in useradd # UID_MIN 1000 UID_MAX 60000 # System accounts SYS_UID_MIN 201 SYS_UID_MAX 999 # # Min/max values for automatic gid selection in groupadd # GID_MIN 1000 GID_MAX 60000 # System accounts SYS_GID_MIN 201 SYS_GID_MAX 999 # If defined, this command is run when removing a user. # It should remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument). # #USERDEL_CMD /usr/sbin/userdel_local # # If useradd should create home directories for users by default # On RH systems, we do. This option is overridden with the -m flag on # useradd command line. # CREATE_HOME yes # The permission mask is initialized to this value. If not specified, # the permission mask will be initialized to 022. UMASK 077 # This enables userdel to remove user groups if no members exist. # USERGROUPS_ENAB yes # Use SHA512 to encrypt password. ENCRYPT_METHOD SHA512
