用户管理操作示例

#用户
root 超级用户,超级管理员,权限无限大
500以下的 系统帐号 系统软件运行 没有登录的权限
500及以上的 普通用户

hongyi:x:501:501::/home/hongyi:/bin/bash
hongyi:用户名
x:密码占位符,没有可以不使用密码登录,有的话必须使用密码登录
501:用户编号
501:用户所属组组编号
::注释信息,可有可无,可随便写,比如Oracle用户
/home/hongyi:家
/bin/bash:用户登录系统默认使用什么shell

shd:!!:15908::::::
!!:用户被锁住,两把锁
!:一把锁
15908:修改这次密码距离1970.1.1隔多少天
zhink:$6$YJ.smIrY$psvbOkK9YqpsSABEWJLXVIiExUummHIL03NlMmEp1K8gGysgUU3nu1Bk8HzbA.yVJutBtyqlaJSJG.9AJC4.s/:15910:0:99999:7:::
0:密码最少使用多少天才可以修改
99999:密码最多可以使用多少天必须修改,否则过期
7:密码过期时提前多少天给你提示
:
:


[root@larrywen soft]# man shadow
[root@larrywen soft]# man 5 shadow

[root@serv01 test]usermod --help
--修改用户的编号
[root@serv01 test]# usermod -u 666 zhink

[root@serv01 test]# id zhink
uid=666(zhink) gid=500(hink) groups=500(hink)

--更改用户zhink为think
[root@serv01 test]# usermod -l think zhink
[root@serv01 test]# id zhink
id: zhink: No such user
[root@serv01 test]# tail -n2 /etc/passwd
hongyi:x:501:501::/home/hongyi:/bin/bash
think:x:666:500::/home/zhink:/bin/bash

--添加编号为666组名为linux的组
[root@serv01 test]# groupadd -g 666 linux
[root@serv01 test]# tail -n1 /etc/group
linux:x:666:

--修改think的组名为linux
[root@serv01 test]# usermod -g linux think
[root@serv01 test]# tail -n1 /etc/passwd
think:x:666:666::/home/zhink:/bin/bash

[root@serv01 test]# id think
uid=666(think) gid=666(linux) groups=666(linux)

--更改用户think的注释为this is linux admin
[root@serv01 test]# usermod -c "this is linux admin" think
[root@serv01 test]# tail -n2 /etc/passwd
hongyi:x:501:501::/home/hongyi:/bin/bash
think:x:666:666:this is linux admin:/home/zhink:/bin/bash

[root@serv01 test]# mkdir /rhome
[root@serv01 test]# ls -ld /rhome/
drwxr-xr-x. 2 root root 4096 Jul 24 23:58 /rhome/

--给用户搬家,失败
[root@serv01 test]# usermod -m /rhome/think think
usermod: no changes
[root@serv01 test]# tail -n2 /etc/passwd
hongyi:x:501:501::/home/hongyi:/bin/bash
think:x:666:666:this is linux admin:/home/zhink:/bin/bash
[root@serv01 test]# ls /rhome
[root@serv01 test]# ls /home
hongyi  test  zhink

--给用户think搬家
[root@serv01 test]# usermod -m -d /rhome/think think
[root@serv01 test]# tail -n2 /etc/passwd
hongyi:x:501:501::/home/hongyi:/bin/bash
think:x:666:666:this is linux admin:/rhome/think:/bin/bash
[root@serv01 test]# ls /rhome
think
[root@serv01 test]# ls /home
hongyi  test

#测试禁止登录
[root@serv01 test]# usermod -s /sbin/nologin think
[root@larrywen Desktop]# ssh think@192.168.1.11
think@192.168.1.11's password: 
Last login: Thu Jul 25 00:03:44 2013 from 192.168.1.1
This account is currently not available.
Connection to 192.168.1.11 closed.
[root@serv01 test]# usermod -s /bin/bash think
[root@larrywen Desktop]# ssh think@192.168.1.11
think@192.168.1.11's password: 
Last login: Thu Jul 25 00:03:58 2013 from 192.168.1.1
[think@serv01 ~]$ 

[root@serv01 test]usermod -p
#md5加密
[root@serv01 test]# grub-md5-crypt 
Password: 
Retype password: 
$1$9gmEH1$TxmCSmV4.uJTjCNVlqnBn.

