Linux常用命令-用户与权限类

1.Linux常用命令(四)

1.用户管理命令

useradd 用户名 为系统创建普通用户

  • -u 数字 指定用户UID
  • -g 组名 指定用户的用户组(默认系统会创建一个与用户名相同的用户组)
  • -s 命令解释器 指定用户所使用的命令解释器
  • -M 不为用户创建家目录
-Ms 一般一起使用,用于创建虚拟用户
[root@aspen ~]# useradd -u 666 -Ms /sbin/nologin VitualWeb
[root@aspen ~]# tail -3 /etc/passwd
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
VitualWeb:x:666:1000::/home/VitualWeb:/sbin/nologin
[root@aspen ~]# ls /home/
[root@aspen ~]# su - VitualWeb
su: warning: cannot change directory to /home/VitualWeb: No such file or directory
This account is currently not available.

groupadd 组名 为系统创建用户组

  • -g 数字 指定用户组GID
[root@aspen ~]# groupadd -g 2000 www
[root@aspen ~]# grep www /etc/group
www:x:2000:
[root@aspen ~]# useradd -Ms /sbin/nologin -g www -u 2000 www
[root@aspen ~]# grep www /etc/passwd
www:x:2000:2000::/home/www:/sbin/nologin

passwd 用户名 为指定用户设定/更改密码(默认修改当前用户密码)

  • --stdin 从标准输入获取密码(非交互式设置密码)
--stdin参数仅root用户可用
[root@aspen ~]# passwd aspen 
Changing password for user aspen.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.
[root@aspen ~]# echo 123456 | passwd aspen --stdin
Changing password for user aspen.
passwd: all authentication tokens updated successfully.
[aspen@aspen ~]$ passwd --stdin
Only root can do that.
[root@aspen ~]# echo stu{01..5}| xargs -n1 | sed 's#.*#useradd & \&\& p=`tr -cd 'a-zA-Z0-9' </dev/urandom|head -c 8`  \&\& echo $p|passwd & --stdin \&\& echo $p & >>/root/password.txt #g' | bash
Changing password for user stu01.
passwd: all authentication tokens updated successfully.
Changing password for user stu02.
passwd: all authentication tokens updated successfully.
Changing password for user stu03.
passwd: all authentication tokens updated successfully.
Changing password for user stu04.
passwd: all authentication tokens updated successfully.
Changing password for user stu05.
passwd: all authentication tokens updated successfully.
[root@aspen ~]# cat ./password.txt 
nqZCzqi0 stu01
zsqpDoZB stu02
XK1SMRDk stu03
H3KL1uW0 stu04
Re5PpHW1 stu05

su - 用户名 切换至指定用户

- 表示切换用户时,更换指定用户的环境变量
[root@aspen ~]# su - stu01 #root用户切换至普通用户,不需要输入密码
[stu01@aspen ~]$ su - stu03 #普通用户之间相互切换或切换至root用户,需要输入密码
Password: 

sudo 命令 临时以另外一个用户身份(默认root用户)执行事先在/etc/sudoers文件允许的命令

  • -l 查看当前用户特权命令
visudo编辑/etc/sudoers文件的专属命令
visudo== vi /etc/sudoers
不要在文件中针对同一个用户授予多次权限

sudoers文件书写格式

用户 可登陆主机=(sudo身份) 可执行的命令
aspen ALL=(ALL) ALL
[root@aspen ~]# visudo
......
    root    ALL=(ALL)       ALL
    aspen   ALL=(ALL)       NOPASSWD:ALL
    stu01   ALL=(ALL)       /sbin/* !/sbin/rm !/sbin/vim !/sbin/su
......
[stu01@aspen ~]$ sudo -l #首次查看用户特权命令

