EOS学习笔记（四）使用cleos工具管理账号权限

准备工作

启动nodeos：docker start -i nodeos

启动keosd:  keosd --http-server-address=127.0.0.1:8889

一、创建账号

1.为之前创建的default导入密钥

cleos wallet create_key   //使用此命令无需再次将私钥导入到钱包

返回一个公钥 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8

可以用下面的命令查看对应公私钥：

cleos wallet private_keys

password: [[

    "EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8",

    "5KNgUjPzHxjgkGB5pD6dmXw4J6EfjeB4a9wAUQ6QJgx1pUT6JoP"

  ]

]

为eosio账户导入密钥   

  cleos wallet import

  5KQwrPbwdL6PhXujxW37FSSQZ1JiwsST4cqQzDeyXtP79zkvFD3

 private key: imported private key for: EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV

2.查看创建账号命令的说明

cleos create account

输出结果：

ERROR: RequiredError: creator

Create an account, buy ram, stake for bandwidth for the account

Usage: cleos create account [OPTIONS] creator name OwnerKey [ActiveKey]

Positionals:

  creator TEXT                The name of the account creating the new account (required)

  name TEXT                  The name of the new account (required)

  OwnerKey TEXT              The owner public key for the new account (required)

  ActiveKey TEXT              The active public key for the new account

Options:

  -h,--help                  Print this help message and exit

  -x,--expiration            set the time in seconds before a transaction expires, defaults to 30s

  -f,--force-unique          force the transaction to be unique. this will consume extra bandwidth and remove any protections against accidently issuing the same transaction multiple times

  -s,--skip-sign              Specify if unlocked wallet keys should be used to sign transaction

  -j,--json                  print result as json

  -d,--dont-broadcast        don't broadcast transaction to the network (just print to stdout)

  --return-packed            used in conjunction with --dont-broadcast to get the packed transaction

  -r,--ref-block TEXT        set the reference block num or block id used for TAPOS (Transaction as Proof-of-Stake)

  -p,--permission TEXT ...    An account and permission level to authorize, as in 'account@permission'

  --max-cpu-usage-ms UINT    set an upper limit on the milliseconds of cpu usage budget, for the execution of the transaction (defaults to 0 which means no limit)

  --max-net-usage UINT        set an upper limit on the net usage budget, in bytes, for the transaction (defaults to 0 which means no limit)

分析输出：

在Positionals结构中包含四个字断：

creator TEXT（必填）：创建者账号的名称。

name TEXT（必填） ：新账号的名称。

OwnerKey TEXT（必填）：新账号的owner权限的公钥。

ActiveKey TEXT（可选）：新账号的active权限的公钥，默认与owner权限的公钥一致。

在Options结构中有很多可选参数，介绍一下比较常用的几个：

-d：是不广播到网络。

-j：是返回为json格式的数据。

-s：是交易数据不经过签名。

-p：是指定签名的账号以及权限，默认是active权限。

-h：是帮助命令。

3.创建新账户xtk

cleos create account eosio xtk EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8

成功返回以下结果

executed transaction: 12b311852f8ea9392cf6bbc29225f417484b38acfa93700787cae2aa114e884e  200 bytes  818 us

#        eosio <= eosio::newaccount            {"creator":"eosio","name":"xtk","owner":{"threshold":1,"keys":[{"key":"EOS5FkwsbhmPygwgMehCyCb7Dq11V...

warning: transaction executed locally, but may not be confirmed by the network yet        ]

二、新增权限

刚创建好的xtk账户有两个原生权限：owner和active,owner拥有很多功能给的操作权限，如：转账、投票、购买ram等等,

现在将投票权限任命给一个自定义权限voting，那么单单通过voting权限所对应的私钥对投票操作进行签名就可以完成投票操作

1、先看一下xtk的权限分配

cleos get account xtk

返回如下结果：

created: 2018-11-21T10:38:29.500

permissions:

owner    1:    1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8

active    1:    1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8

memory:

quota:      unlimited  used:      2.66 KiB 

net bandwidth:

used:              unlimited

available:          unlimited

limit:              unlimited

cpu bandwidth:

used:              unlimited

available:          unlimited

limit:              unlimited

分析输出：

owner阀值为1，权重也为1，active阀值为1，权重为1，且EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8

