Linux 账户信息显示和实现账户安全
一.账户信息显示
1.groups命令
使用groups命令可以显示指定用户账户的组群成员身份。
[root@redhat2 ~]# groups --help
Usage: groups [OPTION]... [USERNAME]...
Print group memberships for each USERNAME or, if no USERNAME is specified, for
the current process (which may differ if the groups database has changed).
--help display this help and exit
--version output version information and exit
Report groups bugs to bug-coreutils@gnu.org
GNU coreutils home page: <http://www.gnu.org/software/coreutils/>
General help using GNU software: <http://www.gnu.org/gethelp/>
For complete documentation, run: info coreutils 'groups invocation
例:查看用户zhang是属于哪些组群的成员。
[root@redhat2 ~]# groups zhang
zhang : zhang zhangsan
[root@redhat2 ~]#
//可以看到用户zhang是属于zhang组群和zhangsan组群的用户。
2.id命令
使用id命令可以显示用户的ID以及该用户所属组群的GID。
[root@redhat2 ~]# id --help
Usage: id [OPTION]... [USERNAME]
Print user and group information for the specified USERNAME,
or (when USERNAME omitted) for the current user.
-a ignore, for compatibility with other versions
-Z, --context print only the security context of the current user
-g, --group print only the effective group ID
-G, --groups print all group IDs
-n, --name print a name instead of a number, for -ugG
-r, --real print the real ID instead of the effective ID, with -ugG
-u, --user print only the effective user ID
--help display this help and exit
--version output version information and exit
Without any OPTION, print some useful set of identified information.
Report id bugs to bug-coreutils@gnu.org
GNU coreutils home page: <http://www.gnu.org/software/coreutils/>
General help using GNU software: <http://www.gnu.org/gethelp/>
For complete documentation, run: info coreutils 'id invocation'
[root@redhat2 ~]#
例1:查询用户zhang的UID、GID以及归属组群的情况。
[root@redhat2 ~]# id zhang
uid=513(zhang) gid=513(zhang) groups=513(zhang),501(zhangsan)
[root@redhat2 ~]#
//用户zhang的UID是513,默认组群是zhang,默认用户组群的GID是513,归属于zhang和zhangsan组群。
例2:显示用户zhang所属主组群的GID。
[root@redhat2 ~]# id -g zhang
513
[root@redhat2 ~]#
例3:显示用户zhang所属组群的GID。
[root@redhat2 ~]# id -G zhang
513 501
[root@redhat2 ~]#
//可以看到用户zhang所属组群的GID是513和501。
例4:显示用户zhang的UID。
[root@redhat2 ~]# id -u zhang
513
[root@redhat2 ~]#
//可以看到用户zhang的UID是513。
3.W命令
使用W命令可以详细查询已登录当前计算机的用户。
例1:显示已登录当前计算机的用户详细信息。
4.who命令
使用who命令可以显示已登录当前计算机用户的简单信息。
[root@redhat2 ~]# who
root pts/0 2015-01-14 04:35 (192.168.12.1)
[root@redhat2 ~]#
5.chage
在linux系统中可以使用chage命令管理用户口令的时效,防止用户口令由于长时间使用而导致泄露,或是被黑客破解口令而受到攻击。
[root@redhat2 ~]# chage
Usage: chage [options] [LOGIN]
Options:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximim number of days before password change to MAX_DAYS
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
[root@redhat2 ~]#
例:显示用户zhang当前口令失效的信息。
[root@redhat2 ~]# chage -l zhang
Last password change : Jan 13, 2015
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@redhat2 ~]#