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for stu01: 
Matching Defaults entries for stu01 on aspen:
    !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY
    HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
    env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC
    LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
    secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User stu01 may run the following commands on aspen:
    (ALL) /sbin/* !/sbin/rm !/sbin/vim !/sbin/su
[aspen@aspen ~]$ sudo -l
Matching Defaults entries for aspen on aspen:
    !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY
    HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
    env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC
    LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
    secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User aspen may run the following commands on aspen:
    (ALL) NOPASSWD: ALL
[aspen@aspen ~]$ sudo su - root
Last login: Mon May 13 19:21:09 CST 2019 from 10.0.0.1 on pts/2
[root@aspen ~]# 

userdel 用户名 删除指定用户(默认不删除用户的家目录和邮箱)

  • -r 删除用户的家目录及邮箱
在实际生产环境中删除用户,一般将该用户在/etc/passwd文件中注释,而不是真正的删除该用户
[root@aspen ~]# userdel stu05
[root@aspen ~]# userdel -r stu04
[root@aspen ~]# ls /home/
aspen  stu01  stu02  stu03  stu05
[root@aspen ~]# tail -7 /etc/passwd
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
VitualWeb:x:666:1000::/home/VitualWeb:/sbin/nologin
aspen:x:1000:1001::/home/aspen:/bin/bash
stu01:x:1001:1002::/home/stu01:/bin/bash
stu02:x:1002:1003::/home/stu02:/bin/bash
stu03:x:1003:1004::/home/stu03:/bin/bash

usermod 用户名 修改指定定用户信息

  • -u 指定用户UID
  • -g 指定用户的用户组(默认系统会创建一个与用户名相同的用户组)
  • -s 指定用户所使用的命令解释器
usermod与useradd命令用法基本一致
[root@aspen ~]# tail -1 /etc/passwd
stu03:x:1003:1004::/home/stu03:/bin/bash
[root@aspen ~]# usermod -u 2019 -s /sbin/nologin stu03
[root@aspen ~]# tail -1 /etc/passwd
stu03:x:2019:1004::/home/stu03:/sbin/nologin

id 用户名 查看指定用户UID,GID以及归属用户组(默认显示当前用户的相关ID信息)

[root@aspen ~]# id stu02
uid=1002(stu02) gid=1003(stu02) groups=1003(stu02)
[root@aspen ~]# tail -2 /etc/passwd | head -1
#stu02:x:1002:1003::/home/stu02:/bin/bash
[root@aspen ~]# id stu02
id: stu02: no such user

2.查看系统用户及登录信息的命令

whoami 显示当前用户名

[root@aspen ~]# whoami 
root
[root@aspen ~]# su - aspen
Last login: Mon May 13 19:16:07 CST 2019 on pts/0
[aspen@aspen ~]$ whoami
aspen

last 显示所有用户的系统登录信息

[root@aspen ~]# last | head -5
root     pts/0        10.0.0.1         Mon May 13 19:46   still logged in   
root     pts/0        10.0.0.1         Mon May 13 19:34 - 19:46  (00:11)    
root     pts/2        10.0.0.1         Mon May 13 19:21 - 19:33  (00:12)    
root     pts/2        10.0.0.1         Mon May 13 19:20 - 19:21  (00:00)    
root     pts/1        10.0.0.1         Mon May 13 19:13 - 19:33  (00:19)  

lastlog 显示系统中所有用户最近一次登录信息

[root@aspen ~]# lastlog | head -2 ; lastlog |tail -4
Username         Port     From             Latest
root             pts/0    10.0.0.1         Mon May 13 19:46:21 +0800 2019
VitualWeb        pts/0                     Mon May 13 18:46:51 +0800 2019
aspen            pts/0                     Mon May 13 19:45:02 +0800 2019
stu01            pts/2                     Mon May 13 19:21:31 +0800 2019
stu03            pts/0                     Mon May 13 19:11:34 +0800 2019

w 显示已经登陆系统的用户列表,并显示用户正在执行的指令

w命令对显示区域宽度有要求,如果显示区域宽度不够,执行命令或进行报错
[root@aspen ~]# w
w: 52 column window is too narrow
[root@aspen ~]# w
 19:10:52 up 1 day,  8:05,  1 user,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    10.0.0.1         14:09    4.00s  0.58s  0.02s w

