用户提权与切换用户
1. 用户提权
2. 用户的工作环境相关文件
3. su命令用户提权
4. sudo用户提权
5. sudo设置组
6. sudo设置案例
7. 编辑器练习题
8. 用户练习题
1. 用户提权
1. su 使用普通用户登录,然后执行su命令切换到root用户 优点:简单 缺点:需要知道root密码
2. sudo 使用普通用户管理,当需要使用root的权限的时候,进行提权 优点:安全、方便 缺点:复杂
shell的分类及执行的过程
交互式shell #终端操作 输入一条指令,需要等待系统的处理及返回结果
非交互式shell #脚本的执行方式就是 用户执行完指令 不需要跟系统进行交互
登录式shell #通过用户名和密码的方式进行登录的
非登录式shell #不是通过用户名和密码的方式进行登录的 执行一个bash,就是一个非登录式shell
[root@qls ~]# yum install -y psmisc
[root@qls ~]# pstree
``
systemd─┬─NetworkManager───2*[{NetworkManager}]
├─VGAuthService
├─agetty
├─auditd───{auditd}
├─crond
├─dbus-daemon
├─firewalld───{firewalld}
├─master─┬─pickup
│ └─qmgr
├─nginx───nginx
├─polkitd───6*[{polkitd}]
├─rsyslogd───2*[{rsyslogd}]
├─sshd─┬─sshd───bash───pstree
│ └─sshd───bash───bash
├─systemd-journal
├─systemd-logind
├─systemd-udevd
├─tuned───4*[{tuned}]
└─vmtoolsd───{vmtoolsd}
2. 用户的工作环境相关文件
#个人配置文件
/root/.bash_profile
/root/.bashrc
#全局配置文件
/etc/bashrc
/etc/profile
/etc/profile.d/*.sh
profile #环境变量配置文件 系统登录前执行的一些命令或者脚本
bashrc # 本地变量 别名
执行顺序
#在5个文件的第二行加入echo输出
[root@qls ~]# vim .bashrc
[root@qls ~]# vim .bash_profile
[root@qls ~]# vim /etc/bashrc
[root@qls ~]#
[root@qls ~]# vim /etc/profile
[root@qls ~]# vim /etc/profile.d/test.sh
#登录式Shell执行顺序
/etc/profile ---》 /etc/profile.d/*.sh ---》 .bash_profile ---》 .bashrc ---》 /etc/bashrc
#非登录式shell执行顺序
.bashrc ---》 /etc/bashrc ---》 /etc/profile.d/*.sh
3. su命令用户提权
su username #非登录式shell
su - username #登录式shell
区别就是加载的配置文件不一样
root用户切换到普通用户是不需要密码的,而普通用户切换到root用户是需要密码的
[root@qls ~]# useradd test10
[root@qls ~]# echo "1" |passwd --stdin test10
Changing password for user test10.
passwd: all authentication tokens updated successfully.
[root@qls ~]# su test10
/etc/bashrc
/etc/profile.d/*.sh
[test10@qls root]$
[test10@qls root]$ pwd
/root
su username在切换用户的时候,只执行了
/etc/bashrc
/etc/profile.d/*.sh
切换之后所在的目录是在从哪个用户切换过来的就是谁的家目录
[root@qls ~]# su - test10
Last login: Wed Jul 22 09:09:58 CST 2020 on pts/0
/etc/profile
/etc/profile.d/*.sh
/etc/bashrc
[test10@qls ~]$ pwd
/home/test10
su - username 在切换用户的时候属于一种登录式shell 跟su命令直接切换的区别就是是否加载了/etc/profile文件,切换之后,工作环境也已经改变了,是在自己的家目录下面
[root@qls ~]# su - test10
Last login: Wed Jul 22 09:13:03 CST 2020 on pts/0
[test10@qls ~]$ su -
Password:
Last login: Wed Jul 22 09:13:25 CST 2020 from 10.0.0.1 on pts/2
[root@qls ~]# su - test10
Last login: Wed Jul 22 09:16:33 CST 2020 on pts/0
[test10@qls ~]$ su - root
Password:
Last login: Wed Jul 22 09:16:59 CST 2020 on pts/0
4. sudo用户提权
#日志审计
[root@qls ~]# grep 'wheel' /etc/group
wheel:x:10:
[root@qls ~]# usermod -aG wheel test10
[root@qls ~]# id test10
uid=1007(test10) gid=1007(test10) groups=1007(test10),10(wheel)
[test10@qls ~]$ sudo -l
[sudo] password for test10:
Matching Defaults entries for test10 on qls:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY
HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC
LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User test10 may run the following commands on qls:
(ALL) ALL
[test10@qls ~]$ sudo tail -f /var/log/messages
Jul 22 09:19:49 qls systemd-logind: Removed session 65.
