Assignment 6: User Management
Article Directory
-
- Assignment 6: User Management
- 6.1 Wear the user, user group and group members as required
- 6.2 Create a local directory as required
- 6.3 Modify umask, calculate file/directory permissions according to requirements
- 6.4 Copy /etc/fstab to configure document permissions as required
- 6.5 Modify the command prompt as required
- 6.6 Set the command clear alias to make it effective in the login shell
Experimental system: Centos 7
6.1 Wear the user, user group and group members as required
- Experiment requirements:
1. Create a group named admin;
2. Create a user named mary, with admin as the additional group;
3. Create alice user, with admin as the additional group; create bobby user, users are not allowed to log in to the system, admin is not its additional group;
4. Mary, alice, and bobby must use redhat as the user password.
- experiment procedure
[root@ ~ 03:49:09]#groupadd admin //创建admin组
[root@ ~ 03:51:52]#cat /etc/group //查看组文件
....
admin:x:1004:
[root@ ~ 03:52:10]#useradd mary -G admin //创建mary用户
[root@ ~ 03:54:15]#useradd alice -G admin //创建alice用户
[root@ ~ 03:54:28]#useradd bobby -s /etc/nologin //创建bobby用户
[root@ ~ 03:56:51]#passwd mary //添加mary的密码
Changing password for user mary.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@ ~ 03:57:08]#echo "redhat" |passwd --stdin alice
Changing password for user alice. //另一种方式给alice添加密码
passwd: all authentication tokens updated successfully.
[root@ ~ 03:58:26]#echo "redhat" |passwd --stdin bobby
Changing password for user bobby.
passwd: all authentication tokens updated successfully.
[root@ ~ 04:00:16]#cat /etc/passwd //查看用户配置文件
root:x:0:0:root:/root:/bin/bash
...
mary:x:1003:1005::/home/mary:/bin/bash
alice:x:1004:1006::/home/alice:/bin/bash
bobby:x:1005:1007::/home/bobby:/etc/nologin
- Knowledge supplement: the content of each line of /etc/passwd:
User name corresponding uid: password (not used, it has been stored in /etc/shadow): uid: gid: user information description: home directory: shell
6.2 Create a local directory as required
- Experiment requirements:
1. The directory owning group is admin;
2. The directory must be readable, writable and executable by the admin group members. Except for the owner of this directory, no one else can have any permissions (except root: he can have permissions on any files and directories in the system)
3. All documents or directories created in /common/admin will automatically inherit the admin group
- experiment analysis
This experiment is mainly used in project development. Generally, SGID is used when setting up directories, so that multiple accounts in the same group can have the right to use the directory; we need to use root for chgrp and chmod related operations, and set up these admins. The development environment required by the users in the group, the root user plays the responsibility of the administrator.
- experiment procedure
[root@ / 04:04:27]#mkdir -p /common/admin //创建目录
[root@ / 04:05:24]#chgrp admin /common/admin/ //修目录属组
[root@ / 04:11:06]#ll -h /common //查看目录元数据
total 4.0K
drwxr-xr-x. 2 root admin 4.0K Jul 29 16:04 admin
[root@ / 04:24:39]#chmod 2770 /common/admin //修改目录权限
[root@ / 04:26:40]#ll /common //查看元数据,权限变化
total 4
drwxrws---. 2 root admin 4096 Jul 29 16:04 admin //设置sgid成功
6.3 Modify umask, calculate file/directory permissions according to requirements
- Experimental requirements
Modify umask to 053, calculate the permissions of root users and ordinary users to create files and directories, and write the calculation steps
- experiment procedure
The default permission to create a directory is rwxrwxrwx, and the corresponding three binary bits are: 777;
The default permission for file creation is rw-rw-rw-, corresponding to the three binary numbers: 666
The default umask of the root user is 022, and the default umask of ordinary users is 002.
When umask is changed to 053:
-
The calculation of the file/directory created by the root user: (the theme does not need to be changed, the group belongs to block r, x permissions, and others block w, x permissions), the result is:
-
Directory: rwx -w- r–
-
File: rw- -w- r–
-
-
Calculation of files/directories created by ordinary users:
- Directory: rwx -w- r–
- File: rw- -w- r–
- Knowledge supplement
The function of umask: Take off some permissions and define umask appropriately to help system security.
6.4 Copy /etc/fstab to configure document permissions as required
- Experimental requirements
1. Copy to /tmp/test
2. The owner of this document must be alice
3. Users in this directory cannot delete files created by other users
4. Only append content to the document
- experiment analysis
Setting sbit for the directory is sufficient. When the user creates a file or directory in the directory, only himself and root have the right to delete the changed file or directory;
- experiment procedure
Last login: Wed Jul 29 16:30:31 CST 2020 on pts/0
[root@ ~ 04:51:08]$ mkdir /tmp/test //创建目录
[root@ ~ 04:51:28]$ cp /etc/fstab /tmp/test/fstab //复制文件
[root@ ~ 04:51:48]$ chown alice /tmp/test/fstab //修改文件所有者
[root@ ~ 04:52:46]$ ll /tmp/test //查看目录元数据
total 4
-rw-r--r--. 1 alice root 545 Jul 29 20:55 fstab
[root@ ~ 04:53:16]$ chgrp admin /tmp/test/fstab //修改目录属组
[root@ ~ 04:54:27]$ ll /tmp/test/fstab //查看修改后的目录元数据
-rw-r--r--. 1 alice admin 545 Jul 29 16:47 /tmp/test/fstab
[root@ /tmp 05:03:36]#chmod 1777 ./test //文件不能被其他用户删除
[root@ /tmp 05:03:52]#ll //查看文件元数据变化
total 28
drwxrwxrwt. 2 alice alice 4096 Jul 29 16:47 test
[mary@linpengze test]$ ls //切换到同组的mary,测试
fstab
[mary@linpengze test]$ rm fstab //删除fstab
rm: remove write-protected regular file ‘fstab’? y
rm: cannot remove ‘fstab’: Permission denied //无法删除
[root@ /tmp/test 05:11:18]#chattr +a ./fstab //文档只能被追加内容
[root@ /tmp/test 05:11:28]#lsattr //查看当前目录下文件特殊属性
-----a-------e-- ./fstab //a:append e:executive
6.5 Modify the command prompt as required
-
Experimental requirements: format: <command number> user name: host name ->
-
experiment procedure
[root@ / 05:16:42]#vim ~/.bashrc //修改配置文件
PS1="<\#>\u:\h-->"
[root@ / 05:23:47]#init 6 //重启,实际可以用. ~/.bashrc在当前shell执行文件
<1>root:linpengze-->ls //测试,命令提示符发生改变
aa aabb.tar.gz nginx-1.14.0 quan test
aaased aaha.exp nginx-1.14.0.tar.gz quanfile
aaawk anaconda-ks.cfg -o scriptcluster
<2>root:linpengze-->
6.6 Set the command clear alias to make it effective in the login shell
- experiment procedure
<7>root:linpengze-->alias cl=clear //这种方式仅在当前shell中生效
<8>root:linpengze-->cl
<9>root:linpengze-->vim /root/.bashrc //修改配置文件,使得在登录shell中生效
add: alias cl='clear'
<10>root:linpengze-->source ~/.bashrc