3.系统权限及用户授权相关命令

chmod 权限 文件名 修改文件的权限

  • -R 递归修改文件权限
    递归修改文件权限
chmod命令支持的权限:r(可读) w(可写) x(可执行) s(set uid) t(粘滞位)
[root@aspen ~]# chmod 644 ./Power.txt 
[root@aspen ~]# ll ./Power.txt 
-rw-r--r-- 1 root root 0 May 13 20:27 ./Power.txt
[root@aspen ~]# chmod a-r ./Power.txt 
[root@aspen ~]# ll ./Power.txt 
--w------- 1 root root 0 May 13 20:27 ./Power.txt
[root@aspen ~]# chmod +x ./Power.txt 
[root@aspen ~]# ll ./Power.txt 
--wx--x--x 1 root root 0 May 13 20:27 ./Power.txt
[root@aspen ~]# chmod ugo+r ./Power.txt 
[root@aspen ~]# ll ./Power.txt 
-rwxr-xr-x 1 root root 0 May 13 20:27 ./Power.txt
[root@aspen ~]# ll -d /tmp/ /bin/passwd 
-rwsr-xr-x.  1 root root 27832 Jun 10  2014 /bin/passwd
drwxrwxrwt. 10 root root   259 May 13 20:33 /tmp/
[root@aspen ~]# chmod +s ./Power.txt 
[root@aspen ~]# ll  Power.txt 
-rwsr-sr-x 1 stu01 stu01 0 May 13 20:27 Power.txt #数字权限:6755
[root@aspen ~]# chmod +t ./Power.txt 
[root@aspen ~]# ll ./Power.txt 
-rwxr-xr-t 1 stu01 stu01 0 May 13 20:27 ./Power.txt #数字权限:1755
[root@aspen ~]# chmod o-x ./Power.txt 
[root@aspen ~]# ll ./Power.txt 
-rwxr-xr-T 1 stu01 stu01 0 May 13 20:27 ./Power.txt #数字权限:1754

chown 用户名.用户组 文件名 修改文件的所有者以及属组

[root@aspen ~]# chown aspen ./Power.txt 
[root@aspen ~]# ll ./Power.txt 
-rwxr-xr-x 1 aspen root 0 May 13 20:27 ./Power.txt
[root@aspen ~]# chown stu01.stu01 ./Power.txt 
[root@aspen ~]# ll ./Power.txt 
-rwxr-xr-x 1 stu01 stu01 0 May 13 20:27 ./Power.txt

chattr +/- 隐藏权限 文件名 设置指定文件的隐藏属性

chattr命令支持的权限:a(仅追加文件内容权限) i(仅查看文件权限)
[root@aspen ~]# echo 123456 >Power.txt 
[root@aspen ~]# chattr +a Power.txt 
[root@aspen ~]# echo 67890 >Power.txt 
-bash: Power.txt: Operation not permitted
[root@aspen ~]# cat ./Power.txt 
123456
[root@aspen ~]# echo 67890 >>Power.txt 
[root@aspen ~]# cat ./Power.txt 
123456
67890
[root@aspen ~]# chattr +i ./Power.txt 
[root@aspen ~]# cat ./Power.txt 
123456
67890
[root@aspen ~]# echo 13579>> ./Power.txt 
-bash: ./Power.txt: Permission denied
[root@aspen ~]# cat ./Power.txt 
123456
67890

lsattr 查看文件隐藏属性

  • -d 只显示目录本身信息
[root@aspen ~]# ll ./Power.txt 
-rw-r--r-- 1 stu01 stu01 7 May 13 20:40 ./Power.txt
[root@aspen ~]# lsattr ./Power.txt 
-----a---------- ./Power.txt
[root@aspen ~]# lsattr ./Power.txt 
----i----------- ./Power.txt
[root@aspen ~]# rm -f ./Power.txt 
rm: cannot remove ‘./Power.txt’: Operation not permitted

Linux命令要养成操作前备份,操作后检查的好习惯
未完待续...

发表评论

您的电子邮箱地址不会被公开。