aix 用户、组、及安全管理

文件位置

/etc/passwd  #存放用户账号

/etc/group #存放组账号

useradd 用法

Syntax

       useradd [ -c comment ] [ -d dir ] [ -e expire ] [ -g group ] [ -G
       group1,group2 ... ] [ -m [ -k skel_dir ] ] [ -u uid ] [ -s shell ] [ -r
       role1,role2 ... ] login
 

1、创建用户账号

useradd testuser #新增testuser,默认不增加/home/testuser目录

如新增加的用户,但是没有设置密码,/etc/passwd的第二个字段会显示*号, 设置密码后会显示!号

passwd testuser #设置testuser密码

2、创建用户账号并创建home下的用户目录

useradd -m testuser

 3 创建用户账号并使用bash为登陆运行的shell(前提已安装bash)

useradd -s /usr/bin/bash testuser

注: 也可以使用smit mkuser 新增用户 smit mkuser

4更改账号

usermod -l newuser username #更改用户名

也可以 smit chuser 命令更改

5、删除用户

userdel -r testuser # -r 指删除用户home目录的用户文件夹

userdel  -r
            Removes the user's home directory.

smit rmuser

6、显示用户账号

smit lsuser

7、锁定用户账号与解锁

smit lockuser

选择用户后, true锁定用户。 登陆时会有以下提示。

AIX Version 6
Copyright IBM Corporation, 1982, 2009.
login: usert1
usert1's Password:
3004-301 Your account has been locked; please see the system administrator.
 

 


 

组管理

创建新组

smit mkgroup

                                  Add a Group

Type or select values in entry fields.
Press Enter AFTER making all desired changes.

                                                        [Entry Fields]
* Group NAME                                         []
  ADMINISTRATIVE group?                               false                  +
  Group ID                                           []                       #
  USER list                                          []                      +
  ADMINISTRATOR list                                 []                      +
  Projects                                           []                      +
  Initial Keystore Mode                              []                      +
  Keystore Encryption Algorithm                      []                      +
  Keystore Access                                    []                      +






F1=Help             F2=Refresh          F3=Cancel           F4=List
F5=Reset            F6=Command          F7=Edit             F8=Image
F9=Shell            F10=Exit            Enter=Do                   
 

组的更改

smit chgroup

                            Change Group Attributes

Type or select values in entry fields.
Press Enter AFTER making all desired changes.                                
 
                                                        [Entry Fields]       
  Group NAME                                         [groupt]                
  Group ID                                           [201]                    #
  ADMINISTRATIVE group?                               false                  +
  USER list                                          []                      +
  ADMINISTRATOR list                                 [root]                  +
  Projects                                           []                      +
  Initial Keystore Mode                              []                      +
  Keystore Encryption Algorithm                      []                      +
  Keystore Access                                    []                      +
 
 
 
 
 
 
F1=Help             F2=Refresh          F3=Cancel           F4=List
F5=Reset            F6=Command          F7=Edit             F8=Image          
F9=Shell            F10=Exit            Enter=Do                              
 

组的删除

smit rmgroup

 

 

 

查看用户与组状态

显示当前登陆用户状态

-bash-3.2# id
uid=0(root) gid=0(system) groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
 

查看指定用户的状态

-bash-3.2# id   usert
uid=209(usert) gid=1(staff)
 

查看当前登陆用户信息 who命令

查看系统最近的启动时间

-bash-3.2$ who -b
   .        system boot Nov 06 14:53

查看当前启动级别

-bash-3.2$ who -r
   .        run-level 2 Nov 06 14:53       2    0    S
 

显示标题

-bash-3.2$ who -H
Name        Line           Time              Hostname
kim         pts/0       Nov 06 20:12     (99.99.99.254) 

 

显示终端号

-bash-3.2$ who -T
kim       + pts/0       Nov 06 20:12  
root      + pts/1       Nov 06 22:06  
kim       + pts/2       Nov 06 22:07

 

-bash-3.2$ w
  10:08PM   up   7:15,  3 users,  load average: 0.03, 0.10, 0.08
User     tty          login@       idle      JCPU      PCPU what
kim      pts/0       08:12PM          0         3         0 w
root     pts/1       10:06PM          2         0         0 -bash
kim      pts/2       10:07PM          1         0         0 -bash
 

查看当前终端所登陆用户的信息(也就是可以确定当前的终端号)

-bash-3.2$ who -m 
kim         pts/0       Nov 06 20:12     (99.99.99.254)

等同 who am i

-bash-3.2$ who am i ;who -m
root        pts/1       Nov 06 22:06     (99.99.99.254) 
root        pts/1       Nov 06 22:06     (99.99.99.254)

 

whoami (如果用户su后,所以显示是当前用户,并不是当前终端登陆的用户。)

查看当前用户账号信息

看下面的操作与显示就明白(telnet 时输入的用户名kim)。

-bash-3.2$ who -m ;echo "----";who am i
kim         pts/0       Nov 06 22:32     (99.99.99.254) 
----
kim         pts/0       Nov 06 22:32     (99.99.99.254) 
-bash-3.2$ whoami
kim
-bash-3.2$ su - root
root's Password:
-bash-3.2# who -m ;echo "----";who am i
kim         pts/0       Nov 06 22:32     (99.99.99.254) 
----
kim         pts/0       Nov 06 22:32     (99.99.99.254) 
-bash-3.2# whoami
root
 

