第二十一天--学习笔记
第二十一天--学习笔记
家目录特殊文件
history命令讲解
[root@master ~]# ls
1.txt anaconda-ks.cfg CentOS6-Base-163.repo hosts motd nwq1.6.sh profile test.txt
[root@master ~]# ls -a
. .1.txt.swp .bash_logout CentOS6-Base-163.repo motd .ssh .viminfo
.. anaconda-ks.cfg .bash_profile .cshrc nwq1.6.sh .tcshrc
1.txt .bash_history .bashrc hosts profile test.txt
root@master ~]# cat .bash_history
sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config
systemctl disable --now firewalld
yum -y install autofs
systemctl enable --now autofs
sed -ri '/GRUB_CMDLINE_LINUX=/s#(.*)"$#\1 net.ifnames=0"#' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
ip a
cd /etc
ip a
vi hosts
ping node
ping 10.0.0.164
vi 1.txt
ls
echo "hello world\!" > test.txt
vi test.txt
yum install cowsay
yum -y install wget
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget http://mirrors.163.com/.help/CentOS6-Base-163.repo
yum clean all
yum makecache
yum -y update
yum -y install cowsay
nano motd
yum -y install nano
nano motd
reboot
cd /etc/profile
cd /etc/profile/
cd /etc/profile
cd /etc/profile/
cd /etc
ls
vi profile
reboot
vi profile
cd /etc/
ls
vi profile
vi 1.sh
sh 1.sh
vi 1.sh
vi motd
reboot
nano /etc/motd
reboot
exit
ip a
nmtui
ip a
systemctl restart network
export LANG="en_US";export LANGUAGE="en_US";export LC_ALL="en_US";top
sudo systemctl restart network
ip a
sudo service network restart
ip a
reboot
ip a
.bash_history 历史记录命令文件,如果以后入职了,可以把这个文件拷贝出来,分析上个运维他平时操作的命令 分析他的工作流程
.bash_history 这个里面全都是执行过的历史命令,历史记录命令文件
保存方式
1.保存到内存中
history -c 清除命令
useradd zhangsan;echo 1|passwd --studin zhangsan
cat /etc/passwd 用户信息 常用
文件分析
root :x :0 :0 :root :/root :/bin/bash
1 2 3 4 5 6 7
用户名称 密码信息 uid信息 gid信息 注释信息 家目录 登录方式
:/bin/bash 通用解释器
:/sbin/nologin 不能登录系统
创建用户不能登录系统
[root@master ~]# useradd lisi -M -s /sbin/nologin
[root@master ~]# passwd lisi
Changing password for user lisi.
New password:
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.
[root@master ~]# su lisi
This account is currently not available.
命令注解
useradd lisi -M -s /sbin/nologin
-M 不创建家目录
-s 使用什么方式登录
命令 `useradd lisi -M -s /sbin/nologin` 的作用是在Linux系统中创建一个新的用户账户 `lisi`,并对其进行了特定的权限限制:
- `-M`:这个选项告诉 `useradd` 命令不要为新用户创建家目录(home directory)。在没有家目录的情况下,用户通常无法登录到系统,也无法在其家目录下存放个人文件。
- `-s /sbin/nologin`:指定用户的默认shell为 `/sbin/nologin`,这是一个特殊shell,不允许用户登录。当用户尝试登录时,系统会显示一个错误消息,告知用户无法登录。
综上,执行这条命令后,系统会创建一个名为 `lisi` 的用户,但该用户没有家目录,且不能通过shell登录系统。这类用户常见于仅需执行后台任务,不需要进行交互式登录的场景。
cat /etc/shadow 密码信息
cat /etc/group 组用户记录信息
cat /etc/gshadow 组用户密码信息
[root@master ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
wang:x:1000:1000:wang:/home/wang:/bin/bash
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
it101:x:1001:1001::/home/it101:/bin/bash
it1:x:1002:1002::/home/it1:/bin/bash
it2:x:1003:1003::/home/it2:/bin/bash
it3:x:1004:1004::/home/it3:/bin/bash
it4:x:1005:1005::/home/it4:/bin/bash
it5:x:1006:1006::/home/it5:/bin/bash