同时拥有owner和active两个权限

2、新建一对公私钥控制voting权限

xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos create key --to-console

Private key: 5JetsRMzqYgni4NdVzPecjwyV13TDUEspyuuvkFyZJmErcyttWw

Public key: EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB

3.给账号xtk新增voting权限

由EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB控制

xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos set account permission xtk voting EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB

返回结果：

executed transaction: 3c073b48dad78a734f072fd72e92ac0767d9182b36096cfc1095ce10b4bded21  160 bytes  509 us

#        eosio <= eosio::updateauth            {"account":"xtk","permission":"voting","parent":"active","auth":{"threshold":1,"keys":[{"key":"EOS6q...

warning: transaction executed locally, but may not be confirmed by the network yet  .

4.在次查看xtk账号的权限分配

cleos get account xtk

返回结果：

created: 2018-11-21T10:38:29.500

permissions:

owner    1:    1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8

active    1:    1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8

  voting    1:    1 EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB

memory:

quota:      unlimited  used:      2.99 KiB 

net bandwidth:

used:              unlimited

available:          unlimited

limit:              unlimited

cpu bandwidth:

used:              unlimited

available:          unlimited

limit:              unlimited

    可知voting权限已经加入，并且由EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB控制

三、新增权限控制的主体（由多个主体控制一个权限）

常见的新增权限控制的主体有两种：公私钥对、账号，修改权限控制的主体，既是让多个主体控制一个权限，实现多重签名，

注意：阀值是主体能够进行该操作的根本，只有当主体的权重大于等于阀值才能拥有该权限进行操作

严格按照上面的json数据结构设置

修改的公钥、账号必须按照从小到大进行排序

所有控制体的权重的和必须大于等于阀值。

JSON字符创数据结构

{

  "threshold":      ,

  "keys": [       

...

{

  "key":        ,

  "weight":   

}

...

  ],

  "accounts": [   

...

{

  "permission": {

"actor":      ,

"permission": ,

  },

  "weight":   

}

...

  ],

  "waits": [       

...

{

  "wait_sec": 

  "weight":   

}

...

  ]

}

2、 新增权限控制的主体：公私钥对

xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos create key --to-console

Private key: 5J8ZhubxPZmoPkuo3XGtAsvgmtqrpnTCGHGPHES91FfPgdATGM5

Public key: EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x

设置阀值threshold、keys字段

cleos set account permission xtk active '{"threshold": 1, "keys": [{"key":"EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8","weight": 1},{"key":"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x","weight": 1}]}'

权限的主体需要按照公钥进行排序

再次执行cleos get account xtk 得到以下结果

xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos get account xtk

created: 2018-11-21T10:38:29.500

permissions:

owner    1:    1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8

active    1:    1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8, 1 EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x

  voting    1:    1 EOS7qnszhS19DtgnPQRPuFmxVNmjzAPD9A3Zh3MSVS6ZN9KLa5Fa9

memory:

quota:      unlimited  used:    3.039 KiB 

net bandwidth:

used:              unlimited

available:          unlimited

limit:              unlimited

cpu bandwidth:

used:              unlimited

available:          unlimited

limit:              unlimited

可知，active权限新增了控制主体，由"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x"控制，

两个active都可以单独使用active权限，后面更改阀值，让两个公钥合作完成active，达到多重签名的目的

四、修改阀值

修改xtk账号的active权限阀值为2，这样因为两个公钥的权限都是1，所以要想使用active权限，需要两个合作

实现多重签名的功能

1、先测试xtk的active权限的"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x"是否拥有active功能

cleos create account xtk aaa  "EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x" -p xtk@active

executed transaction: 4a3fa2e1a1f8e4c812369d104c2907f033f4ac0cc0cc5afcc206151c1cc25600  200 bytes  578 us

