1.用户和用户组
用户相关文件:
[root@hadoop001~]# ll /usr/sbin/user*
-rwxr-x—. 1 root root 118192 Nov 6 2016 /usr/sbin/useradd
-rwxr-x—. 1 root root 80360 Nov 6 2016 /usr/sbin/userdel
-rwxr-x—. 1 root root 113840 Nov 6 2016 /usr/sbin/usermod
-rwsr-xr-x 1 root root 11296 Apr 13 2017 /usr/sbin/usernetctl
用户组相关文件:
[root@hadoop001~]# ll /usr/sbin/group*
-rwxr-x—. 1 root root 65480 Nov 6 2016 /usr/sbin/groupadd
-rwxr-x—. 1 root root 57016 Nov 6 2016 /usr/sbin/groupdel
-rwxr-x—. 1 root root 57064 Nov 6 2016 /usr/sbin/groupmems
-rwxr-x—. 1 root root 76424 Nov 6 2016 /usr/sbin/groupmod
/user/sbin已经被添加在了PATH环境中了,可以从主机的任意位置使用这些命令
[root@hadoop001 ~]# echo $PATH
/usr/java/jdk1.8.0_45/bin:/usr/java/jdk1.8.0_45/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
2.用户添加和删除
2.1添加hadoop用户
[root@hadoop001~]# useradd hadoop
[root@hadoop001 ~]# id hadoop
uid=1000(hadoop) gid=1000(hadoop) groups=1000(hadoop)
2.2删除hadoop用户
[root@hadoop001~]# userdel hadoop
[root@hadoop001~]# id hadoop
id: hadoop: no such user
[root@hadoop001 home]# cat /etc/passwd | grep ruoze
[root@hadoop001 home]# cat /etc/group | grep ruoze
因为hadoop该组只有hadoop用户,当这个用户删除时,组会校验就他自己,会自动删除
2.3重新创建hadoop用户
[root@hadoop001 ~]# useradd hadoop
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
Creating mailbox file: File exists
[root@hadoop001 ~]# id hadoop
uid=1000(hadoop) gid=1000(hadoop) groups=1000(hadoop)
模拟用户丢失样式
[hadoop@hadoop001 ~]$ ll -a .bash*
-rw-r–r-- 1 hadoop hadoop 18 Dec 7 2016 .bash_logout
-rw-r–r-- 1 hadoop hadoop 193 Dec 7 2016 .bash_profile
-rw-r–r-- 1 hadoop hadoop 231 Dec 7 2016 .bashrc
[hadoop@hadoop001 ~]$ rm -rf .bash*
[root@hadoop001 ~]# su - hadoop #切换用户
Last login: Sun Nov 17 09:29:10 CST 2019 on pts/0
-bash-4.2$ #用户样式丢失
==修正样式 ==
[root@hadoop001 ~]# ll -a /etc/skel/
total 20
drwxr-xr-x. 2 root root 4096 Aug 18 2017 .
drwxr-xr-x. 81 root root 4096 Nov 17 09:27 …
-rw-r–r-- 1 root root 18 Dec 7 2016 .bash_logout
-rw-r–r-- 1 root root 193 Dec 7 2016 .bash_profile
-rw-r–r-- 1 root root 231 Dec 7 2016 .bashrc
[root@hadoop001 ~]# cp /etc/skel/ .bash* /home/hadoop/
cp: omitting directory ‘/etc/skel/’
[root@hadoop001 ~]# su - hadoop
Last login: Sun Nov 17 09:33:39 CST 2019 on pts/2
[hadoop@hadoop001 ~]$
3.用户组创建/修改
创建bigdata用户组,并把hadoop用户添加进这个用户组
[root@hadoop001 ~]# groupadd bigdata
[root@hadoop001 ~]# usermod -a -G bigdata hadoop
[root@hadoop001 ~]# id hadoop
uid=1000(hadoop) gid=1000(hadoop) groups=1000(hadoop),1001(bigdata)
修改bigdata为hadoop的主组
[root@aliyun ~]# usermod -g bigdata hadoop #强制改变属组
[root@aliyun ~]# id hadoop
uid=1000(hadoop) gid=1001(bigdata) groups=1001(bigdata)
4.普通用户获取root的最大权限
sudo命令
sudo命令是让普通用户具备root用户的权限
添加普通用户具备root权限的文件是:/etc/sudoers
##Allow root to run any commands anywhere
root ALL=(ALL) ALL
hadoop ALL=(root) NOPASSWD:ALL #新添加的内容
5./etc/passwd
用户无法登录 修改passwd文件
[root@hadoop001 ~]# tail -3 /etc/passwd
redis❌996:994:Redis Database Server:/var/lib/redis:/sbin/nologin
mysqladmin❌514:101::/usr/local/mysql:/bin/bash
hadoop❌1000:1001::/home/hadoop:/bin/bash
最后一个冒号后面是用户的登陆权限
5.1. 模拟用户的登录权限是/bin/false,修改,并登录
[root@hadoop001 ~]# cat /etc/passwd | grep hadoop
hadoop❌1000:1001::/home/hadoop:/bin/false
[root@hadoop001 ~]# su - hadoop
Last login: Sun Nov 17 09:37:25 CST 2019 on pts/2
[root@hadoop001 ~]# #登录失败
修改
[root@aliyun ~]# cat /etc/passwd | grep ‘hadoop’
hadoop❌1000:1001::/home/hadoop:/bin/bash
再次登录
[root@hadoop001 ~]# su - hadoop
Last login: Sun Nov 17 09:56:43 CST 2019 on pts/1
[hadoop@hadoop001 ~]$ #登录成功
5.2. 模拟用户的登录权限是/sbin/nologin,修改,并登录
[root@hadoop001 ~]# cat /etc/passwd | grep hadoop
hadoop❌1000:1001::/home/hadoop:/sbin/nologin
[root@hadoop001 ~]# su - hadoop
Last login: Sun Nov 17 09:59:35 CST 2019 on pts/1
This account is currently not available.
[root@hadoop001 ~]# #登录失败
修改
[root@修改~]# cat /etc/passwd | grep ‘hadoop’
hadoop❌1000:1001::/home/hadoop:/bin/bash
[root@aliyun ~]# su - hadoop
Last login: Sun Nov 17 09:56:43 CST 2019 on pts/1
[hadoop@aliyun ~]$ #登录成功
6.chown/chmod
-rw- | r-- | r-- 1 root root 12 Nov 12 23:36 xxx.txt
r: read 4
w: write 2
x: 执行 1
-: 没权限 0
rw-第一组 6 代表文件或文件夹的用户root,读写
r-- 第二组 4 代表文件或文件夹的用户组root,读
r-- 第三组 4 代表其他组的所属用户对这个文件或文件夹的权限: 读
chmod 命令用来修改文件或者目录的读写执行权限,加 -R 表示递归修改
chown 命令用来修改文件或者目录的属主和属组,加 -R 表示递归修改
修改 xxx.txt 文件的属组为bigdata
[root@hadoop001 ~]# chown -R :bigdata xxx.txt
[root@hadoop001 ~]# ll xxx.txt
-rw-r–r-- 1 root bigdata 12 Nov 12 23:36 xxx.txt
修改 test.txt 文件的权限为属主可读写执行,属组可读执行,其他可读
[root@hadoop001 ~]# chmod -R 754 xxx.txt
[root@hadoop001 ~]# ll xxx.txt
-rwxr-xr-- 1 root bigdata 12 Nov 12 23:36 xxx.txt
-R 参数,目前可认为只有chown和chmod命令有,其他都为 -r