it6:x:1007:1007::/home/it6:/bin/bash
it7:x:1008:1008::/home/it7:/bin/bash
it8:x:1009:1009::/home/it8:/bin/bash
it9:x:1010:1010::/home/it9:/bin/bash
it10:x:1011:1011::/home/it10:/bin/bash
it11:x:1012:1012::/home/it11:/bin/bash
it12:x:1013:1013::/home/it12:/bin/bash
it13:x:1014:1014::/home/it13:/bin/bash
it14:x:1015:1015::/home/it14:/bin/bash
it15:x:1016:1016::/home/it15:/bin/bash
it16:x:1017:1017::/home/it16:/bin/bash
it17:x:1018:1018::/home/it17:/bin/bash
it18:x:1019:1019::/home/it18:/bin/bash
it19:x:1020:1020::/home/it19:/bin/bash
it20:x:1021:1021::/home/it20:/bin/bash
it21:x:1022:1022::/home/it21:/bin/bash
it22:x:1023:1023::/home/it22:/bin/bash
it23:x:1024:1024::/home/it23:/bin/bash
it24:x:1025:1025::/home/it24:/bin/bash
it25:x:1026:1026::/home/it25:/bin/bash
it26:x:1027:1027::/home/it26:/bin/bash
it27:x:1028:1028::/home/it27:/bin/bash
it28:x:1029:1029::/home/it28:/bin/bash
it29:x:1030:1030::/home/it29:/bin/bash
it30:x:1031:1031::/home/it30:/bin/bash
it31:x:1032:1032::/home/it31:/bin/bash
it32:x:1033:1033::/home/it32:/bin/bash
it33:x:1034:1034::/home/it33:/bin/bash
it34:x:1035:1035::/home/it34:/bin/bash
it35:x:1036:1036::/home/it35:/bin/bash
it36:x:1037:1037::/home/it36:/bin/bash
it37:x:1038:1038::/home/it37:/bin/bash
it38:x:1039:1039::/home/it38:/bin/bash
it39:x:1040:1040::/home/it39:/bin/bash
it40:x:1041:1041::/home/it40:/bin/bash
it41:x:1042:1042::/home/it41:/bin/bash
it42:x:1043:1043::/home/it42:/bin/bash
it43:x:1044:1044::/home/it43:/bin/bash
it44:x:1045:1045::/home/it44:/bin/bash
it45:x:1046:1046::/home/it45:/bin/bash
it46:x:1047:1047::/home/it46:/bin/bash
it47:x:1048:1048::/home/it47:/bin/bash
it48:x:1049:1049::/home/it48:/bin/bash
it49:x:1050:1050::/home/it49:/bin/bash
it50:x:1051:1051::/home/it50:/bin/bash
it51:x:1052:1052::/home/it51:/bin/bash
it52:x:1053:1053::/home/it52:/bin/bash
it53:x:1054:1054::/home/it53:/bin/bash
it54:x:1055:1055::/home/it54:/bin/bash
it55:x:1056:1056::/home/it55:/bin/bash
it56:x:1057:1057::/home/it56:/bin/bash
it57:x:1058:1058::/home/it57:/bin/bash
it58:x:1059:1059::/home/it58:/bin/bash
it59:x:1060:1060::/home/it59:/bin/bash
it60:x:1061:1061::/home/it60:/bin/bash
it61:x:1062:1062::/home/it61:/bin/bash
it62:x:1063:1063::/home/it62:/bin/bash
it63:x:1064:1064::/home/it63:/bin/bash
it64:x:1065:1065::/home/it64:/bin/bash
it65:x:1066:1066::/home/it65:/bin/bash
it66:x:1067:1067::/home/it66:/bin/bash
it67:x:1068:1068::/home/it67:/bin/bash
it68:x:1069:1069::/home/it68:/bin/bash
it69:x:1070:1070::/home/it69:/bin/bash
it70:x:1071:1071::/home/it70:/bin/bash
it71:x:1072:1072::/home/it71:/bin/bash
it72:x:1073:1073::/home/it72:/bin/bash
it73:x:1074:1074::/home/it73:/bin/bash
it74:x:1075:1075::/home/it74:/bin/bash
it75:x:1076:1076::/home/it75:/bin/bash
it76:x:1077:1077::/home/it76:/bin/bash
it77:x:1078:1078::/home/it77:/bin/bash
it78:x:1079:1079::/home/it78:/bin/bash
it79:x:1080:1080::/home/it79:/bin/bash