Jul 22 09:19:56 qls systemd: Created slice User Slice of test10.
Jul 22 09:19:56 qls systemd: Started Session 66 of user test10.
Jul 22 09:19:56 qls systemd-logind: New session 66 of user test10.
Jul 22 09:20:11 qls su: (to root) test10 on pts/2
Jul 22 09:47:08 qls systemd-logind: Removed session 66.
Jul 22 09:47:08 qls systemd: Removed slice User Slice of test10.
Jul 22 09:47:12 qls systemd: Created slice User Slice of test10.
Jul 22 09:47:12 qls systemd: Started Session 67 of user test10.
Jul 22 09:47:12 qls systemd-logind: New session 67 of user test10.
^C
[test10@qls ~]$ rm -rf /opt/
rm: cannot remove ‘/opt/hostname’: Permission denied
rm: cannot remove ‘/opt/hostnamectl’: Permission denied
rm: cannot remove ‘/opt/test_hostname’: Permission denied
rm: cannot remove ‘/opt/test_hostname.txt’: Permission denied
rm: cannot remove ‘/opt/.hostname.log’: Permission denied
rm: cannot remove ‘/opt/HOSTNAMECTL’: Permission denied
rm: cannot remove ‘/opt/user02’: Permission denied
rm: cannot remove ‘/opt/user01’: Permission denied
[test10@qls ~]$ sudo rm -rf /opt/
[test10@qls ~]$ ll /opt
ls: cannot access /opt: No such file or directory
#权限太大 怎么限制权限
visudo #进行设置 默认只能root用户使用sudo命令 普通用户是使用不了的 需要root用户设置
#只给开发人员只读权限
[root@qls ~]# visudo #简单 有语法检查功能
====
[root@qls ~]# vi /etc/sudoers
#在100行左右添加此行
test11 ALL=(ALL) /usr/bin/cat,/usr/bin/tail
用户 主机 角色 命令
ALL 所有命令
/usr/bin/cat #单个命令
/usr/bin/cat,/usr/bin/tail #多个用逗号分割
/usr/bin/* #目录下的所有命令
NOPASSWD: #免密执行
test11 ALL=(ALL) NOPASSWD: /usr/bin/tail /var/log/messages #限制某个文件操作
#检查语法
[root@qls ~]# visudo -c
/etc/sudoers: parsed OK
#普通用户测试
[sudo] password for test11:
Matching Defaults entries for test11 on qls:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY
HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC
LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User test11 may run the following commands on qls:
(ALL) /usr/bin/cat, /usr/bin/tail
[test11@qls ~]$ tail -f /var/log/messages
tail: cannot open ‘/var/log/messages’ for reading: Permission denied
tail: no files remaining
[test11@qls ~]$ sudo tail -f /var/log/messages
Jul 22 09:47:12 qls systemd: Started Session 67 of user test10.
Jul 22 09:47:12 qls systemd-logind: New session 67 of user test10.
Jul 22 09:52:16 qls systemd: Created slice User Slice of test11.
Jul 22 09:52:16 qls systemd: Started Session 68 of user test11.
Jul 22 09:52:16 qls systemd-logind: New session 68 of user test11.
Jul 22 09:57:26 qls systemd-logind: Removed session 68.
Jul 22 09:57:26 qls systemd: Removed slice User Slice of test11.
Jul 22 09:57:35 qls systemd: Created slice User Slice of test11.
Jul 22 09:57:35 qls systemd: Started Session 69 of user test11.
Jul 22 09:57:35 qls systemd-logind: New session 69 of user test11.