与其它终端的用户对话

-bash-3.2$ talk kim@localhost pts/2
 

 

 用户账号切换su

su 的日志文件

-bash-3.2# tail /var/adm/sulog
SU 11/06 19:14 + pts/0 kim-root
SU 11/06 19:16 + pts/0 kim-root
SU 11/06 19:18 + pts/0 kim-root
SU 11/06 20:12 + pts/0 kim-root
SU 11/06 20:18 + pts/0 root-usert5
SU 11/06 22:06 + pts/1 root-kim
SU 11/06 22:15 + pts/1 root-kim
SU 11/06 22:18 + pts/1 root-kim
SU 11/06 22:20 + pts/1 kim-root
SU 11/06 22:33 + pts/0 kim-root

必要时可能清空该文件

>/var/adm/sulog

 

组,用户安全管理

/etc/security/passwd 文件存放用户账号的密码。

-bash-3.2# head -n 10 /etc/security/passwd

root:
        password = xdq5doH57hC6c
        lastupdate = 1352230576

daemon:
        password = *
 

 

passwd -s 更改用户使用的shell

-bash-3.2$ passwd -s
 Current available shells:
                /usr/bin/bash
                /bin/sh
                /bin/bsh
                /bin/csh
                /bin/ksh
                /bin/tsh
                /bin/ksh93
                /usr/bin/sh
                /usr/bin/bsh
                /usr/bin/csh
                /usr/bin/ksh
                /usr/bin/tsh
                /usr/bin/ksh93
                /usr/bin/rksh
                /usr/bin/rksh93
                /usr/sbin/uucp/uucico
                /usr/sbin/sliplogin
                /usr/sbin/snappd
 kim's current login shell:
                /usr/bin/bash
 Change (yes) or (no)? > yes
 To?>/usr/bin/bash
 

 pwdadm命令的使用

更改用户密码

-bash-3.2# pwdadm usert
Changing password for "usert"
usert's New password:
Enter the new password again:
 

设置用户自身不能更改密码(属性ADMIN)

 -bash-3.2# pwdadm -f ADMIN kim
-bash-3.2# pwdadm -q kim
kim:
        lastupdate = 1352236213
        flags = ADMIN

-bash-3.2# passwd kim
Changing password for "kim"
kim's New password:
Enter the new password again:
-bash-3.2# su - kim
-bash-3.2$ passwd
Changing password for "kim"
3004-664 You are not authorized to change "kim's" password.
3004-709 Error changing password for "kim" : You do not have permission.
-bash-3.2# pwdadm -c kim
-bash-3.2# pwdadm -q kim
kim:
        lastupdate = 1352351804

 

pwdadm -c  user 清除用户所有的密码标志

pwdadm -q user 查询用户密码的状态

pwdadm -f ADMIN|ADMCHG|NOCHECK user  设置用户的三个密码属性

ADMIN 表示用户不能自己设置密码

ADMCHG 强制用户在下次登陆login|su时更改密码

NOCHECK 表示新密码不需要遵/etc/security/user的密码组合规则
 

pwdck 命令检查本地账户认证信息的正确性

 

/etc/security/user 文件主要控制用户账号的参数设置,如密码的个数,密码的使用周期,设定umask等 。

default:
        admin = false
        login = true
        su = true #是否可以使用su命令
        daemon = true
        rlogin = true #是否可以使用telnet 登陆
        sugroups = ALL
        admgroups =
        ttys = ALL
        auth1 = SYSTEM
        auth2 = NONE
        tpath = nosak
        umask = 022
        expires = 0

 

 

/etc/security/group 文件对组进行安全性管理,设置组是否为管理员组。

-bash-3.2# head -n 10 /etc/security/group
system:
        admin = true

staff:
        admin = false

bin:
        admin = true

 

/etc/security/login.cfg 文件控制用户登陆与身份验证的信息,控制用户登陆使用shell的方式,在多长时间输入密码等。

-bash-3.2# cat /etc/security/login.cfg|grep -v '*'

default:
        sak_enabled = false
        logintimes =
        logindisable = 0
        logininterval = 0
        loginreenable = 0
        logindelay = 0

usw:
        shells = /usr/bin/bash,/bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh,/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/rksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin/snappd
        maxlogins = 32767
        logintimeout = 60
        maxroles = 8
        auth_type = STD_AUTH
 

 

/etc/security/limits 为每个用户指定进程资源,如内存,cpu的使用时间等。

-bash-3.2#  cat /etc/security/limits|grep -v '*'

default:
        fsize = 2097151
        core = 2097151
        cpu = -1
        data = 262144
        rss = 65536
        stack = 65536
        nofiles = 2000

 

/etc/security/lastlog 主要记录用户账号上次登陆系统的信息。如上次成功登陆的时间,登陆的IP等。

-bash-3.2# cat /etc/security/lastlog |grep -v '*'

root:
        time_last_login = 1352261160
        tty_last_login = /dev/pts/1
        host_last_login = 99.99.99.254
        unsuccessful_login_count = 0
        time_last_unsuccessful_login = 1352234585
        tty_last_unsuccessful_login = /dev/pts/0
        host_last_unsuccessful_login = 99.99.99.254

kim:
        time_last_login = 1352427960
        tty_last_login = /dev/pts/0
        host_last_login = 99.99.99.254
        unsuccessful_login_count = 0
 

 

/etc/motd 显示登陆后的提示信息

 

你可能感兴趣的:(user,AIX,group)