#修改用户think的密码
[root@serv01 test]# usermod -p '$1$9gmEH1$TxmCSmV4.uJTjCNVlqnBn.' think
[root@serv01 test]# passwd think

#修改think的密码,需要root用户
[root@serv01 test]# passwd think
	
#用户think的密码失效的最小日期为3
[root@serv01 test]# passwd -n 3 think
	
#用户think的密码失效的最小日期为0
[root@serv01 test]# passwd -n 0 think

#用户失效的日期,此处设置为3天以后
[root@serv01 test]# passwd -i 3 think

#修改用户think,2013-09-10过期
[root@serv01 test]# usermod -e "2013-09-10" think

#用户think的密码失效的警告日期为3,3天后用户think在登录时将受到警告
[root@serv01 test]# passwd -w 3 think

[root@serv01 test]# date
Thu Jul 25 00:25:44 CST 2013
[root@serv01 test]# date -s "2013-07-25 16:26:44"
Thu Jul 25 16:26:44 CST 2013
[root@serv01 test]# date
Thu Jul 25 16:26:45 CST 2013
[root@serv01 test]# tail -n2 /etc/shadow
think:$6$B0kGPvNc$xsRV5MLUUhbc1duBQNzKs8qX0FrrchETVv1Z0J5vzWF97wxGWPhYqgfFYpcCNOsldY2/KNAl7sNswovvsGawl1:15910:0:99999:7:::
[root@serv01 test]# passwd think
Changing password for user think.
New password: 
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password: 
passwd: all authentication tokens updated successfully.
[root@serv01 test]# tail -n2 /etc/shadow
think:$6$xuDtWPxr$9S2ZcJ0mn4CWXnUZqSZCxcgQz263gNH4dPoKrigwdgd9tuRQ07TkvvOvuDxlupnxjXIDjziIfWPs4txJJ3L2h1:15911:0:99999:7:::

#15911:不需要自己修改
[root@serv01 test]# passwd --help
[root@serv01 test]# passwd -n 3 think
Adjusting aging data for user think.
passwd: Success
[root@serv01 test]# tail -n2 /etc/shadow
think:$6$xuDtWPxr$9S2ZcJ0mn4CWXnUZqSZCxcgQz263gNH4dPoKrigwdgd9tuRQ07TkvvOvuDxlupnxjXIDjziIfWPs4txJJ3L2h1:15911:3:99999:7:::

[root@larrywen Desktop]# ssh think@192.168.1.11
think@192.168.1.11's password: 
Last login: Thu Jul 25 00:04:23 2013 from 192.168.1.1
[think@serv01 ~]$ passwd
Changing password for user think.
Changing password for think.
(current) UNIX password: 
You must wait longer to change your password
passwd: Authentication token manipulation error

[root@serv01 test]# passwd -n 0 think
Adjusting aging data for user think.
passwd: Success

[think@serv01 ~]$ passwd
Changing password for user think.
Changing password for think.
(current) UNIX password: 
New password: 
BAD PASSWORD: it is too simplistic/systematic
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.

[root@serv01 test]# date
Thu Jul 25 16:33:27 CST 2013
[root@serv01 test]# date -s "2013-07-30"
Tue Jul 30 00:00:00 CST 2013

passwd

[root@serv01 test]# date -s "2013-08-25"
[root@larrywen Desktop]# ssh think@192.168.1.11
think@192.168.1.11's password: 
Warning: your password will expire in 0 days
Last login: Thu Jul 25 16:29:24 2013 from 192.168.1.1

[root@serv01 test]# date -s "2013-09-01"
Sun Sep  1 00:00:00 CST 2013

[root@larrywen Desktop]# ssh think@192.168.1.11
think@192.168.1.11's password: 
You are required to change your password immediately (password aged)
Last login: Tue Aug 20 00:00:28 2013 from 192.168.1.1
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user think.
Changing password for think.
(current) UNIX password: 