^C
[test11@qls ~]$ rm -rf /mnt/
rm: cannot remove ‘/mnt/’: Permission denied
[test11@qls ~]$ sudo rm -rf /mnt/
Sorry, user test11 is not allowed to execute '/bin/rm -rf /mnt/' as root on qls.
#执行sodu命令的时候,不提示输入密码
[root@qls ~]# visudo
test11 ALL=(ALL) NOPASSWD:/usr/bin/cat,/usr/bin/tail
[root@qls ~]# visudo -c
/etc/sudoers: parsed OK
[test11@qls ~]$ sudo -l
Matching Defaults entries for test11 on qls:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY
HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC
LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User test11 may run the following commands on qls:
(ALL) NOPASSWD: /usr/bin/cat, /usr/bin/tail
[test11@qls ~]$
注意:设置命令权限的时候,多个可以使用逗号分割 也可以是/usr/bin/* ALL
5. sudo设置组
两种方法:
利用sudo的自己的组 只在sudo里面生效
利用系统组 是一个真实存在的组
#利用sudo的自己的组
[root@qls ~]# useradd dev01
[root@qls ~]# useradd dev02
[root@qls ~]# echo "1" | passwd --stdin dev01
Changing password for user dev01.
passwd: all authentication tokens updated successfully.
[root@qls ~]# echo "1" | passwd --stdin dev02
Changing password for user dev02.
passwd: all authentication tokens updated successfully.
#用户别名组
User_Alias DEV = dev01,dev02
#命令别名组
Cmnd_Alias READ = /bin/cat,/bin/head,/bin/tail
#调用
DEV ALL=(ALL) NOPASSWD: READ
[root@qls ~]# visudo -c
/etc/sudoers: parsed OK
#测试
[dev01@qls ~]$ sudo -l
Matching Defaults entries for dev01 on qls:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY
HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC
LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User dev01 may run the following commands on qls:
(ALL) NOPASSWD: /bin/cat, /bin/head, /bin/tail
[dev01@qls ~]$ sudo head -1 /etc/shadow
root:$6$SoTZ3L8.5rI4l25X$WAqOKpP8BwpL/evQNV2RfaJnXn6AZepgQcwUjHTUoDSJz7InZPGUZbanfzCVtLUeSX1q6gbPTiP.vnKIVcW1t0::0:99999:7:::
[dev01@qls ~]$ sudo tail -1 /etc/shadow
dev02:$6$iZSmy0at$iDnyU7dcY1saiseJHT40Qw00.LildePgoG2j3ShODj1s69Z.aVpaj9vvoZLtCcMakQ0BDFdA5Lh3FstbnAKcf1:18465:0:99999:7:::
系统的组 真实组
[root@qls ~]# groupadd dev_group
[root@qls ~]# useradd -g dev_group dev11
[root@qls ~]# useradd -g dev_group dev12
[root@qls ~]# echo "1" | passwd --stdin dev11
Changing password for user dev11.
passwd: all authentication tokens updated successfully.
[root@qls ~]# echo "1" | passwd --stdin dev12
Changing password for user dev12.
passwd: all authentication tokens updated successfully
[root@qls ~]# visudo
%dev_group ALL=(ALL) NOPASSWD: READ
[root@qls ~]# visudo -c
/etc/sudoers: parsed OK
#测试
[dev11@qls ~]$ sudo -l
Matching Defaults entries for dev11 on qls:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY
HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC
LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User dev11 may run the following commands on qls:
(ALL) NOPASSWD: /bin/cat, /bin/head, /bin/tail
[dev11@qls ~]$ head -1 /var/log/messages
head: cannot open ‘/var/log/messages’ for reading: Permission denied
[dev11@qls ~]$ sudo head -1 /var/log/messages
Jul 16 04:01:01 qls systemd: Started Session 61 of user root.
[dev11@qls ~]$ sudo tail -1 /var/log/messages
Jul 22 10:54:33 qls systemd-logind: New session 79 of user dev11.
