用户管理操作示例
#用户 root 超级用户,超级管理员,权限无限大 500以下的 系统帐号 系统软件运行 没有登录的权限 500及以上的 普通用户 hongyi:x:501:501::/home/hongyi:/bin/bash hongyi:用户名 x:密码占位符,没有可以不使用密码登录,有的话必须使用密码登录 501:用户编号 501:用户所属组组编号 ::注释信息,可有可无,可随便写,比如Oracle用户 /home/hongyi:家 /bin/bash:用户登录系统默认使用什么shell shd:!!:15908:::::: !!:用户被锁住,两把锁 !:一把锁 15908:修改这次密码距离1970.1.1隔多少天 zhink:$6$YJ.smIrY$psvbOkK9YqpsSABEWJLXVIiExUummHIL03NlMmEp1K8gGysgUU3nu1Bk8HzbA.yVJutBtyqlaJSJG.9AJC4.s/:15910:0:99999:7::: 0:密码最少使用多少天才可以修改 99999:密码最多可以使用多少天必须修改,否则过期 7:密码过期时提前多少天给你提示 : : [root@larrywen soft]# man shadow [root@larrywen soft]# man 5 shadow [root@serv01 test]usermod --help --修改用户的编号 [root@serv01 test]# usermod -u 666 zhink [root@serv01 test]# id zhink uid=666(zhink) gid=500(hink) groups=500(hink) --更改用户zhink为think [root@serv01 test]# usermod -l think zhink [root@serv01 test]# id zhink id: zhink: No such user [root@serv01 test]# tail -n2 /etc/passwd hongyi:x:501:501::/home/hongyi:/bin/bash think:x:666:500::/home/zhink:/bin/bash --添加编号为666组名为linux的组 [root@serv01 test]# groupadd -g 666 linux [root@serv01 test]# tail -n1 /etc/group linux:x:666: --修改think的组名为linux [root@serv01 test]# usermod -g linux think [root@serv01 test]# tail -n1 /etc/passwd think:x:666:666::/home/zhink:/bin/bash [root@serv01 test]# id think uid=666(think) gid=666(linux) groups=666(linux) --更改用户think的注释为this is linux admin [root@serv01 test]# usermod -c "this is linux admin" think [root@serv01 test]# tail -n2 /etc/passwd hongyi:x:501:501::/home/hongyi:/bin/bash think:x:666:666:this is linux admin:/home/zhink:/bin/bash [root@serv01 test]# mkdir /rhome [root@serv01 test]# ls -ld /rhome/ drwxr-xr-x. 2 root root 4096 Jul 24 23:58 /rhome/ --给用户搬家,失败 [root@serv01 test]# usermod -m /rhome/think think usermod: no changes [root@serv01 test]# tail -n2 /etc/passwd hongyi:x:501:501::/home/hongyi:/bin/bash think:x:666:666:this is linux admin:/home/zhink:/bin/bash [root@serv01 test]# ls /rhome [root@serv01 test]# ls /home hongyi test zhink --给用户think搬家 [root@serv01 test]# usermod -m -d /rhome/think think [root@serv01 test]# tail -n2 /etc/passwd hongyi:x:501:501::/home/hongyi:/bin/bash think:x:666:666:this is linux admin:/rhome/think:/bin/bash [root@serv01 test]# ls /rhome think [root@serv01 test]# ls /home hongyi test #测试禁止登录 [root@serv01 test]# usermod -s /sbin/nologin think [root@larrywen Desktop]# ssh think@192.168.1.11 think@192.168.1.11's password: Last login: Thu Jul 25 00:03:44 2013 from 192.168.1.1 This account is currently not available. Connection to 192.168.1.11 closed. [root@serv01 test]# usermod -s /bin/bash think [root@larrywen Desktop]# ssh think@192.168.1.11 think@192.168.1.11's password: Last login: Thu Jul 25 00:03:58 2013 from 192.168.1.1 [think@serv01 ~]$ [root@serv01 test]usermod -p #md5加密 [root@serv01 test]# grub-md5-crypt Password: Retype password: $1$9gmEH1$TxmCSmV4.uJTjCNVlqnBn. #修改用户think的密码 [root@serv01 test]# usermod -p '$1$9gmEH1$TxmCSmV4.uJTjCNVlqnBn.' think [root@serv01 test]# passwd think #修改think的密码,需要root用户 [root@serv01 