账号和组
1、什么是UID和GID?
UID 为UserId,即用户ID,用来标识每个用户的唯一标示符。
GID 即组ID,用来标识用户组的唯一标识符。
扩展:
用户组:将同一类用户设置为同一个组,如可将所有的系统管理员设
置为admin组,便于分配权限,将某些重要的文件设置为所有admin组
用户可以读写,这样可以进行权限分配。每个用户都有一个唯一的用
户id,每个用户组都有一个唯一的组id。
2、哪个用户控制用户的基础权限和属性
在系统中/etc/passwd和/etc/group的两个文件,决定了用户的UID
和GID以及相关的属性。
3、/etc/passwd文件结构
4、/etc/shadow文件结构
5、/etc/group文件结构
账号管理
1、新增与移除使用者账号
>useradd 增加账户
>passwd 修改密码
>userdel 删除账号
useradd
[root@localhost baixiaoyeer]# useradd --help
Usage: useradd [options] LOGIN
Options:
-b, --base-dir BASE_DIR base directory for the home directory of the
new account
-c, --comment COMMENT GECOS field of the new account
-d, --home-dir HOME_DIR home directory of the new account
-D, --defaults print or change default useradd configuration
-e, --expiredate EXPIRE_DATE expiration date of the new account
-f, --inactive INACTIVE password inactivity period of the new account
-g, --gid GROUP name or ID of the primary group of the new
account
-G, --groups GROUPS list of supplementary groups of the new
account
-h, --help display this help message and exit
-k, --skel SKEL_DIR use this alternative skeleton directory
-K, --key KEY=VALUE override /etc/login.defs defaults
-l, --no-log-init do not add the user to the lastlog and
faillog databases
-m, --create-home create the user's home directory
-M, --no-create-home do not create the user's home directory
-N, --no-user-group do not create a group with the same name as
the user
-o, --non-unique allow to create users with duplicate
(non-unique) UID
-p, --password PASSWORD encrypted password of the new account
-r, --system create a system account
-s, --shell SHELL login shell of the new account
-u, --uid UID user ID of the new account
-U, --user-group create a group with the same name as the user
-Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping
passwd
[root@localhost baixiaoyeer]# passwd --help
Usage: passwd [OPTION...]
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root only)
-l, --lock lock the password for the named account (root only)
-u, --unlock unlock the password for the named account (root only)
-e, --expire expire the password for the named account (root only)
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before password expiration (root only)
-i, --inactive=DAYS number of days after password expiration when an account becomes disabled (root only)
-S, --status report password status on the named account (root only)
--stdin read new tokens from stdin (root only)
Help options:
-?, --help Show this help message
--usage Display brief usage message
userdel
[root@localhost baixiaoyeer]# passwd --help
Usage: passwd [OPTION...]
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root only)
-l, --lock lock the password for the named account (root only)
-u, --unlock unlock the password for the named account (root only)
-e, --expire expire the password for the named account (root only)
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before password expiration (root only)
-i, --inactive=DAYS number of days after password expiration when an account becomes disabled (root only)
-S, --status report password status on the named account (root only)
--stdin read new tokens from stdin (root only)
Help options:
-?, --help Show this help message
--usage Display brief usage message
[root@localhost baixiaoyeer]# userdel --help
Usage: userdel [options] LOGIN
Options:
-f, --force force removal of files,
even if not owned by user
-h, --help display this help message and exit
-r, --remove remove home directory and mail spool
-Z, --selinux-user remove SELinux user from SELinux user mapping
身份切换
su 一般是普通用户提升为root用户来使用,操作很简单,但需要知道root密码。
[root@localhost ~]# su --help
Usage: su [OPTION]... [-] [USER [ARG]...]
Change the effective user id and group id to that of USER.
-, -l, --login make the shell a login shell,
clears all envvars except for TERM,
initializes HOME, SHELL, USER, LOGNAME and PATH
-c, --command=COMMAND pass a single COMMAND to the shell with -c
--session-command=COMMAND pass a single COMMAND to the shell with -c
and do not create a new session
-f, --fast pass -f to the shell (for csh or tcsh)
-m, --preserve-environment do not reset HOME, SHELL, USER, LOGNAME
environment variables
-p same as -m
-s, --shell=SHELL run SHELL if /etc/shells allows it
--help display this help and exit
--version output version information and exit
A mere - implies -l. If USER not given, assume root.
Report su bugs to [email protected]
GNU coreutils home page:
General help using GNU software:
For complete documentation, run: info coreutils 'su invocation'
用户状态
w 查看当前用户数量
[root@localhost ~]# w
02:08:11 up 7:50, 3 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
baixiaoy tty1 :0 Mon02 24:01m 3.03s 0.21s pam: gdm-password
baixiaoy pts/0 :0.0 Mon02 23:59m 0.00s 0.00s /bin/bash
baixiaoy pts/1 192.168.3.242 Mon02 0.00s 0.21s 0.21s sshd: baixiaoyeer [priv]
lastlog 查看存在账户最近登录时间
[root@localhost ~]# lastlog
Username Port From Latest
root pts/2 192.168.3.170 Wed May 16 11:04:34 -0700 2018
bin **Never logged in**
daemon **Never logged in**
adm **Never logged in**
lp **Never logged in**
sync **Never logged in**
shutdown **Never logged in**
halt **Never logged in**
mail **Never logged in**
uucp **Never logged in**
operator **Never logged in**
games **Never logged in**
gopher **Never logged in**
ftp **Never logged in**
nobody **Never logged in**
dbus **Never logged in**
usbmuxd **Never logged in**
vcsa **Never logged in**
rtkit **Never logged in**
avahi-autoipd **Never logged in**
abrt **Never logged in**
haldaemon **Never logged in**
gdm **Never logged in**
ntp **Never logged in**
apache **Never logged in**
saslauth **Never logged in**
postfix **Never logged in**
pulse **Never logged in**
sshd **Never logged in**
tcpdump **Never logged in**
baixiaoyeer pts/1 192.168.3.242 Mon May 21 02:09:26 -0700 2018