6. sudo设置案例
禁止root用户登录,使用普通用户登录,并且普通用户能够免密的切换到root用户
#禁止root登录
[root@qls ~]# ll /etc/ssh/sshd_config
-rw-------. 1 root root 3907 Apr 11 2018 /etc/ssh/sshd_config
[root@qls ~]# grep -i 'rootlogin' /etc/ssh/sshd_config
#PermitRootLogin yes
# the setting of "PermitRootLogin without-password".
[root@qls ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
[root@qls ~]# sed -i '/^#PermitRootLogin/s#.*#PermitRootLogin no#g' /etc/ssh/sshd_config
[root@qls ~]# grep -i 'rootlogin' /etc/ssh/sshd_config
PermitRootLogin no
# the setting of "PermitRootLogin without-password".
[root@qls ~]# systemctl restart sshd
[root@qls ~]# useradd qiudao
[root@qls ~]# echo "1" | passwd --stdin qiudao
Changing password for user qiudao.
passwd: all authentication tokens updated successfully.
[C:\~]$ ssh qiudao@10.0.0.100
Connecting to 10.0.0.100:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Last login: Wed Jul 22 09:47:12 2020 from 10.0.0.1
[qiudao@qls ~]$
[root@qls ~]# visudo
qiudao ALL=(ALL) NOPASSWD: /bin/su
[root@qls ~]# visudo -c
/etc/sudoers: parsed OK
#测试
[qiudao@qls ~]$ sudo su -
Last login: Wed Jul 22 11:08:51 CST 2020 on pts/1
Last failed login: Wed Jul 22 11:09:55 CST 2020 from 10.0.0.1 on ssh:notty
There were 2 failed login attempts since the last successful login.
[root@qls ~]#
7. 编辑器练习题
#准备文件
[root@qls ~]# cat file.txt
server {
listen 80;
server_name test.oldboy.com;
index index.html;
}
1.跳转到某行时使用
gg G
2.复制server{ 到 }结尾的这一行, 粘贴到 } 结尾的下一行
gg 5yy G p
3.删除listen相关的所有行
/listen dd
4.将server_name 替换为SERVER_NAME
2gg R
5.删除oldboy.com,boy删除
2gg dw
6.撤销一次
u
7.在编辑模式下修改 test.oldboy.com为test.ett.com
2gg cw ett
8.在index 最后面,添加index.php
3gg index.php
9.在index行下面插入一行内容为:root html;。
3gg o root html;
10.退出编辑模式。
Esc
11.将/etc/passwd 复制到/root/目录下,并重命名为test.txt
cp /etc/passwd /root/test.txt
12.分别向下、向右、向左、向右移动5个字符,分别向下、向上翻两页
5h 5j 5k 5l
13.把光标移动到第10行,让光标移动到行末,再移动到行首,移动到test.txt文件的最后一行,移动到文件的首行
10gg $ ^ G gg
14.搜索文件中出现的 root 并数一下一共出现多少个
/root
15.把从第一行到第三行出现的root 替换成admin,然后还原上一步操作
:1,3s#root#admin#g
16.把整个文件中所有的root替换成admin
:%s#root#admin#g
17.把光标移动到20行,删除本行,还原上一步操作
20gg dd u
18.删除从5行到10行的所有内容,还原上一步操作
:5,10d u
19.复制2行并粘贴到11行下面,还原上一步操作(按两次u)
2gg yy 11gg p u u
20.复制从11行到15行的内容并粘贴到8行上面,还原上一步操作(按两次u)
11gg 5yy 8gg P u u
21.把13行到18行的内容移动文件的尾部,还原上一步操作(按两次u)
13gg 6dd G p u u
22.将文件中所有的/sbin/nologin为/bin/bash
:%s#/sbin/nologin#/bin/bash#g
23.在第一行下面插入新的一行,并输入"# Hello!"
gg o # Hello!