it80:x:1081:1081::/home/it80:/bin/bash
it81:x:1082:1082::/home/it81:/bin/bash
it82:x:1083:1083::/home/it82:/bin/bash
it83:x:1084:1084::/home/it83:/bin/bash
it84:x:1085:1085::/home/it84:/bin/bash
it85:x:1086:1086::/home/it85:/bin/bash
it86:x:1087:1087::/home/it86:/bin/bash
it87:x:1088:1088::/home/it87:/bin/bash
it88:x:1089:1089::/home/it88:/bin/bash
it89:x:1090:1090::/home/it89:/bin/bash
it90:x:1091:1091::/home/it90:/bin/bash
it91:x:1092:1092::/home/it91:/bin/bash
it92:x:1093:1093::/home/it92:/bin/bash
it93:x:1094:1094::/home/it93:/bin/bash
it94:x:1095:1095::/home/it94:/bin/bash
it95:x:1096:1096::/home/it95:/bin/bash
it96:x:1097:1097::/home/it96:/bin/bash
it97:x:1098:1098::/home/it97:/bin/bash
it98:x:1099:1099::/home/it98:/bin/bash
it99:x:1100:1100::/home/it99:/bin/bash
it100:x:1101:1101::/home/it100:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
rsync:x:1102:1103::/home/rsync:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
it1001:x:1103:1104::/home/it1001:/bin/bash
zhangsan:x:1104:1105::/home/zhangsan:/bin/bash
[root@master ~]# cat /etc/shadow
root:$6$Th52OG2jlLioutNL$aDKiqAhLyqP/GeAaNqsbbhDsijSY/N20t39SSSannKEBmv6UeOzr/rNHmSbjRIegikni9ZTChJHfXcdnwg1j20:19782:0:99999:7:::
bin:*:16372:0:99999:7:::
daemon:*:16372:0:99999:7:::
adm:*:16372:0:99999:7:::
lp:*:16372:0:99999:7:::
sync:*:16372:0:99999:7:::
shutdown:*:16372:0:99999:7:::
halt:*:16372:0:99999:7:::
mail:*:16372:0:99999:7:::
operator:*:16372:0:99999:7:::
games:*:16372:0:99999:7:::
ftp:*:16372:0:99999:7:::
nobody:*:16372:0:99999:7:::
avahi-autoipd:!!:19782::::::
dbus:!!:19782::::::
polkitd:!!:19782::::::
tss:!!:19782::::::
postfix:!!:19782::::::
sshd:!!:19782::::::
wang:$6$mvq3bieSJVmYpW6f$Z0oyjNCGKgWOZtLxfOWXXyRpb1u2HTc1VIILuHh1Ydmofu.gqjwmB90BW9IL05AmxWNERwG5b8QMKAh1sFCeB.:19782:0:99999:7:::
systemd-network:!!:19782::::::
it101:$6$4MCLHUeN$4O7uoGoWasokxGea8SfMSYSBZL8CpBIQjeF0e4B1k6DPiZ9wRQCqOSYk6t556VHaqA0mJLPGKizoFBUeCHCdf/:19791:0:99999:7:::
it1:!!:19791:0:99999:7:::
it2:!!:19791:0:99999:7:::
it3:!!:19791:0:99999:7:::
it4:!!:19791:0:99999:7:::
it5:!!:19791:0:99999:7:::
it6:!!:19791:0:99999:7:::
it7:!!:19791:0:99999:7:::
it8:!!:19791:0:99999:7:::
it9:!!:19791:0:99999:7:::
it10:!!:19791:0:99999:7:::
it11:!!:19791:0:99999:7:::
it12:!!:19791:0:99999:7:::
it13:!!:19791:0:99999:7:::
it14:!!:19791:0:99999:7:::
it15:!!:19791:0:99999:7:::
it16:!!:19791:0:99999:7:::
it17:!!:19791:0:99999:7:::
it18:!!:19791:0:99999:7:::
it19:!!:19791:0:99999:7:::
it20:!!:19791:0:99999:7:::
it21:!!:19791:0:99999:7:::
it22:!!:19791:0:99999:7:::
it23:!!:19791:0:99999:7:::
it24:!!:19791:0:99999:7:::
it25:!!:19791:0:99999:7:::
it26:!!:19791:0:99999:7:::
it27:!!:19791:0:99999:7:::
it28:!!:19791:0:99999:7:::
it29:!!:19791:0:99999:7:::
it30:!!:19791:0:99999:7:::
it31:!!:19791:0:99999:7:::
it32:!!:19791:0:99999:7:::
it33:!!:19791:0:99999:7:::
it34:!!:19791:0:99999:7:::
it35:!!:19791:0:99999:7:::
