user management
Users, Group Management Commands Organize: (1 message) Linux users, group management command collation and example details_ captainyuxiaoyu's Blog - CSDN Blog
sudo user authorization
Privileges to execute commands given to ordinary users by administrators
vim /etc/sudoers
redhat ALL=(ALL) NOPASSWD: /usr/sbin/useradd
Authorized User Authorized User Host Name= (Authorized User) Authorization does not require password validation: Extract executable commands
$sudo useradd u1
su
su redhat
su - redhat
w | who | users See which users the system logs on through terminal
LastView which user authentications logged on to the current host in the near future
whoami checks which user identity the current terminal logs on as
Job Title:
1. Create a new group named adminuser with group id 40000
2. Create a new user named natasha and make adminuser its affiliated group
3. Create a new user named harry with adminuser as its affiliate group
4. Create a new user named sarah that does not belong to the adminuser group and set its shell to
Not landable shell/sbin/nologin
5. Add the user maomao, modify its home directory to / maomao, and ask the command prompt to display normally when switching maomao.
6. Create two groups, std1 and std2, requiring three users in the std1 group
7. The passwords for natasha, harry, and sarah users are set to glegunge to create users (implemented in a variety of ways)
The first way to change your password is: [root@arya test]# passwd natasha Changing password for user natasha. New password: Retype new password: passwd: all authentication tokens updated successfully. Second: [root@arya test]# echo "glegunge" | passwd --stdin harry Changing password for user harry. passwd: all authentication tokens updated successfully. [root@arya test]# echo "glegunge" | passwd --stdin sarah Changing password for user sarah. passwd: all authentication tokens updated successfully.
8. New Group, Shenchan, caiwu, jishu
9. New user requirements are as follows:
- wjx is an additional user of the Shenchan group
- liuy is an additional user of the caiwu group
- zxx is an additional user of the jishu group
- Create a new admin user who does not belong to the three departments mentioned above and whose password is set to redhat
[root@localhost ~]# groupadd shengchan [root@localhost ~]# groupadd caiwu [root@localhost ~]# groupadd jishu [root@localhost ~]# useradd -G shengchan wjx [root@localhost ~]# useradd -G caiwu liuy [root@localhost ~]# useradd -G jishu zxx [root@localhost ~]# useradd admin [root@localhost wjx]# passwd wjx Changing password for user wjx. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully. ##The password change steps are the same
File System Permissions
Linux ACL Access Control Permissions Complete Overview (Extra Detail) (biancheng.net)](http://c.biancheng.net/view/863.html)
Job Title:
The requirements for creating a new directory are as follows:
1)/pub directory is a public storage directory that all users can read, write, and execute, but users can only delete their own files
2)/sc directory is a production storage directory which can only be written to production personnel, and the files created by production personnel are automatically attributed to
3)/cw directory is the financial department storage directory can only be written to the financial department personnel, and the files created by the financial department personnel automatically belong to the caiwu group
4) admin user can read, write and execute / sc and / cw directories
[root@localhost ~]# mkdir /pub /sc /cw [root@localhost ~]# chmod 1777 /pub [root@localhost ~]# chgrp shengchan /sc [root@localhost ~]# chmod 2770 /sc [root@localhost ~]# chgrp caiwu /cw [root@localhost ~]# chmod 2770 /cw [root@localhost ~]# setfacl -m u:admin:rwx /sc/ [root@localhost ~]# setfacl -m u:admin:rwx /cw/ [root@localhost ~]# setfacl -m d:u:admin:rwx /cw/ [root@localhost ~]# setfacl -m d:u:admin:rwx /sc/ [root@localhost ~]# getfacl /sc /cw getfacl: Removing leading '/' from absolute path names # file: sc # owner: root # group: shengchan # flags: -s- user::rwx user:admin:rwx group::rwx mask::rwx other::--- default:user::rwx default:user:admin:rwx default:group::rwx default:mask::rwx default:other::--- # file: cw # owner: root # group: caiwu # flags: -s- user::rwx user:admin:rwx group::rwx mask::rwx other::--- default:user::rwx default:user:admin:rwx default:group::rwx default:mask::rwx default:other::--- [root@localhost ~]#
Setting special permissions requires the following:
1) Create a directory/test/data so that ordinary users within the IT group have write access to it, and all files created belong to the group that the directory belongs to. In addition, each user can only delete their own files
2) Enable normal users to view user profiles using/tmp/cat
Setting ACL permissions requires the following:
New files created in/test/dir automatically belong to the webs group. Members of the group apps, such as tomcat, can read and write to these new files. Members of the group dbs, such as mysql, can only read to new files. Other users (not webs,apps,dbs) cannot access this folder.
[root@localhost ~]# groupadd webs [root@localhost ~]# groupadd apps [root@localhost ~]# groupadd dbs [root@localhost ~]# useradd tomcat [root@localhost ~]# useradd mysql [root@localhost ~]# gpasswd -a tomcat apps Adding user tomcat to group apps [root@localhost ~]# gpasswd -a mysql dbs Adding user mysql to group dbs [root@localhost ~]# mkdir /testdir/dir -p [root@localhost ~]# chgrp -R webs /testdir/dir [root@localhost ~]# chmod -R g+s /testdir/dir [root@localhost ~]# setfacl -R -m g:tomcat:rw /testdir/dir [root@localhost ~]# setfacl -R -m g:mysql:r /testdir/dir [root@localhost ~]# setfacl -R -m o::0 /testdir/dir [root@localhost ~]#