24.保存文档并退出
ZZ :x :wq
#根据文件回答下列习题
[root@qls ~]# cat proxy.conf
server {
Listen 8080;
Server_Name vim.OldboyEDU.com;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Forward-for;
proxy_intercept_errors on;
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 3s;
proxy_next_upstream_tries 2;
error_page 500 502 403 404 = /proxy_error.html;
}
location = /proxy_error.html {
root /code/proxy;
}
}
25.使用vim打开proxy.conf文件
vim proxy.conf
26.修改Listen为listen小写,并将8080修改为80
2gg ~ xx
27.修改Server_Name为server_name小写。
3gg ~ ~
28.修改vim.OldboyEDU.com为vim.oldboy.com
3gg ~ ~ ~ ~
29.在server_name行下插入一行 root /code;
3gg o root /code;
30.复制5-14行的内容,然后将其粘贴到14行下面
5gg 10yy 14gg p
31.删除与proxy_set_header相关的两行全部删除
/proxy_set_header dd
32.如上操作完成后,在13-20行前面加上#号
视图模式
13gg
33.删除21-23的行,然后保存当前文件
:21,23d :wq
8. 用户练习题
1.什么是用户?
能够登录系统的就是用户
2.Linux与windows系统的用户有什么区别?
Linux支持多用户同时登录
Windows默认不支持同时多用户登录的
3.使用什么命令可以查看用户是否存在?
id user
grep 'user' /etc/passwd
4.跟用户相关的配置文件都有哪些?分别存放的是什么?
/etc/passwd 用户基本信息 /etc/shadow 用户密码信息
5./etc/passwd文件以':' 为分割符, 分为7个字段,请说明一下每个字段的具体含义?
6./etc/shadow文件以':' 为分割符, 分为9个字段,请说明一下每个字段的具体含义?
7.什么是用户的UID?
用户自己独有的ID号码 编号
8.不同的用户对应UID号范围是多少?
约定
9.新建用户user1、user2,用户user2不允许登陆到系统中。
useradd user1
useradd -M -s /sbin/nologin
10.创建普通用户oldboy,其ID号为789.
useradd -u789 oldboy
11.创建虚拟用户test,其ID号为666
useradd -u666 -M -s /sbin/nologin test
12.修改oldboy用户的ID号,修改为777.
usermod -u 777 oldboy
13.修改用户test的命令解释器,使其可以登录到系统。
usermod -s /bin/bash test
14.删除用户user1.不删除其家目录。
userdel user1
15.删除用户user2,不保留其家目录。
userdel -r user2
16.给oldboy用户创建一个密码为123,并尝试登录。
echo "123" | passwd --stdin oldboy
17.默认情况下管理员创建了一个用户,就会在()目录下创建一个用户主目录
/home
18.如何检查系统中存在oldboy用户,并且显示用户id信息
id oldboy
grep oldboy /etc/passwd
19.创建gid为1666,名字为www的用户组
groupadd -g1666 www
20.创建uid为1666,gid为1666,名字为www的用户
useradd -u1666 -g1666 www
21.创建uid为1888,注释信息为"虚拟用户",不创建家目录,不能登录系统,名字为oldboyedu的用户
useradd -u1888 -c "虚拟用户" -M -s /sbin/nologin oldboyedu
22.批量创建10个用户,用户名为oldboy1 oldboy2 oldboy3 .... oldboy10.
[root@qls ~]# echo {1..10} |xargs -n1
1
2
3
4
5
6
7
8
9
10
[root@qls ~]# seq 10
1
2
3
4
5
6
7
8
9
10
[root@qls ~]# seq 10 | awk '{print "oldboy"$1}'
oldboy1
oldboy2
oldboy3
oldboy4
oldboy5
oldboy6
oldboy7
oldboy8
oldboy9
oldboy10
[root@qls ~]# seq 10 | awk '{print "useradd oldboy"$1}'
useradd oldboy1
useradd oldboy2
useradd oldboy3
useradd oldboy4
useradd oldboy5
useradd oldboy6
useradd oldboy7
useradd oldboy8
useradd oldboy9
useradd oldboy10
[root@qls ~]# seq 10 | awk '{print "useradd oldboy"$1}' | bash
[root@qls ~]# tail /etc/passwd