[root@serv01 test]# passwd -i 3 think
Adjusting aging data for user think.
passwd: Success
[root@serv01 test]# tail -n1 /etc/shadow
think:$6$7yd/Qbel$uAzY/GJKpo7J9aPOy62axAYvWK.tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1:15911:3:30:7:3::
[root@serv01 test]# usermod -f 10 think
[root@serv01 test]# tail -n1 /etc/shadow
think:$6$7yd/Qbel$uAzY/GJKpo7J9aPOy62axAYvWK.tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1:15911:3:30:7:10::

#修改过期时间
[root@serv01 test]# usermod -e "2013-09-10" think
[root@serv01 test]# tail -n1 /etc/shadow
think:$6$7yd/Qbel$uAzY/GJKpo7J9aPOy62axAYvWK.tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1:15911:3:30:7:10:15958:
[root@serv01 test]# date
Sun Sep  1 00:03:45 CST 2013
[root@serv01 test]# date -s "2013-09-20"
Fri Sep 20 00:00:00 CST 2013

[root@larrywen Desktop]# ssh think@192.168.1.11
think@192.168.1.11's password: 
Your account has expired; please contact your system administrator
Connection closed by 192.168.1.11


[root@serv01 test]# passwd --help
Usage: passwd [OPTION...] <accountName>
  -k, --keep-tokens       keep non-expired authentication tokens
  -d, --delete            delete the password for the named account (root
only)
  -l, --lock              lock the named account (root only)
  -u, --unlock            unlock the named account (root only)
  -f, --force             force operation
  -x, --maximum=DAYS      maximum password lifetime (root only)
  -n, --minimum=DAYS      minimum password lifetime (root only)
  -w, --warning=DAYS      number of days warning users receives before
password expiration (root only)
  -i, --inactive=DAYS     number of days after password expiration when an
account becomes disabled (root only)
  -S, --status            report password status on the named account (root
only)
  --stdin                 read new tokens from stdin (root only)

Help options:
  -?, --help              Show this help message
  --usage                 Display brief usage message

[root@serv01 test]# tail -n1 /etc/group
linux:x:666:
[root@serv01 test]# groupadd --help

#添加oracle用户到编号为668的组
[root@serv01 test]# groupadd -g 667 oracle
[root@serv01 test]# tail -n2 /etc/group
linux:x:666:
oracle:x:667:

#创建用户时给用户添加组,可以使用组名或者组的编号
[root@serv01 test]# useradd -g oracle oracle01
[root@serv01 test]# useradd -g 667 oracle01

[root@serv01 test]# useradd -g oracle oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=667(oracle) groups=667(oracle)

#添加用户时加入到多个组
[root@serv01 test]# useradd -g oracle -G linux oracle01
[root@serv01 test]# usermod --help
#添加用户oracle01到linux组
[root@serv01 test]# usermod -G linux oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=667(oracle) groups=667(oracle),666(linux)

[root@serv01 test]# tail -n2 /etc/group
linux:x:666:oracle01
oracle:x:667:

#主组

#添加组
[root@serv01 test]# groupadd dba
[root@serv01 test]# tail -n2 /etc/group
oracle:x:667:
dba:x:668:
#修改用户的主组
[root@serv01 test]# usermod -g dba oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux)
[root@serv01 test]# tail -n2 /etc/passwd
oracle01:x:667:668::/home/oracle01:/bin/bash
test:x:668:667::/home/test:/bin/bash


[root@serv01 test]# id oracle01
uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux)
#修改用户的副组,覆盖以前的
[root@serv01 test]# usermod -G oracle oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=668(dba) groups=668(dba),667(oracle)

#副组
#添加用户到多个组
[root@serv01 test]# usermod -G oracle,linux oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux),667(oracle)

[root@serv01 test]# usermod -G oracle oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=668(dba) groups=668(dba),667(oracle)
#添加到多个组,不会覆盖以前的副组
[root@serv01 test]# usermod -a -G linux oracle01
[root@serv01 test]# id oracle01
uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux),667(oracle)