test]# passwd think #用户think的密码失效的最小日期为3 [root@serv01 test]# passwd -n 3 think #用户think的密码失效的最小日期为0 [root@serv01 test]# passwd -n 0 think #用户失效的日期,此处设置为3天以后 [root@serv01 test]# passwd -i 3 think #修改用户think,2013-09-10过期 [root@serv01 test]# usermod -e "2013-09-10" think #用户think的密码失效的警告日期为3,3天后用户think在登录时将受到警告 [root@serv01 test]# passwd -w 3 think [root@serv01 test]# date Thu Jul 25 00:25:44 CST 2013 [root@serv01 test]# date -s "2013-07-25 16:26:44" Thu Jul 25 16:26:44 CST 2013 [root@serv01 test]# date Thu Jul 25 16:26:45 CST 2013 [root@serv01 test]# tail -n2 /etc/shadow think:$6$B0kGPvNc$xsRV5MLUUhbc1duBQNzKs8qX0FrrchETVv1Z0J5vzWF97wxGWPhYqgfFYpcCNOsldY2/KNAl7sNswovvsGawl1:15910:0:99999:7::: [root@serv01 test]# passwd think Changing password for user think. New password: BAD PASSWORD: it is based on a dictionary word BAD PASSWORD: is too simple Retype new password: passwd: all authentication tokens updated successfully. [root@serv01 test]# tail -n2 /etc/shadow think:$6$xuDtWPxr$9S2ZcJ0mn4CWXnUZqSZCxcgQz263gNH4dPoKrigwdgd9tuRQ07TkvvOvuDxlupnxjXIDjziIfWPs4txJJ3L2h1:15911:0:99999:7::: #15911:不需要自己修改 [root@serv01 test]# passwd --help [root@serv01 test]# passwd -n 3 think Adjusting aging data for user think. passwd: Success [root@serv01 test]# tail -n2 /etc/shadow think:$6$xuDtWPxr$9S2ZcJ0mn4CWXnUZqSZCxcgQz263gNH4dPoKrigwdgd9tuRQ07TkvvOvuDxlupnxjXIDjziIfWPs4txJJ3L2h1:15911:3:99999:7::: [root@larrywen Desktop]# ssh think@192.168.1.11 think@192.168.1.11's password: Last login: Thu Jul 25 00:04:23 2013 from 192.168.1.1 [think@serv01 ~]$ passwd Changing password for user think. Changing password for think. (current) UNIX password: You must wait longer to change your password passwd: Authentication token manipulation error [root@serv01 test]# passwd -n 0 think Adjusting aging data for user think. passwd: Success [think@serv01 ~]$ passwd Changing password for user think. Changing password for think. (current) UNIX password: New password: BAD PASSWORD: it is too simplistic/systematic New password: Retype new password: passwd: all authentication tokens updated successfully. [root@serv01 test]# date Thu Jul 25 16:33:27 CST 2013 [root@serv01 test]# date -s "2013-07-30" Tue Jul 30 00:00:00 CST 2013 passwd [root@serv01 test]# date -s "2013-08-25" [root@larrywen Desktop]# ssh think@192.168.1.11 think@192.168.1.11's password: Warning: your password will expire in 0 days Last login: Thu Jul 25 16:29:24 2013 from 192.168.1.1 [root@serv01 test]# date -s "2013-09-01" Sun Sep 1 00:00:00 CST 2013 [root@larrywen Desktop]# ssh think@192.168.1.11 think@192.168.1.11's password: You are required to change your password immediately (password aged) Last login: Tue Aug 20 00:00:28 2013 from 192.168.1.1 WARNING: Your password has expired. You must change your password now and login again! Changing password for user think. Changing password for think. (current) UNIX password: [root@serv01 test]# passwd -i 3 think Adjusting aging data for user think. passwd: Success [root@serv01 