it36:!!:19791:0:99999:7:::
it37:!!:19791:0:99999:7:::
it38:!!:19791:0:99999:7:::
it39:!!:19791:0:99999:7:::
it40:!!:19791:0:99999:7:::
it41:!!:19791:0:99999:7:::
it42:!!:19791:0:99999:7:::
it43:!!:19791:0:99999:7:::
it44:!!:19791:0:99999:7:::
it45:!!:19791:0:99999:7:::
it46:!!:19791:0:99999:7:::
it47:!!:19791:0:99999:7:::
it48:!!:19791:0:99999:7:::
it49:!!:19791:0:99999:7:::
it50:!!:19791:0:99999:7:::
it51:!!:19791:0:99999:7:::
it52:!!:19791:0:99999:7:::
it53:!!:19791:0:99999:7:::
it54:!!:19791:0:99999:7:::
it55:!!:19791:0:99999:7:::
it56:!!:19791:0:99999:7:::
it57:!!:19791:0:99999:7:::
it58:!!:19791:0:99999:7:::
it59:!!:19791:0:99999:7:::
it60:!!:19791:0:99999:7:::
it61:!!:19791:0:99999:7:::
it62:!!:19791:0:99999:7:::
it63:!!:19791:0:99999:7:::
it64:!!:19791:0:99999:7:::
it65:!!:19791:0:99999:7:::
it66:!!:19791:0:99999:7:::
it67:!!:19791:0:99999:7:::
it68:!!:19791:0:99999:7:::
it69:!!:19791:0:99999:7:::
it70:!!:19791:0:99999:7:::
it71:!!:19791:0:99999:7:::
it72:!!:19791:0:99999:7:::
it73:!!:19791:0:99999:7:::
it74:!!:19791:0:99999:7:::
it75:!!:19791:0:99999:7:::
it76:!!:19791:0:99999:7:::
it77:!!:19791:0:99999:7:::
it78:!!:19791:0:99999:7:::
it79:!!:19791:0:99999:7:::
it80:!!:19791:0:99999:7:::
it81:!!:19791:0:99999:7:::
it82:!!:19791:0:99999:7:::
it83:!!:19791:0:99999:7:::
it84:!!:19791:0:99999:7:::
it85:!!:19791:0:99999:7:::
it86:!!:19791:0:99999:7:::
it87:!!:19791:0:99999:7:::
it88:!!:19791:0:99999:7:::
it89:!!:19791:0:99999:7:::
it90:!!:19791:0:99999:7:::
it91:!!:19791:0:99999:7:::
it92:!!:19791:0:99999:7:::
it93:!!:19791:0:99999:7:::
it94:!!:19791:0:99999:7:::
it95:!!:19791:0:99999:7:::
it96:!!:19791:0:99999:7:::
it97:!!:19791:0:99999:7:::
it98:!!:19791:0:99999:7:::
it99:!!:19791:0:99999:7:::
it100:!!:19791:0:99999:7:::
apache:!!:19791::::::
rsync:!!:19799:0:99999:7:::
rpc:!!:19800:0:99999:7:::
rpcuser:!!:19800::::::
nfsnobody:!!:19800::::::
it1001:!!:19800:0:99999:7:::
zhangsan:!!:19800:0:99999:7:::
cat /etc/group
[root@master ~]# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:postfix
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:30:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
avahi-autoipd:x:170:
ssh_keys:x:999:
systemd-journal:x:190:
dbus:x:81:
polkitd:x:998:
tss:x:59:
dip:x:40:
postdrop:x:90:
postfix:x:89:
sshd:x:74:
wang:x:1000:wang
input:x:997:
systemd-network:x:192:
it101:x:1001:
it1:x:1002:
it2:x:1003:
it3:x:1004:
it4:x:1005:
it5:x:1006:
it6:x:1007:
it7:x:1008:
it8:x:1009:
it9:x:1010:
it10:x:1011:
it11:x:1012:
it12:x:1013:
it13:x:1014:
it14:x:1015:
it15:x:1016:
it16:x:1017:
it17:x:1018:
it18:x:1019:
it19:x:1020:
it20:x:1021:
it21:x:1022:
it22:x:1023:
it23:x:1024:
it24:x:1025:
it25:x:1026:
it26:x:1027:
it27:x:1028:
it28:x:1029:
it29:x:1030:
it30:x:1031:
it31:x:1032:
it32:x:1033:
it33:x:1034:
it34:x:1035:
it35:x:1036:
it36:x:1037:
it37:x:1038:
it38:x:1039:
it39:x:1040:
it40:x:1041:
