Article Directory
- Existing users and user groups significance
- The user are stored in system
- Depth analysis of the user's profile and related to the content
- View user information (id Command)
- Way switching characteristics of user identities and the shell
- Create and delete users and user groups
- User and user group information management
- User authentication file content analysis
- User Authentication Management
- Delegation of user rights
- Configuration file syntax and testing methods
- Change the administrator password
Existing users and user groups significance
- Users are identified in the system operator's identity
- Group is a logical concept, is a collection of users,
- In order to limit the presence of a user's privileges
- In order to classify user groups exist to facilitate the management authority
The user are stored in system
- Users in the system is to file string
- Each string mapping system resources used by the user
Depth analysis of the user's profile and related to the content
Profiles | content |
---|---|
/etc/passwd | User repository |
/etc/group | Group Information Base |
/ Home / user file with the same name | The default user's home directory |
/ Etc / skel / All Files | User Environment Profile Template |
/etc/shadow | User authentication information |
/etc/gshadow | Group authentication information |
View user information (id Command)
id
- View information about specified user id
symbol | effect |
---|---|
the -u | View user's uid |
id -g | View user's gid |
id -G | id all groups view the user resides |
id -n | Id name without displaying digital display |
Way switching characteristics of user identities and the shell
Drawing logout command
- gnome-session-quit --force (log off the current user)
su sum su -
his | his - |
---|---|
Only switch user identity, user environment does not switch | Switching user identity and user environment |
note:
-
After each su to switch to the other user must exit the operation, then switch again to other users
-
Advanced user switches to perform low-level user password is not required, low-level user needs to switch to Advanced
-
Flat user need switching of the switching
Create and delete users and user groups
- groupadd and groupdel establish user groups and delete
- useradd and userdel users establish and delete,
- When creating a user, read the contents of the file to determine the rules /etc/login.defs
- useradd of common parameters
symbol | use |
---|---|
- in | Specifies the user's uid |
- g | Specifies the user's gid |
- G | Additional specified user group |
- c | Specifies the user's instructions |
- d | Specifies the user's home directory, defaults to / home / username |
- s | Specifies the user's shell |
-
Add users and user groups
-
First, real-time monitoring operation
watch -n 1
-
Create Users and user groups
-
用户和用户组的删除
- 在已经建立了用户和组之后要想改变其uid和gid,有两种方法 -
把其删掉,重新建立,在建立时就改好其uid 和gid
-
使用usermod和groupmod
用户及用户组的信息管理
- groupmod -g
- usermod
符号 | 用途 |
---|---|
-l | 修改用户名称 |
-u | 修改用户的uid |
-g | 修改用户的gid |
-aG | 指定用户的附加组 |
-c | 修改用户的说明 |
-md | 修改用户的家目录 ,默认为/home/username |
-s | 修改用户的shell类型 |
-附加组的演示,注意左边组后的变化
小例子练习
用户认证文件的内容分析
/etc/shadow 用户认证信息文件
- 用户名称
- 用户密码
- 密码已经使用时间
- 密码最短有效期
- 密码最长有效期
- .密码到期前警告
- 密码非活跃天数
- 密码到期日
- 英文解释
用户认证管理
-演示(chage的几种用法,注意左边的变化)
用户权力的下放
- sudo 能把某些超级权限针对性的下放 , 并且不需要普通用户知道 root 密码 , 所以 sudo 相 对于权限无限制性的 su 来说 还是比较安全的
- sudo 能把某些超级权限针对性的下放 , 并且不需要普通用户知道 root 密码 , 所以 sudo 相 对于权限无限制性的 su来说 , 还是比较安全的。
- sudo 执行命令的流程是当前用户切换到 root, 然后以 root 身份执行命令 , 执行完成后 ,直接退回到当前用户 ; 而这些的前提是要通过 sudo 的配置文件 /etc/sudoers 来进行授权
配置文件语法及测试方式
/etc/sudoers
- visudo
- 用户 主机名称=(新执行身份) [NOPASSWD:] 命令
westos server0.example.com=(root) /usr/sbin/useradd
westos server0.example.com=(root) NOPASSWD: /usr/sbin/userdel ##不需要密码
- 演示
-先进入visudo ,为了规范,大概在第100行左右进行编辑
- 查主机名称以及命令所在目录
- 成功
- 成功用mxm用户 useradd 了其他用户
管理员更改密码
passwd 用户名