test]# tail -n1 /etc/shadow think:$6$7yd/Qbel$uAzY/GJKpo7J9aPOy62axAYvWK.tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1:15911:3:30:7:3:: [root@serv01 test]# usermod -f 10 think [root@serv01 test]# tail -n1 /etc/shadow think:$6$7yd/Qbel$uAzY/GJKpo7J9aPOy62axAYvWK.tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1:15911:3:30:7:10:: #修改过期时间 [root@serv01 test]# usermod -e "2013-09-10" think [root@serv01 test]# tail -n1 /etc/shadow think:$6$7yd/Qbel$uAzY/GJKpo7J9aPOy62axAYvWK.tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1:15911:3:30:7:10:15958: [root@serv01 test]# date Sun Sep 1 00:03:45 CST 2013 [root@serv01 test]# date -s "2013-09-20" Fri Sep 20 00:00:00 CST 2013 [root@larrywen Desktop]# ssh think@192.168.1.11 think@192.168.1.11's password: Your account has expired; please contact your system administrator Connection closed by 192.168.1.11 [root@serv01 test]# passwd --help Usage: passwd [OPTION...] <accountName> -k, --keep-tokens keep non-expired authentication tokens -d, --delete delete the password for the named account (root only) -l, --lock lock the named account (root only) -u, --unlock unlock the named account (root only) -f, --force force operation -x, --maximum=DAYS maximum password lifetime (root only) -n, --minimum=DAYS minimum password lifetime (root only) -w, --warning=DAYS number of days warning users receives before password expiration (root only) -i, --inactive=DAYS number of days after password expiration when an account becomes disabled (root only) -S, --status report password status on the named account (root only) --stdin read new tokens from stdin (root only) Help options: -?, --help Show this help message --usage Display brief usage message [root@serv01 test]# tail -n1 /etc/group linux:x:666: [root@serv01 test]# groupadd --help #添加oracle用户到编号为668的组 [root@serv01 test]# groupadd -g 667 oracle [root@serv01 test]# tail -n2 /etc/group linux:x:666: oracle:x:667: #创建用户时给用户添加组,可以使用组名或者组的编号 [root@serv01 test]# useradd -g oracle oracle01 [root@serv01 test]# useradd -g 667 oracle01 [root@serv01 test]# useradd -g oracle oracle01 [root@serv01 test]# id oracle01 uid=667(oracle01) gid=667(oracle) groups=667(oracle) #添加用户时加入到多个组 [root@serv01 test]# useradd -g oracle -G linux oracle01 [root@serv01 test]# usermod --help #添加用户oracle01到linux组 [root@serv01 test]# usermod -G linux oracle01 [root@serv01 test]# id oracle01 uid=667(oracle01) gid=667(oracle) groups=667(oracle),666(linux) [root@serv01 test]# tail -n2 /etc/group linux:x:666:oracle01 oracle:x:667: #主组 #添加组 [root@serv01 test]# groupadd dba [root@serv01 test]# tail -n2 /etc/group oracle:x:667: dba:x:668: #修改用户的主组 [root@serv01 test]# usermod -g dba oracle01 [root@serv01 test]# id oracle01 uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux) [root@serv01 test]# tail -n2 /etc/passwd oracle01:x:667:668::/home/oracle01:/bin/bash test:x:668:667::/home/test:/bin/bash [root@serv01 test]# id oracle01 uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux) #修改用户的副组,覆盖以前的 [root@serv01 test]# usermod -G oracle oracle01 [root@serv01 test]# id oracle01 uid=667(oracle01) gid=668(dba) groups=668(dba),667(oracle) #副组 #添加用户到多个组 [root@serv01 test]# usermod -G oracle,linux oracle01 [root@serv01 test]# id oracle01 uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux),667(oracle) [root@serv01 test]# usermod -G oracle oracle01 [root@serv01 test]# id oracle01 uid=667(oracle01) gid=668(dba) groups=668(dba),667(oracle) #添加到多个组,不会覆盖以前的副组 [root@serv01 test]# usermod -a -G linux oracle01 [root@serv01 test]# id oracle01 uid=667(oracle01) gid=668(dba) groups=668(dba),666(linux),667(oracle) #从oracle组里删除指定用户 [root@serv01 /]# gpasswd -d oracle01 oracle Removing user oracle01 from group oracle [root@serv01 /]# id oracle01 uid=667(oracle01) gid=666(linux) groups=666(linux) [root@serv01 /]# tail -n2 /etc/passwd think:x:666:666:this is linux admin:/rhome/think:/bin/bash oracle01:x:667:666::/home/oracle01:/bin/bash #删除用户,不加参数不删除主目录 [root@serv01 /]# userdel hongyi [root@serv01 /]# ls /home hongyi learning oracle01 #删除用户,并删除主目录 [root@serv01 /]# userdel -r oracle01 [root@serv01 /]# ls /home/ hongyi/ learning/ [root@serv01 /]# tail -n3 /etc/passwd avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin think:x:666:666:this is linux admin:/rhome/think:/bin/bash [root@serv01 /]# tail -n3 /etc/passwd avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin think:x:666:666:this is linux admin:/rhome/think:/bin/bash [root@serv01 /]# tail -n5 /etc/gruop tail: cannot open `/etc/gruop' for reading: No such file or directory [root@serv01 /]# tail -n5 /etc/group sshd:x:74: hink:x:500: linux:x:666: oracle:x:667: dba:x:668: [root@serv01 /]# userdel hongyi userdel: user 'hongyi' does not exist [root@serv01 /]# rm -rf /home/hongyi #删除组linux [root@serv01 /]# groupdel linux groupdel: cannot remove the primary group of user 'think' [root@serv01 /]# userdel -r think [root@serv01 /]# groupdel dba [root@serv01 /]# groupdel linux [root@serv01 /]# groupdel oracle #集群:指定编号,不重复 #不一样的机器ID保持一样 用户名保持一样 [root@serv01 /]# groupadd oracle [root@serv01 /]# groupadd linux [root@serv01 /]# groupadd dba [root@serv01 /]# tail -n3 /etc/group oracle:x:501: linux:x:502: dba:x:503: #一个用户属于多个组,添加到多个组 [root@serv01 /]# useradd -g oracle -G linux,dba zhink [root@serv01 /]# id zhink uid=500(zhink) gid=501(oracle) groups=501(oracle),502(linux),503(dba) [root@serv01 /]# groupadd admin [root@serv01 /]# groupadd oper [root@serv01 /]# usermod -a -G admin,oper zhink [root@serv01 /]# id zhink uid=500(zhink) gid=501(oracle) groups=501(oracle),502(linux),503(dba),504(admin),505(oper) [root@serv01 /]# tail -n1 /etc/group oper:x:505: #修改组的名字 [root@serv01 /]# groupmod -n opr oper [root@serv01 /]# tail -n1 /etc/group opr:x:505: #修改组的编号 [root@serv01 /]# tail -n1 /etc/group opr:x:505: [root@serv01 /]# groupmod -g 666 opr [root@serv01 /]# tail -n1 /etc/group opr:x:666: #一个组里添加多个成员 [root@serv01 /]# useradd -G admin hongyi Creating mailbox file: File exists [root@serv01 /]# id