#        eosio <= eosio::newaccount            {"creator":"xtk","name":"aaa","owner":{"threshold":1,"keys":[{"key":"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bN...

warning: transaction executed locally, but may not be confirmed by the network yet        ]

显示结果证明，主体能够使用active权限的功能

2、修改xtk账号active权限的阀值为2

cleos set account permission xtk  active '{"threshold":2,"keys":[{"key":"EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8","weight":1},{"key":"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x","weight":1}]}'

设置完成之后，再次执行cleos get account xtk

结果如下：

xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos get account xtk

created: 2018-11-21T10:38:29.500

permissions:

owner    1:    1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8

active    2:    1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8, 1 EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x

  voting    1:    1 EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB

memory:

quota:      unlimited  used:    3.039 KiB 

net bandwidth:

used:              unlimited

available:          unlimited

limit:              unlimited

cpu bandwidth:

used:              unlimited

available:          unlimited

limit:              unlimited

可以看到，active的阀值已经修改为2

现在，任何主体都不能单独使用active权限的功能

cleos create account xtk t2 EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x -p xtk@active

执行结果：3090003：提供的密钥、权限和延迟不满足该权限的阀值，请确保钱包内有相关的私钥。

Error 3090003: Provided keys, permissions, and delays do not satisfy declared authorizations

Ensure that you have the related private keys inside your wallet and your wallet is unlocked.

使用active权限的方法：

·两个主体加起来才能使用active 权限的功能（两个主体的权限加起来为2）

·使用-p xtk@owner签名

·修改主体权重大于等于active权重的阀值

五、修改权重

修改EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8主体的权重为2

cleos set account permission xtk active '{"threshold": 2, "keys": [{"key":"EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8","weight": 2},{"key":"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x","weight": 1}]}' -p xtk@owner

执行成功：

executed transaction: 4abbcf8722d9b00217aed66ac685cb4b107db2160a344ca6c54e92fcb18975bb  200 bytes  347 us

#        eosio <= eosio::updateauth            {"account":"xtk","permission":"active","parent":"owner","auth":{"threshold":2,"keys":[{"key":"EOS5Fk...

warning: transaction executed locally, but may not be confirmed by the network yet        ]

此时，active阀值为2，主体权限EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8已经修改为2，

"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x"权限为1

六、多重签名

何为多重签名呢，就是多个私钥一起对交易进行签名

重新修改active的阀值为3

cleos set account permission xtk active '{"threshold": 3, "keys": [{"key":"EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8","weight": 2},{"key":"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x","weight": 1}], "accounts": [{"permission":{"actor":"tester", "permission":"owner"}, "weight":1}]}'

执行之后，再次执行cleos get account xtk

xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos get account xtk

created: 2018-11-21T10:38:29.500

permissions:

owner    1:    1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8

active    3:    2 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8, 1 EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x, 1 tester@owner

  voting    1:    1 EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB

memory:

quota:      unlimited  used:      3.07 KiB 

net bandwidth:

used:              unlimited

available:          unlimited

limit:              unlimited

cpu bandwidth:

used:              unlimited

available:          unlimited

limit:              unlimited

可知对active权限已经修改为3

现在，EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8与

EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x单独任意一个都不能时限active权限

只有将EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x私钥导入default钱包实现多重签名

xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos wallet import --private-key 5J8ZhubxPZmoPkuo3XGtAsvgmtqrpnTCGHGPHES91FfPgdATGM5

imported private key for: EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x

xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos create account xtk bbb EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x -p xtk@active

executed transaction: f6e93eb8abb9d25e34a4929139902336b614631b3b8de9322f3b189af98ee432  208 bytes  273 us

#        eosio <= eosio::newaccount            {"creator":"xtk","name":"bbb","owner":{"threshold":1,"keys":[{"key":"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bN...

warning: transaction executed locally, but may not be confirmed by the network yet        ]

总结： 

对于每一个权限都会有一个阀值，每一个公私钥对都有一个权重，只有达到阀值得公私钥对，才有资格执行此权限。后续账户可以修改权限的阀值，或者为每个公私钥对分配不同的权重，以此执行权限。