it41:x:1042:
it42:x:1043:
it43:x:1044:
it44:x:1045:
it45:x:1046:
it46:x:1047:
it47:x:1048:
it48:x:1049:
it49:x:1050:
it50:x:1051:
it51:x:1052:
it52:x:1053:
it53:x:1054:
it54:x:1055:
it55:x:1056:
it56:x:1057:
it57:x:1058:
it58:x:1059:
it59:x:1060:
it60:x:1061:
it61:x:1062:
it62:x:1063:
it63:x:1064:
it64:x:1065:
it65:x:1066:
it66:x:1067:
it67:x:1068:
it68:x:1069:
it69:x:1070:
it70:x:1071:
it71:x:1072:
it72:x:1073:
it73:x:1074:
it74:x:1075:
it75:x:1076:
it76:x:1077:
it77:x:1078:
it78:x:1079:
it79:x:1080:
it80:x:1081:
it81:x:1082:
it82:x:1083:
it83:x:1084:
it84:x:1085:
it85:x:1086:
it86:x:1087:
it87:x:1088:
it88:x:1089:
it89:x:1090:
it90:x:1091:
it91:x:1092:
it92:x:1093:
it93:x:1094:
it94:x:1095:
it95:x:1096:
it96:x:1097:
it97:x:1098:
it98:x:1099:
it99:x:1100:
it100:x:1101:
test:x:1102:
apache:x:48:
rsync:x:1103:
rpc:x:32:
rpcuser:x:29:
nfsnobody:x:65534:
it1001:x:1104:
zhangsan:x:1105:
[root@master ~]# cat /etc/gshadow
root:::
bin:::
daemon:::
sys:::
adm:::
tty:::
disk:::
lp:::
mem:::
kmem:::
wheel:::
cdrom:::
mail:::postfix
man:::
dialout:::
floppy:::
games:::
tape:::
video:::
ftp:::
lock:::
audio:::
nobody:::
users:::
utmp:!::
utempter:!::
avahi-autoipd:!::
ssh_keys:!::
systemd-journal:!::
dbus:!::
polkitd:!::
tss:!::
dip:!::
postdrop:!::
postfix:!::
sshd:!::
wang:!!::wang
input:!::
systemd-network:!::
it101:!::
it1:!::
it2:!::
it3:!::
it4:!::
it5:!::
it6:!::
it7:!::
it8:!::
it9:!::
it10:!::
it11:!::
it12:!::
it13:!::
it14:!::
it15:!::
it16:!::
it17:!::
it18:!::
it19:!::
it20:!::
it21:!::
it22:!::
it23:!::
it24:!::
it25:!::
it26:!::
it27:!::
it28:!::
it29:!::
it30:!::
it31:!::
it32:!::
it33:!::
it34:!::
it35:!::
it36:!::
it37:!::
it38:!::
it39:!::
it40:!::
it41:!::
it42:!::
it43:!::
it44:!::
it45:!::
it46:!::
it47:!::
it48:!::
it49:!::
it50:!::
it51:!::
it52:!::
it53:!::
it54:!::
it55:!::
it56:!::
it57:!::
it58:!::
it59:!::
it60:!::
it61:!::
it62:!::
it63:!::
it64:!::
it65:!::
it66:!::
it67:!::
it68:!::
it69:!::
it70:!::
it71:!::
it72:!::
it73:!::
it74:!::
it75:!::
it76:!::
it77:!::
it78:!::
it79:!::
it80:!::
it81:!::
it82:!::
it83:!::
it84:!::
it85:!::
it86:!::
it87:!::
it88:!::
it89:!::
it90:!::
it91:!::
it92:!::
it93:!::
it94:!::
it95:!::
it96:!::
it97:!::
it98:!::
it99:!::
it100:!::
test:!::
apache:!::
rsync:!::
rpc:!::
rpcuser:!::
nfsnobody:!::
it1001:!::
zhangsan:!::
usermod 修改用户信息
-c<备注>:修改用户帐号的备注文字;
-d<登入目录>:修改用户登入时的目录;
-e<有效期限>:修改帐号的有效期限;
-f<缓冲天数>:修改在密码过期后多少天即关闭该帐号;
-g<群组>:修改用户所属的群组;
-G<群组>;修改用户所属的附加群组;
-l<帐号名称>:修改用户帐号名称;
-L:锁定用户密码,使密码无效;
-s<shell>:修改用户登入后所使用的shell;
-u<uid>:修改用户ID;
-U:解除密码锁定。
usermod -s 参数 修改登录方式
usermod -g 参数 修改用户组
usermod -G 参数 修改用户附属组
usermod -c 参数 修改注释信息
需:1:设置liqiang用户不能登录
没有的话可以先创建 useradd liqiang;echo 1|passwd --studin 123
创建成功以后查看一下有没有创建成功
cat /etc/passwd
看一下能不能登录
su liqiang
修改他的权限
usermod liqiang -s /sbin/nolgoin
设置完之后 看一下他能不能登录
[root@master ~]# su liqiang
This account is currently not available.