#从oracle组里删除指定用户
[root@serv01 /]# gpasswd -d oracle01 oracle
Removing user oracle01 from group oracle
[root@serv01 /]# id oracle01
uid=667(oracle01) gid=666(linux) groups=666(linux)
[root@serv01 /]# tail -n2 /etc/passwd
think:x:666:666:this is linux admin:/rhome/think:/bin/bash
oracle01:x:667:666::/home/oracle01:/bin/bash

#删除用户,不加参数不删除主目录
[root@serv01 /]# userdel hongyi
[root@serv01 /]# ls /home
hongyi  learning  oracle01

#删除用户,并删除主目录
[root@serv01 /]# userdel -r oracle01
[root@serv01 /]# ls /home/
hongyi/   learning/ 

[root@serv01 /]# tail -n3 /etc/passwd
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
think:x:666:666:this is linux admin:/rhome/think:/bin/bash

[root@serv01 /]# tail -n3 /etc/passwd
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
think:x:666:666:this is linux admin:/rhome/think:/bin/bash
[root@serv01 /]# tail -n5 /etc/gruop
tail: cannot open `/etc/gruop' for reading: No such file or directory
[root@serv01 /]# tail -n5 /etc/group
sshd:x:74:
hink:x:500:
linux:x:666:
oracle:x:667:
dba:x:668:
[root@serv01 /]# userdel hongyi
userdel: user 'hongyi' does not exist
[root@serv01 /]# rm -rf /home/hongyi
#删除组linux
[root@serv01 /]# groupdel linux
groupdel: cannot remove the primary group of user 'think'
[root@serv01 /]# userdel -r think
[root@serv01 /]# groupdel dba
[root@serv01 /]# groupdel linux
[root@serv01 /]# groupdel oracle

#集群:指定编号,不重复
#不一样的机器ID保持一样 用户名保持一样

[root@serv01 /]# groupadd oracle
[root@serv01 /]# groupadd linux
[root@serv01 /]# groupadd dba
[root@serv01 /]# tail -n3 /etc/group
oracle:x:501:
linux:x:502:
dba:x:503:

#一个用户属于多个组,添加到多个组
[root@serv01 /]# useradd -g oracle -G linux,dba zhink
[root@serv01 /]# id zhink
uid=500(zhink) gid=501(oracle) groups=501(oracle),502(linux),503(dba)
[root@serv01 /]# groupadd admin
[root@serv01 /]# groupadd oper
[root@serv01 /]# usermod -a -G admin,oper zhink
[root@serv01 /]# id zhink
uid=500(zhink) gid=501(oracle)
groups=501(oracle),502(linux),503(dba),504(admin),505(oper)


[root@serv01 /]# tail -n1 /etc/group
oper:x:505:
#修改组的名字
[root@serv01 /]# groupmod -n opr oper
[root@serv01 /]# tail -n1 /etc/group
opr:x:505:

#修改组的编号
[root@serv01 /]# tail -n1 /etc/group
opr:x:505:
[root@serv01 /]# groupmod -g 666 opr
[root@serv01 /]# tail -n1 /etc/group
opr:x:666:

#一个组里添加多个成员

[root@serv01 /]# useradd -G admin hongyi
Creating mailbox file: File exists

[root@serv01 /]# id hongyi
uid=501(hongyi) gid=667(hongyi) groups=667(hongyi),504(admin)
[root@serv01 /]# useradd up01
[root@serv01 /]# useradd up02
[root@serv01 /]# useradd up03
[root@serv01 /]# tail -n10 /etc/group
hink:x:500:
oracle:x:501:
linux:x:502:zhink
dba:x:503:zhink
admin:x:504:zhink,hongyi
opr:x:666:
hongyi:x:667:
up01:x:668:
up02:x:669:
up03:x:670:

#追加up01到admin组
[root@serv01 /]# gpasswd -a up01 admin
Adding user up01 to group admin
[root@serv01 /]# tail -n10 /etc/group
hink:x:500:
oracle:x:501:
linux:x:502:zhink
dba:x:503:zhink
admin:x:504:zhink,hongyi,up01
opr:x:666:
hongyi:x:667:
up01:x:668:
up02:x:669:
up03:x:670:

