运维之基础命令--用户权限

修改用户信息(usermod)

修改用户信息最主要的命令是usermod命令,其参数跟useradd基本一致。

  • 修改UID

    [root@localhost ~]# tail -1 /etc/passwd
    xiaoyu:x:2002:2002::/home/xiaoyu:/bin/bash
    [root@localhost ~]# usermod -u 2302 xiaoyu
    [root@localhost ~]# tail -1 /etc/passwd
    xiaoyu:x:2302:2002::/home/xiaoyu:/bin/bash
  • 修改基本组及附加组

    # 基本组 : 一个用户必须拥有的哪个组
    [root@localhost ~]# tail -1 /etc/passwd
    xiaoyu:x:2302:2002::/home/xiaoyu:/bin/bash
    [root@localhost ~]# id xiaoyu
    uid=2302(xiaoyu) gid=2002(xiaoyu) groups=2002(xiaoyu)
    [root@localhost ~]# usermod -g group1 xiaoyu
    [root@localhost ~]# id xiaoyu
    uid=2302(xiaoyu) gid=2003(group1) groups=2003(group1)
    [root@localhost ~]# tail -1 /etc/passwd
    xiaoyu:x:2302:2003::/home/xiaoyu:/bin/bash
    [root@localhost ~]# 
    
    # 附加组 : 用户加入的其他用户组
    [root@localhost ~]# groupadd group1
    [root@localhost ~]# id
    uid=0(root) gid=0(root) groups=0(root),1000(oldboy),1001(sssssssssssssssssssssss),1002(test)
    [root@localhost ~]# usermod -G group1 root
    [root@localhost ~]# vim /etc/group
    [root@localhost ~]# tail -1 /etc/group
    group1:x:2003:root
  • 修改家目录

    [root@localhost ~]# usermod  -d /home/xiaoyu123 xiaoyu
    
    # 注:修改家目录仅仅修改了配置,而原来的家目录文件没有迁移
  • 修改用户描述信息

    [root@localhost ~]# tail -1 /etc/passwd
    xiaoyu:x:2302:2003::/home/xiaoyu123:/bin/bash
    [root@localhost ~]# usermod -c "这是一个甩锅" xiaoyu
    [root@localhost ~]# tail -1 /etc/passwd
    xiaoyu:x:2302:2003:这是一个甩锅:/home/xiaoyu123:/bin/bash
  • 修改用户默认解析器

    [root@localhost ~]# usermod -s /bin/sh xiaoyu
    [root@localhost ~]# tail -1 /etc/passwd
    xiaoyu:x:2302:2003:这是一个甩锅:/home/xiaoyu123:/bin/sh
  • 锁定与解锁

    [root@localhost home]# usermod -L xiaoyu
    [root@localhost home]# usermod -U xiaoyu
  • 修改登录名称

    [root@localhost home]# usermod -l dayu xiaoyu
    [root@localhost home]# tail -1 /etc/passwd
    dayu:x:2302:2003:这是一个甩锅:/home/xiaoyu123:/bin/bash
  • 追加

    [root@localhost home]# id dayu
    uid=2302(dayu) gid=2003(group1) groups=2003(group1),1000(oldboy)
    [root@localhost home]# usermod -G root dayu
    [root@localhost home]# id dayu
    uid=2302(dayu) gid=2003(group1) groups=2003(group1),0(root)
    [root@localhost home]# usermod -G oldboy dayu
    [root@localhost home]# id dayu
    uid=2302(dayu) gid=2003(group1) groups=2003(group1),1000(oldboy)
    [root@localhost home]# usermod -a -G root dayu
    [root@localhost home]# id dayu
    uid=2302(dayu) gid=2003(group1) groups=2003(group1),0(root),1000(oldboy)

密码(passwd)

修改或添加Linux普通用户的密码。直接影响的文件是/etc/shadow

  • 增加或修改密码

    当用户密码不存在的时候即为增加密码,当用户密码存在时即为修改密码。

    [root@localhost home]# useradd password
    [root@localhost home]# tail -1 /etc/passwd
    password:x:2303:2303::/home/password:/bin/bash
    [root@localhost home]# tail -1 /etc/shadow
    password:!!:18701:0:99999:7:::
    [root@localhost home]# passwd password
    Changing password for user password.
    New password: 
    BAD PASSWORD: The password is a palindrome
    Retype new password: 
    passwd: all authentication tokens updated successfully.
    [root@localhost home]# tail -1 /etc/passwd
    password:x:2303:2303::/home/password:/bin/bash
    [root@localhost home]# tail -1 /etc/shadow
    password:$6$.EmM.4Bl$f.LimfvMsxxFZq6yFklfyk08JKQORdQovlk2a2dtrpkP31lAMLQpezFqLheBYOTm4Sur9aAqZlC/6MN6wHFBM1:18701:0:99999:7:::
    [root@localhost home]# 
  • 免交互修改密码

    [root@localhost home]# echo "123" | passwd --stdin dayu
    Changing password for user dayu.
    passwd: all authentication tokens updated successfully.

