Article Directory
- Existing users and user groups significance
- The user are stored in system
- Depth analysis of the user's profile and related to the content
- View user information (id Command)
- Way switching characteristics of user identities and the shell
- Create and delete users and user groups
- User and user group information management
- User authentication file content analysis
- User Authentication Management
- Delegation of user rights
- Configuration file syntax and testing methods
- Change the administrator password
Existing users and user groups significance
- Users are identified in the system operator's identity
- Group is a logical concept, is a collection of users,
- In order to limit the presence of a user's privileges
- In order to classify user groups exist to facilitate the management authority
The user are stored in system
- Users in the system is to file string
- Each string mapping system resources used by the user
Depth analysis of the user's profile and related to the content
| Profiles | content |
|---|---|
| /etc/passwd | User repository |
| /etc/group | Group Information Base |
| / Home / user file with the same name | The default user's home directory |
| / Etc / skel / All Files | User Environment Profile Template |
| /etc/shadow | User authentication information |
| /etc/gshadow | Group authentication information |
View user information (id Command)
id
- View information about specified user id
| symbol | effect |
|---|---|
| the -u | View user's uid |
| id -g | View user's gid |
| id -G | id all groups view the user resides |
| id -n | Id name without displaying digital display |
Way switching characteristics of user identities and the shell
Drawing logout command
- gnome-session-quit --force (log off the current user)
su sum su -
| his | his - |
|---|---|
| Only switch user identity, user environment does not switch | Switching user identity and user environment |
note:
-
After each su to switch to the other user must exit the operation, then switch again to other users
-
Advanced user switches to perform low-level user password is not required, low-level user needs to switch to Advanced
-
Flat user need switching of the switching
Create and delete users and user groups
- groupadd and groupdel establish user groups and delete
- useradd and userdel users establish and delete,
- When creating a user, read the contents of the file to determine the rules /etc/login.defs
- useradd of common parameters
| symbol | use |
|---|---|
| - in | Specifies the user's uid |
| - g | Specifies the user's gid |
| - G | Additional specified user group |
| - c | Specifies the user's instructions |
| - d | Specifies the user's home directory, defaults to / home / username |
| - s | Specifies the user's shell |
-
Add users and user groups
-
First, real-time monitoring operation
watch -n 1
-
Create Users and user groups
-
用户和用户组的删除
- 在已经建立了用户和组之后要想改变其uid和gid,有两种方法 -
把其删掉,重新建立,在建立时就改好其uid 和gid
-
使用usermod和groupmod
用户及用户组的信息管理
- groupmod -g
- usermod
| 符号 | 用途 |
|---|---|
| -l | 修改用户名称 |
| -u | 修改用户的uid |
| -g | 修改用户的gid |
| -aG | 指定用户的附加组 |
| -c | 修改用户的说明 |
| -md | 修改用户的家目录 ,默认为/home/username |
| -s | 修改用户的shell类型 |
-附加组的演示,注意左边组后的变化
小例子练习
用户认证文件的内容分析
/etc/shadow 用户认证信息文件
- 用户名称
- 用户密码
- 密码已经使用时间
- 密码最短有效期
- 密码最长有效期
- .密码到期前警告
- 密码非活跃天数
- 密码到期日
- 英文解释
用户认证管理
-演示(chage的几种用法,注意左边的变化)
用户权力的下放
- sudo 能把某些超级权限针对性的下放 , 并且不需要普通用户知道 root 密码 , 所以 sudo 相 对于权限无限制性的 su 来说 还是比较安全的
- sudo 能把某些超级权限针对性的下放 , 并且不需要普通用户知道 root 密码 , 所以 sudo 相 对于权限无限制性的 su来说 , 还是比较安全的。
- sudo 执行命令的流程是当前用户切换到 root, 然后以 root 身份执行命令 , 执行完成后 ,直接退回到当前用户 ; 而这些的前提是要通过 sudo 的配置文件 /etc/sudoers 来进行授权
配置文件语法及测试方式
/etc/sudoers
- visudo
- 用户 主机名称=(新执行身份) [NOPASSWD:] 命令
westos server0.example.com=(root) /usr/sbin/useradd
westos server0.example.com=(root) NOPASSWD: /usr/sbin/userdel ##不需要密码
- 演示
-先进入visudo ,为了规范,大概在第100行左右进行编辑
- 查主机名称以及命令所在目录
- 成功
- 成功用mxm用户 useradd 了其他用户
管理员更改密码
passwd 用户名
