拾遗:Linux 用户及权限管理基础
Lacks of Knowledge 1:
Linux has large amount of COMMANDS,but many of them have similar funtions,it's annoying! So,how to get the highest efficiency in a very limited period?
Choise only one method which cat solve your problem[s] perfectly,and throw others away!
Just as the command "history",I will never waste my time on "!xxx","!<",etc. Because "history | grep" will solve any problems as all the others can do.
It's same for me to deal with the chapter of user-management.I will only focus on the formats of four files(/etc/passwd,/etc/shadow/,/etc/group,/etc/gshadow) and three necessary commands("useradd","newusers","chpasswd").
These seven tools are enough,as below:
f@z ~ $ cat /etc/passwd
qemu:x:77:77:added by portage for libvirt:/dev/null:/sbin/nologin
ldap:x:439:439:added by portage for openldap:/usr/lib64/openldap:/sbin/nologin
name:password:UID:GID:unnecessary comments of user:home directory:shell
z f # cat /etc/shadow
root:$6$QJnD:17015:0:99999:7:::
f:$6$5ajHHo.:17015:0:99999:7:::
name:password:date of last password change:minimun password age[days]:maximum password age[days]:password warning period[days]:password inactivity period[days]:account expiration date
Note:the third and eighth object(date of last password change,account expiration date) is expressed as the number of days since Jan 1, 1970.
z f # cat /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
group name:password:GID:member[s] of the group
z f # cat /etc/gshadow
root:::root
bin:::root,bin,daemon
group name:password:administrator[s] of the group:member[s] of the group
newusers :#recive arguments from file,format same as /etc/passwd
[root@7 fh]# cat testfile zhangsan:abc:3000:3000:xxxx:/home/zhangsan:/bin/bash lisi:abc:4000:4000:xxxx:/home/lisi:/bin/bash
[root@7 fh]# newusers testfile [root@7 fh]# tail -n 2 /etc/passwd zhangsan:x:3000:3000:xxxx:/home/zhangsan:/bin/bash lisi:x:4000:4000:xxxx:/home/lisi:/bin/bash
chpasswd :#recive arguments from stdin
[root@7 fh]# cat testfile2 zhangsan:catdog lisi:dogcat [root@7 fh]# cat testfile2 | chpasswd [fh@7 ~]$ su - zhangsan Password: -bash-4.2$
useradd -G -s -m -k
[root@7 fh]# useradd -m -G wheel -s /bin/bash -k /dev/null test_user [root@7 fh]# tail -n 1 /etc/passwd test_user:x:4001:4001::/home/test_user:/bin/bash [root@7 fh]# grep 'wheel' /etc/group wheel:x:10:fh,test_user [root@7 fh]# ls -a /home/test_user/ . ..
Lacks of Knowledge 2:
setfacl -M :#revice arguments from file
[root@7 fh]# cat file1 u:fh:6 g:fh:4 d:u:fh:rx mask::5 [root@7 fh]# setfacl -M file1 a_dir/ [root@7 fh]# getfacl a_dir/ # file: a_dir/ # owner: root # group: root user::rwx user:fh:rw- #effective:r-- group::r-x group:fh:r-- mask::r-x other::r-x default:user::rwx default:user:fh:r-x default:group::r-x default:mask::r-x default:other::r-x