登录不了了
需求2:设置wangwu为kaifa组
如果没有kaifa组 可以创建一个
groupadd kaifa
useradd wangwu
usermod wangwu -g kaifa
查看他的组变了没有
id wangwu
具体实现效果
[root@master ~]# useradd wangwu
[root@master ~]# groupadd kaifa
[root@master ~]# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:postfix
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:30:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
avahi-autoipd:x:170:
ssh_keys:x:999:
systemd-journal:x:190:
dbus:x:81:
polkitd:x:998:
tss:x:59:
dip:x:40:
postdrop:x:90:
postfix:x:89:
sshd:x:74:
wang:x:1000:wang
input:x:997:
systemd-network:x:192:
it101:x:1001:
it1:x:1002:
it2:x:1003:
it3:x:1004:
it4:x:1005:
it5:x:1006:
it6:x:1007:
it7:x:1008:
it8:x:1009:
it9:x:1010:
it10:x:1011:
it11:x:1012:
it12:x:1013:
it13:x:1014:
it14:x:1015:
it15:x:1016:
it16:x:1017:
it17:x:1018:
it18:x:1019:
it19:x:1020:
it20:x:1021:
it21:x:1022:
it22:x:1023:
it23:x:1024:
it24:x:1025:
it25:x:1026:
it26:x:1027:
it27:x:1028:
it28:x:1029:
it29:x:1030:
it30:x:1031:
it31:x:1032:
it32:x:1033:
it33:x:1034:
it34:x:1035:
it35:x:1036:
it36:x:1037:
it37:x:1038:
it38:x:1039:
it39:x:1040:
it40:x:1041:
it41:x:1042:
it42:x:1043:
it43:x:1044:
it44:x:1045:
it45:x:1046:
it46:x:1047:
it47:x:1048:
it48:x:1049:
it49:x:1050:
it50:x:1051:
it51:x:1052:
it52:x:1053:
it53:x:1054:
it54:x:1055:
it55:x:1056:
it56:x:1057:
it57:x:1058:
it58:x:1059:
it59:x:1060:
it60:x:1061:
it61:x:1062:
it62:x:1063:
it63:x:1064:
it64:x:1065:
it65:x:1066:
it66:x:1067:
it67:x:1068:
it68:x:1069:
it69:x:1070:
it70:x:1071:
it71:x:1072:
it72:x:1073:
it73:x:1074:
it74:x:1075:
it75:x:1076:
it76:x:1077:
it77:x:1078:
it78:x:1079:
it79:x:1080:
it80:x:1081:
it81:x:1082:
it82:x:1083:
it83:x:1084:
it84:x:1085:
it85:x:1086:
it86:x:1087:
it87:x:1088:
it88:x:1089:
it89:x:1090:
it90:x:1091:
it91:x:1092:
it92:x:1093:
it93:x:1094:
it94:x:1095:
it95:x:1096:
it96:x:1097:
it97:x:1098:
it98:x:1099:
it99:x:1100:
it100:x:1101:
test:x:1102:
apache:x:48:
rsync:x:1103:
rpc:x:32:
rpcuser:x:29:
nfsnobody:x:65534:
it1001:x:1104:
zhangsan:x:1105:
lisi:x:1106:
liqiang:x:1107:
wangwu:x:1108:
kaifa:x:1109:
[root@master ~]# usermod wangwu -g kaifa
[root@master ~]# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:postfix
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:30:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
avahi-autoipd:x:170:
ssh_keys:x:999:
systemd-journal:x:190:
dbus:x:81:
polkitd:x:998:
tss:x:59:
dip:x:40:
postdrop:x:90:
postfix:x:89:
sshd:x:74:
wang:x:1000:wang
input:x:997:
systemd-network:x:192:
it101:x:1001:
it1:x:1002:
it2:x:1003:
it3:x:1004:
it4:x:1005:
it5:x:1006:
it6:x:1007:
it7:x:1008:
it8:x:1009:
it9:x:1010:
it10:x:1011:
it11:x:1012:
it12:x:1013:
it13:x:1014:
it14:x:1015:
it15:x:1016:
it16:x:1017:
it17:x:1018:
it18:x:1019:
it19:x:1020:
it20:x:1021:
it21:x:1022:
it22:x:1023:
it23:x:1024:
it24:x:1025:
it25:x:1026:
it26:x:1027:
it27:x:1028:
it28:x:1029:
it29:x:1030:
it30:x:1031:
it31:x:1032:
it32:x:1033:
it33:x:1034:
it34:x:1035:
it35:x:1036:
it36:x:1037:
it37:x:1038:
it38:x:1039:
it39:x:1040:
it40:x:1041:
it41:x:1042:
it42:x:1043:
it43:x:1044:
it44:x:1045:
it45:x:1046:
it46:x:1047:
it47:x:1048:
it48:x:1049:
it49:x:1050:
it50:x:1051:
it51:x:1052:
it52:x:1053:
it53:x:1054:
it54:x:1055:
it55:x:1056:
it56:x:1057:
it57:x:1058:
it58:x:1059:
it59:x:1060:
it60:x:1061:
it61:x:1062:
it62:x:1063:
it63:x:1064:
it64:x:1065:
it65:x:1066:
it66:x:1067:
it67:x:1068:
it68:x:1069:
it69:x:1070:
it70:x:1071:
it71:x:1072:
it72:x:1073:
it73:x:1074:
it74:x:1075:
it75:x:1076:
it76:x:1077:
it77:x:1078:
it78:x:1079:
it79:x:1080:
it80:x:1081:
it81:x:1082:
it82:x:1083:
it83:x:1084:
it84:x:1085:
it85:x:1086:
it86:x:1087:
it87:x:1088:
it88:x:1089:
it89:x:1090:
it90:x:1091:
it91:x:1092:
it92:x:1093:
it93:x:1094:
it94:x:1095:
it95:x:1096:
it96:x:1097:
it97:x:1098:
it98:x:1099:
it99:x:1100:
it100:x:1101:
test:x:1102:
apache:x:48:
rsync:x:1103:
rpc:x:32:
rpcuser:x:29:
nfsnobody:x:65534:
it1001:x:1104:
zhangsan:x:1105:
lisi:x:1106:
liqiang:x:1107:
wangwu:x:1108:
kaifa:x:1109:
[root@master ~]# id wangwu
uid=1107(wangwu) gid=1109(kaifa) groups=1109(kaifa)
回顾重点
创建用户和密码
方式一
useradd zhang
useradd zhang1
echo 1|passwd -studin zhang1
方式二
useradd zhang;echo 1|passwd --studin zhang
[root@master ~]# useradd zhang
[root@master ~]# passwd zhang
Changing password for user zhang.
New password:
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.
[root@master ~]# useradd zhang1
[root@master ~]# echo 1|passwd -studin zhang1
passwd: bad argument -studin: unknown option
-f:强制删除用户,即使用户当前已登录;
-r:删除用户的同时,删除与用户相关的所有文件
userdel
-r 用户和家目录全部删掉
-f:强制删除用户,即使用户当前已登录;
-r:删除用户的同时,删除与用户相关的所有文件
需求 :删除laosan用户所在的用户组laoliu 都删掉
如果没有laoliu组,先创建
groupadd laoliu
没有老三用户也要创建
useradd laosan
修改到老三用户到laoliu组
usermod laosan -g laoliu
查看所属组
id laosan
切换一下是不是可以登录,同时查看一下目录文件下是不是有laoliu组和老三用户
su laosan
cat /etc/passwd
cat /etc/gruop
id laosan
最后我们就删除他
userdel -r laosan
-r 用户和家目录全部删掉
测试效果
[root@master ~]# id laosan
id: laosan: no such user
可以看到没有这个用户了 自然也就没有所属组了
groupadd:创建组用户
-g:指定新建工作组的id;
-r:创建系统工作组,系统工作组的组ID小于500;
-K:覆盖配置文件“/ect/login.defs”;
-o:允许添加组ID号不唯一的工作组。
[root@master ~]# groupadd renshi
[root@master ~]# useradd lijun -g renshi
[root@master ~]# id lijun
uid=1110(lijun) gid=1114(renshi) groups=1114(renshi)
chown: 属主属组改变
-c或——changes:效果类似“-v”参数,但仅回报更改的部分;
-f或--quite或——silent:不显示错误信息;
-h或--no-dereference:只对符号连接的文件作修改,而不更改其他任何相关文件;
-R或——recursive:递归处理,将指定目录下的所有文件及子目录一并处理;
-v或——version:显示指令执行过程;
[root@master ~]# ll /etc/hosts
-rw-r--r-- 1 root root 195 Mar 8 05:10 /etc/hosts
-rw-r--r-- 表示的是一个所有者拥有读写权限、组成员和其他用户都只有读权限的普通文件
需求:用lijun账户查看是否可以修改/etc/hosts文件 如果不能,如何实现可以修改文件?