用户组

就类似于班级,是某个同权限用户的集合。

创建组

[root@localhost home]# groupadd group2
[root@localhost home]# tail -1 /etc/group
group2:x:2304:
[root@localhost home]# 
  • 指定gid
[root@localhost home]# groupadd -g 2204 group3
[root@localhost home]# tail -1 /etc/group
group3:x:2204:
  • 创建系统组
[root@localhost home]# groupadd -r group4
[root@localhost home]# tail -1 /etc/group
group4:x:996:

修改组

  • 修改名称

    [root@localhost home]# tail -8 /etc/group
    girl:x:2001:
    [root@localhost home]# groupmod -n boy girl
    [root@localhost home]# tail -8 /etc/group
    boy:x:2001:
  • 修改gid

    [root@localhost home]# groupmod -g 2021 boy
    [root@localhost home]# tail -8 /etc/group
    boy:x:2021:

删除组

用户组在系统中删除,如果一个组被用户占用则不能删除。

[root@localhost home]# groupdel group4
[root@localhost home]# tail -8 /etc/group
dajige:x:1003:
abc:x:2000:
xiaoyu:x:2002:
group1:x:2003:root
password:x:2303:
group2:x:2304:
group3:x:2204:
boy:x:2021:
[root@localhost home]# 

# 注:用户被删除,用户基本组也会被删除
[root@localhost home]# useradd test-group-del
[root@localhost home]# tail -1 /etc/passwd
test-group-del:x:2304:2305::/home/test-group-del:/bin/bash
[root@localhost home]# tail -1 /etc/group
test-group-del:x:2305:
[root@localhost home]# userdel -r test-group-del
[root@localhost home]# tail -1 /etc/passwd
password:x:2303:2303::/home/password:/bin/bash
[root@localhost home]# tail -1 /etc/group
boy:x:2021:
[root@localhost home]# 

组成员管理

# 添加一个组到用户
[root@localhost home]# useradd gtest
[root@localhost home]# vim /etc/group
[root@localhost home]# id gtest
uid=2304(gtest) gid=2305(gtest) groups=2305(gtest),2204(group3)
[root@localhost home]# gpasswd -a gtest group2
Adding user gtest to group group2
[root@localhost home]# id gtest
uid=2304(gtest) gid=2305(gtest) groups=2305(gtest),2304(group2),2204(group3)

# 添加多个组到用户
[root@localhost home]# gpasswd -M gtest,root,dayu group
gpasswd: group 'group' does not exist in /etc/group
[root@localhost home]# gpasswd -M gtest,root,dayu group3
[root@localhost home]# id root
uid=0(root) gid=0(root) groups=0(root),2000(abc),2003(group1),2204(group3)
[root@localhost home]# id dayu
uid=2302(dayu) gid=2003(group1) groups=2003(group1),0(root),1000(oldboy),2204(group3)
[root@localhost home]# id gtest
uid=2304(gtest) gid=2305(gtest) groups=2305(gtest),2304(group2),2204(group3)

# 为一个组添加组长(组长有权限向组内添加用户,其他用户[除root外]没有权限添加用户到该组)
[root@localhost ~]# gpasswd -A dayu group3
[root@localhost ~]# cat /etc/gshadow
group3:!:dayu:gtest,dayu,oldboy

# 组权限
[root@localhost ~]# id dayu
uid=2302(dayu) gid=2003(group1) groups=2003(group1),1000(oldboy),2204(group3)
[root@localhost ~]# chown .group3 /tmp/12.txt 
[root@localhost ~]# ls -l /tmp/12.txt
-rw-r--r-- 1 root group3 4 Mar 15 11:35 /tmp/12.txt
[root@localhost ~]# chmod g+w /tmp/12.txt
[root@localhost ~]# ls -l /tmp/12.txt
-rw-rw-r-- 1 root group3 4 Mar 15 11:35 /tmp/12.txt
[root@localhost ~]# su - dayu
Last login: Mon Mar 15 11:37:05 CST 2021 on pts/3
[dayu@localhost ~]$ echo "456" > /tmp/12.txt 
[dayu@localhost ~]$ cat /tmp/12.txt
456
[dayu@localhost ~]$ 

运维之基础命令--用户权限
http://gsproj.github.io/2022/07/06/01_运维/01-基础命令/day10-Linux文件权限/笔记/
作者
GongSheng
发布于
2022年7月6日
许可协议