hongyi uid=501(hongyi) gid=667(hongyi) groups=667(hongyi),504(admin) [root@serv01 /]# useradd up01 [root@serv01 /]# useradd up02 [root@serv01 /]# useradd up03 [root@serv01 /]# tail -n10 /etc/group hink:x:500: oracle:x:501: linux:x:502:zhink dba:x:503:zhink admin:x:504:zhink,hongyi opr:x:666: hongyi:x:667: up01:x:668: up02:x:669: up03:x:670: #追加up01到admin组 [root@serv01 /]# gpasswd -a up01 admin Adding user up01 to group admin [root@serv01 /]# tail -n10 /etc/group hink:x:500: oracle:x:501: linux:x:502:zhink dba:x:503:zhink admin:x:504:zhink,hongyi,up01 opr:x:666: hongyi:x:667: up01:x:668: up02:x:669: up03:x:670: #添加多个用户到一个组里,会覆盖以前的 [root@serv01 /]# gpasswd -M up01,up02,up03 admin [root@serv01 /]# tail -n10 /etc/group hink:x:500: oracle:x:501: linux:x:502:zhink dba:x:503:zhink admin:x:504:up01,up02,up03 opr:x:666: hongyi:x:667: up01:x:668: up02:x:669: up03:x:670: rm -rf * #手动删除用户:逆向思维创建用户 #修改组的密码 [root@serv01 /]# tail -n1 /etc/gshadow linux:!::zhink [root@serv01 /]# gpasswd linux Changing the password for group linux New Password: Re-enter new password: [root@serv01 /]# tail -n1 /etc/gshadow linux:$6$Qkm/5/Xju/N/U$cmxuQ0KEcDJzISIhlhEaAkKi/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3.UAmiS/kQzjrnBs7Kbg7DriXaCJ1::zhink useradd zhink passwd zhink #以zhink用户登录 [root@larrywen Desktop]# ssh zhink@192.168.1.11 zhink@192.168.1.11's password: #修改zhink用户到linux组 [zhink@serv01 ~]$ newgrp linux Password: Invalid password. #RHEL5支持添加到其他组需要密码,6不支持 #修改用户up01到linux组,成为该组的管理员 [root@serv01 /]# gpasswd -A up01 linux [root@serv01 /]# tail -n1 /etc/gshadow linux:$6$Qkm/5/Xju/N/U$cmxuQ0KEcDJzISIhlhEaAkKi/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3.UAmiS/kQzjrnBs7Kbg7DriXaCJ1:up01: [root@serv01 /]# passwd up01 #以up01用户登录,然后把zhink添加到linux组 [root@larrywen Desktop]# ssh up01@192.168.1.11 up01@192.168.1.11's password: [up01@serv01 ~]$ gpasswd -a zhink linux Adding user zhink to group linux [up01@serv01 ~]$ id zhink uid=500(zhink) gid=501(oracle) groups=501(oracle),502(linux),503(dba) [root@serv01 /]# tail -n1 /etc/gshadow linux:$6$Qkm/5/Xju/N/U$cmxuQ0KEcDJzISIhlhEaAkKi/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3.UAmiS/kQzjrnBs7Kbg7DriXaCJ1:up01:zhink #修改up02的密码 [root@serv01 /]# passwd up02 [root@larrywen Desktop]# ssh up02@192.168.1.11 #以up02登录,然后将zhink添加到linux组,发现失败 up02@192.168.1.11's password: [up02@serv01 ~]$ id zhink uid=500(zhink) gid=501(oracle) groups=501(oracle),502(linux),503(dba) [up02@serv01 ~]$ gpasswd -a zhink linux gpasswd: Permission denied. #添加用户时的定义 [root@serv01 /]# vim /etc/default/useradd [root@serv01 etc]# ls -l /var/mail /var/spool/mail/ -id 417 lrwxrwxrwx. 1 root root 10 Jul 23 00:54 /var/mail -> spool/mail 424 drwxrwxr-x. 2 root mail 4096 Sep 20 17:37 /var/spool/mail/
我的邮箱:wgbno27@163.com 新浪微博:@Wentasy27 微信公众平台:JustOracle(微信号:justoracle) 数据库技术交流群:336882565(加群时验证 From CSDN XXX) Oracle交流讨论组:https://groups.google.com/d/forum/justoracle By Larry Wen
@Wentasy 博文仅供参考,欢迎大家来访。如有错误之处,希望批评指正。原创博文如需转载请注明出处,谢谢 :) [CSDN博客] |