oldboy1:x:1014:1014::/home/oldboy1:/bin/bash
oldboy2:x:1015:1015::/home/oldboy2:/bin/bash
oldboy3:x:1016:1016::/home/oldboy3:/bin/bash
oldboy4:x:1017:1017::/home/oldboy4:/bin/bash
oldboy5:x:1018:1018::/home/oldboy5:/bin/bash
oldboy6:x:1019:1019::/home/oldboy6:/bin/bash
oldboy7:x:1020:1020::/home/oldboy7:/bin/bash
oldboy8:x:1021:1021::/home/oldboy8:/bin/bash
oldboy9:x:1022:1022::/home/oldboy9:/bin/bash
oldboy10:x:1023:1023::/home/oldboy10:/bin/bash
[root@qls ~]# seq 10 | sed -nr 's#(.*)#useradd \1#gp'
useradd 1
useradd 2
useradd 3
useradd 4
useradd 5
useradd 6
useradd 7
useradd 8
useradd 9
useradd 10
[root@qls ~]# seq 10 | sed -nr 's#(.*)#useradd oldboy\1#gp'
useradd oldboy1
useradd oldboy2
useradd oldboy3
useradd oldboy4
useradd oldboy5
useradd oldboy6
useradd oldboy7
useradd oldboy8
useradd oldboy9
useradd oldboy10
[root@qls ~]# seq 10 | sed -nr 's#(.*)#useradd oldboy\1#gp' |bash
23.迁移oldboy8用户的家目录到/tmp/oldboy8
usermod -md /tmp/olsboy8 oldboy8
24.oldboy8用户的用户名修改成oldboy888
usermod -l oldboy888 oldboy8
25.锁定oldboy888用户,解锁oldboy888用户
usermod -L oldboy888
usermod -U oldboy888
26.创建普通用户test01、test02、test03,要求UID为2888,2999,2998
[root@qls ~]# echo -e "01 2888\n02 2999\n03 2998"
01 2888
02 2999
03 2998
[root@qls ~]# echo -e "01 2888\n02 2999\n03 2998" |awk '{print "test"$1}'
test01
test02
test03
[root@qls ~]# echo -e "01 2888\n02 2999\n03 2998" |awk '{print $2"test"$1}'
2888test01
2999test02
2998test03
[root@qls ~]# echo -e "01 2888\n02 2999\n03 2998" |awk '{print $2" test"$1}'
2888 test01
2999 test02
2998 test03
[root@qls ~]# echo -e "01 2888\n02 2999\n03 2998" |awk '{print "useradd -u"$2" test"$1}'
useradd -u2888 test01
useradd -u2999 test02
useradd -u2998 test03
[root@qls ~]# echo -e "01 2888\n02 2999\n03 2998" |awk '{print "useradd -u"$2" test"$1}' | bash
27.给test01用户使用交互式设置密码为123456
passwd test01
28.使用test01用户进行登录。
ssh test01@10.0.0.100
29.使用非交互式给test01设置密码为oldboy123
echo "oldboy123" | passwd --stdin test01
30.使用修改之后的密码进行登录。
ssh test01@10.0.0.100
31.有哪些命令可以查看当前用户的登录情况?
w who
32.删除用户test02,要求连家目录一起删除。
userdel -r test02
33.请问,我删除了test02用户,哪个文件会发生变化?
/etc/passwd /etc/shadow /etc/group /etc/gshadow
34.创建一个虚拟用户oldboy01,要求UID为555,不创建家目录。
useradd -u555 -M -s /sbin/nologin
35.创建用户时,不指定选项设置参数了,系统创建之后的默认参数是根据什么文件来定义的?
/etc/login.defs
/etc/default/useradd
36.切换普通用户时,出现这样的命令行"-bash-4.1$",这是什么原因造成的,该怎么解决?
家目录不存在
家目录里面配置文件不存在
cp -a /etc/skel/.bash* ./
37.登录到test01用户,给其用户test03设置密码,发现报错,请问是什么原因?该怎么解决?
普通用户只能给自己设置密码
38.登录到test01用户,给其本用户设置密码为123,报错,请问是什么原因?该怎么解决?