#添加多个用户到一个组里,会覆盖以前的
[root@serv01 /]# gpasswd -M up01,up02,up03 admin
[root@serv01 /]# tail -n10 /etc/group
hink:x:500:
oracle:x:501:
linux:x:502:zhink
dba:x:503:zhink
admin:x:504:up01,up02,up03
opr:x:666:
hongyi:x:667:
up01:x:668:
up02:x:669:
up03:x:670:

rm -rf *

#手动删除用户:逆向思维创建用户

#修改组的密码
[root@serv01 /]# tail -n1 /etc/gshadow
linux:!::zhink

[root@serv01 /]# gpasswd linux
Changing the password for group linux
New Password: 
Re-enter new password: 
[root@serv01 /]# tail -n1 /etc/gshadow
linux:$6$Qkm/5/Xju/N/U$cmxuQ0KEcDJzISIhlhEaAkKi/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3.UAmiS/kQzjrnBs7Kbg7DriXaCJ1::zhink

useradd zhink
passwd zhink
#以zhink用户登录
[root@larrywen Desktop]# ssh zhink@192.168.1.11
zhink@192.168.1.11's password: 
#修改zhink用户到linux组
[zhink@serv01 ~]$ newgrp linux
Password: 
Invalid password.

#RHEL5支持添加到其他组需要密码,6不支持

#修改用户up01到linux组,成为该组的管理员
[root@serv01 /]# gpasswd -A up01 linux
[root@serv01 /]# tail -n1 /etc/gshadow
linux:$6$Qkm/5/Xju/N/U$cmxuQ0KEcDJzISIhlhEaAkKi/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3.UAmiS/kQzjrnBs7Kbg7DriXaCJ1:up01:
[root@serv01 /]# passwd up01
#以up01用户登录,然后把zhink添加到linux组
[root@larrywen Desktop]# ssh up01@192.168.1.11
up01@192.168.1.11's password: 
[up01@serv01 ~]$ gpasswd -a zhink linux
Adding user zhink to group linux
[up01@serv01 ~]$ id zhink
uid=500(zhink) gid=501(oracle) groups=501(oracle),502(linux),503(dba)
[root@serv01 /]# tail -n1 /etc/gshadow
linux:$6$Qkm/5/Xju/N/U$cmxuQ0KEcDJzISIhlhEaAkKi/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3.UAmiS/kQzjrnBs7Kbg7DriXaCJ1:up01:zhink

#修改up02的密码
[root@serv01 /]# passwd up02
[root@larrywen Desktop]# ssh up02@192.168.1.11
#以up02登录,然后将zhink添加到linux组,发现失败
up02@192.168.1.11's password: 
[up02@serv01 ~]$ id zhink
uid=500(zhink) gid=501(oracle) groups=501(oracle),502(linux),503(dba)

[up02@serv01 ~]$ gpasswd -a zhink linux
gpasswd: Permission denied.

#添加用户时的定义
[root@serv01 /]# vim /etc/default/useradd 

[root@serv01 etc]# ls -l /var/mail /var/spool/mail/ -id
417 lrwxrwxrwx. 1 root root   10 Jul 23 00:54 /var/mail -> spool/mail
424 drwxrwxr-x. 2 root mail 4096 Sep 20 17:37 /var/spool/mail/


我的邮箱wgbno27@163.com  新浪微博@Wentasy27
  微信公众平台:JustOracle(微信号:justoracle)
  数据库技术交流群:336882565(加群时验证 From CSDN XXX)
  Oracle交流讨论组https://groups.google.com/d/forum/justoracle
  By Larry Wen


katoon Sina CSDN
@Wentasy 博文仅供参考,欢迎大家来访。如有错误之处,希望批评指正。原创博文如需转载请注明出处,谢谢 :) [CSDN博客]
posted @ 2013-08-04 21:46  javawebsoa  Views(538)  Comments(0Edit  收藏  举报