普通用户设置密码至少要8位 并且不能有规律
39.使用root用户给test01用户设置一个18位的随机密码,并进行登录。
echo $RANDOM | md5sum | cut -c 1-18 | tee pass.txt | passwd --stdin test01
mkpasswd -l 18
40.创建10个用户,前缀是你的姓,后缀为数字序列,比如qiu1等,并设置随机密码,一条命令实现(能否使用多种方法实现)。
[root@qls ~]# seq 10 | sed -nr 's#(.*)#useradd oldboy\1#gp'
useradd oldboy1
useradd oldboy2
useradd oldboy3
useradd oldboy4
useradd oldboy5
useradd oldboy6
useradd oldboy7
useradd oldboy8
useradd oldboy9
useradd oldboy10
[root@qls ~]# seq 10 | sed -nr 's#(.*)#useradd oldboy\1 && mkpasswd -l 18 |tee pass\1\.txt | passwd --stdin oldboy\1#gp'
useradd oldboy1 11 mkpasswd -l 18 |tee pass1.txt | passwd --stdin oldboy1
useradd oldboy2 22 mkpasswd -l 18 |tee pass2.txt | passwd --stdin oldboy2
useradd oldboy3 33 mkpasswd -l 18 |tee pass3.txt | passwd --stdin oldboy3
useradd oldboy4 44 mkpasswd -l 18 |tee pass4.txt | passwd --stdin oldboy4
useradd oldboy5 55 mkpasswd -l 18 |tee pass5.txt | passwd --stdin oldboy5
useradd oldboy6 66 mkpasswd -l 18 |tee pass6.txt | passwd --stdin oldboy6
useradd oldboy7 77 mkpasswd -l 18 |tee pass7.txt | passwd --stdin oldboy7
useradd oldboy8 88 mkpasswd -l 18 |tee pass8.txt | passwd --stdin oldboy8
useradd oldboy9 99 mkpasswd -l 18 |tee pass9.txt | passwd --stdin oldboy9
useradd oldboy10 1010 mkpasswd -l 18 |tee pass10.txt | passwd --stdin oldboy10
[root@qls ~]# seq 10 | sed -nr 's#(.*)#useradd oldboy\1 \&\& mkpasswd -l 18 |tee pass\1\.txt | passwd --stdin oldboy\1#gp'
useradd oldboy1 && mkpasswd -l 18 |tee pass1.txt | passwd --stdin oldboy1
useradd oldboy2 && mkpasswd -l 18 |tee pass2.txt | passwd --stdin oldboy2
useradd oldboy3 && mkpasswd -l 18 |tee pass3.txt | passwd --stdin oldboy3
useradd oldboy4 && mkpasswd -l 18 |tee pass4.txt | passwd --stdin oldboy4
useradd oldboy5 && mkpasswd -l 18 |tee pass5.txt | passwd --stdin oldboy5
useradd oldboy6 && mkpasswd -l 18 |tee pass6.txt | passwd --stdin oldboy6
useradd oldboy7 && mkpasswd -l 18 |tee pass7.txt | passwd --stdin oldboy7
useradd oldboy8 && mkpasswd -l 18 |tee pass8.txt | passwd --stdin oldboy8
useradd oldboy9 && mkpasswd -l 18 |tee pass9.txt | passwd --stdin oldboy9
useradd oldboy10 && mkpasswd -l 18 |tee pass10.txt | passwd --stdin oldboy10
[root@qls ~]# seq 10 | sed -nr 's#(.*)#useradd old\1 \&\& mkpasswd -l 18 |tee pass\1\.txt | passwd --stdin oldboy\1#gp' |bash
Changing password for user oldboy1.
passwd: all authentication tokens updated successfully.
Changing password for user oldboy2.
passwd: all authentication tokens updated successfully.
Changing password for user oldboy3.
passwd: all authentication tokens updated successfully.
Changing password for user oldboy4.
passwd: all authentication tokens updated successfully.
Changing password for user oldboy5.
passwd: all authentication tokens updated successfully.
Changing password for user oldboy6.
passwd: all authentication tokens updated successfully.
Changing password for user oldboy7.
passwd: all authentication tokens updated successfully.
Changing password for user oldboy8.
passwd: all authentication tokens updated successfully.
Changing password for user oldboy9.
passwd: all authentication tokens updated successfully.
Changing password for user oldboy10.
passwd: all authentication tokens updated successfully.
[root@qls ~]# ll
total 61148
-rw-r--r--. 1 root root 39 Jul 17 19:16 123.txt
-rw-r--r--. 1 root root 9272936 Jul 17 12:01 access.log
-rw-r--r--. 1 root root 28 Jul 17 20:12 oldboy.txt
-rw-r--r-- 1 root root 19 Jul 22 12:20 pass10.txt
-rw-r--r-- 1 root root 19 Jul 22 12:20 pass1.txt
-rw-r--r-- 1 root root 19 Jul 22 12:20 pass2.txt
-rw-r--r-- 1 root root 19 Jul 22 12:20 pass3.txt
-rw-r--r-- 1 root root 19 Jul 22 12:20 pass4.txt
-rw-r--r-- 1 root root 19 Jul 22 12:20 pass5.txt
-rw-r--r-- 1 root root 19 Jul 22 12:20 pass6.txt
-rw-r--r-- 1 root root 19 Jul 22 12:20 pass7.txt
-rw-r--r-- 1 root root 19 Jul 22 12:20 pass8.txt
-rw-r--r-- 1 root root 19 Jul 22 12:20 pass9.txt
[root@qls ~]# seq 10 | awk '{print "useradd boy"$1" && mkpasswd -l 18 |tee -a pass.log | passwd --stdin boy"$1}' |bash
Changing password for user boy1.
passwd: all authentication tokens updated successfully.
Changing password for user boy2.
passwd: all authentication tokens updated successfully.
Changing password for user boy3.
passwd: all authentication tokens updated successfully.
Changing password for user boy4.
passwd: all authentication tokens updated successfully.
Changing password for user boy5.
passwd: all authentication tokens updated successfully.
Changing password for user boy6.
passwd: all authentication tokens updated successfully.
Changing password for user boy7.
passwd: all authentication tokens updated successfully.
Changing password for user boy8.
passwd: all authentication tokens updated successfully.
Changing password for user boy9.
passwd: all authentication tokens updated successfully.
Changing password for user boy10.
passwd: all authentication tokens updated successfully.
[root@qls ~]# cat pass.log
yekvpfdmF+3anweKd0
4nyyrwkUM>u3jlcgvi
jw5vczapnuplG5vVv<
mJaebjb9cxapL+1yjf
vvdyshXNkzc1qq4wg*
lmlGubcwrs9(Whq6wf
rbm/kwxbwdufAU55cx
g=mzhdgY6osysgLnf5
nany5srVjnf9emFpi*
fV5sn0qzm}kaMzgsux
41.创建10个用户,前缀是你的名,后缀为数字序列,比如qls1等,并给其10个用户设置统一密码为123456,最后尝试是否可以登录。
[root@qls ~]# seq 10 | awk '{print "useradd boy"$1" && echo '123456' | passwd --stdin boy"$1}' |bash
Changing password for user boy1.
passwd: all authentication tokens updated successfully.
Changing password for user boy2.
passwd: all authentication tokens updated successfully.
Changing password for user boy3.
passwd: all authentication tokens updated successfully.
Changing password for user boy4.
passwd: all authentication tokens updated successfully.
Changing password for user boy5.
passwd: all authentication tokens updated successfully.
Changing password for user boy6.
passwd: all authentication tokens updated successfully.
Changing password for user boy7.
passwd: all authentication tokens updated successfully.
Changing password for user boy8.
passwd: all authentication tokens updated successfully.
Changing password for user boy9.
passwd: all authentication tokens updated successfully.
Changing password for user boy10.
passwd: all authentication tokens updated successfully.
42.创建用户qiudao,并给其用户设置一个24位的随机密码,要求密码包含数字,大小写字母及特殊符号,最后查看是否可以登录。
useradd qiudao
mkpasswd -l 24 -d 6 -c 6 -C 6 -s 6 | tee pass.txt | passwd --stdin qiudao
43.跟组相关的两个配置文件是?
/etc/group
/etc/gshadow
44.创建一个用户基本组,shanghai01.
groupadd shanghai01
45.创建一个用户基本组,shanghai02,指定GID为1099.
groupadd -g1099 shanghai02
46.创建一个用户系统组,shanghai03.
groupadd -r shanghai03
47.修改用户基本组shanghai02的GID号为1033.
groupmod -g 1033 shanghai02
浙公网安备 33010602011771号