[root@master ~]# ll /etc/hosts
-rw-r--r-- 1 root root 195 Mar 8 05:10 /etc/hosts
[root@master ~]# su lijun
[lijun@master root]$ ll /etc/hosts
-rw-r--r-- 1 root root 195 Mar 8 05:10 /etc/hosts
[lijun@master root]$ vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.164 node
10.0.0.165 master1
t
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
E45: 'readonly' option is set (add ! to override)
这里可以看到vim提示该文件只读,不能修改保存
、那下面我们就要实现可以修改保存
[root@master ~]# chown lijun.root /etc/hosts
[root@master ~]# su lijun
[lijun@master root]$ vi /etc/hosts
[lijun@master root]$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.164 node
10.0.0.165 master1
[lijun@master root]$ vi /etc/hosts
[lijun@master root]$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.164 node
10.0.0.165 master1
s
可以看到我往里面加了一个s ,此时已经可以修改了
重点
命令注解
chown lijun.root /etc/hosts
将 /etc/hosts 文件的所有者更改为 lijun,并将文件的所属组更改为 root
可以看到这个时候文件的所有者是lijun root是他的所属组
[root@master ~]# ll /etc/hosts
-rw-r--r-- 1 lijun root 196 Mar 19 02:45 /etc/hosts
如果遇到需要目录下的所有文件都要给某个账号权限
-R或——recursive:递归处理
[root@master ~]# chown -R lijun.root /usr/bin/
查看一下是否修改成功
[lijun@master ~]$ cd /usr/bin/
[lijun@master bin]$ ll
total 61320
-rwxr-xr-x. 1 lijun root 41448 Jun 10 2014 [
-rwxr-xr-x 1 lijun root 107848 Feb 3 2021 a2p
-rwxr-xr-x 1 lijun root 52640 May 30 2023 ab
-rwxr-xr-x. 1 lijun root 29016 Mar 6 2015 addr2line
-rwxr-xr-x. 1 lijun root 29 Mar 6 2015 alias
lrwxrwxrwx. 1 lijun root 6 Feb 29 23:57 apropos -> whatis
-rwxr-xr-x. 1 lijun root 58472 Mar 6 2015 ar
-rwxr-xr-x. 1 lijun root 33048 Jun 10 2014 arch
-rwxr-xr-x. 1 lijun root 365200 Mar 6 2015 as
-rwxr-xr-x. 1 lijun root 28800 Mar 6 2015 aserver
-rwxr-xr-x. 1 lijun root 19872 Mar 6 2015 aulast
-rwxr-xr-x. 1 lijun root 11536 Mar 6 2015 aulastlog
-rwxr-xr-x. 1 lijun root 11360 Mar 6 2015 ausyscall
-rwxr-xr-x. 1 lijun root 32672 Mar 6 2015 auvirt
lrwxrwxrwx. 1 lijun root 4 Feb 29 23:56 awk -> gawk
-rwxr-xr-x. 1 lijun root 37312 Jun 10 2014 base64
-rwxr-xr-x. 1 lijun root 28992 Jun 10 2014 basename
-rwxr-xr-x. 1 lijun root 960384 Mar 6 2015 bash
lrwxrwxrwx. 1 lijun root 10 Feb 29 23:56 bashbug -> bashbug-64
-rwxr-xr-x. 1 lijun root 7041 Mar 6 2015 bashbug-64
-rwxr-xr-x. 1 lijun root 83424 Jun 10 2014 bc
-rwxr-xr-x. 1 lijun root 26 Mar 6 2015 bg
-rwxr-xr-x. 1 lijun root 23289 Nov 6 2014 bond2team
-rwxr-xr-x. 1 lijun root 70648 Dec 7 22:51 bootctl
-rwxr-xr-x. 1 lijun root 412880 Dec 7 22:51 busctl
-rwxr-xr-x 2 lijun root 36607 Feb 3 2021 c2ph
-rwxr-xr-x. 1 lijun root 33392 Mar 6 2015 cal
lrwxrwxrwx. 1 lijun root 3 Feb 29 23:56 captoinfo -> tic
-rwxr-xr-x. 1 lijun root 54048 Jun 10 2014 cat
-rwxr-xr-x. 1 lijun root 3336 Mar 6 2015 catchsegv
-rwxr-xr-x. 1 lijun root 37528 Jun 10 2014 catman
-rwxr-xr-x. 1 lijun root 26 Mar 6 2015 cd
-rwxr-xr-x. 1 lijun root 6280 Mar 6 2015 centrino-decode
-rwxr-xr-x. 1 lijun root 163176 Mar 6 2015 certutil
-rwxr-xr-x. 1 lijun root 24408 Mar 6 2015 c++filt
-rwxr-xr-x. 1 lijun root 15624 Jun 10 2014 chacl
-rwxr-xr-x. 1 lijun root 64200 Mar 6 2015 chage
-rwxr-xr-x. 1 lijun root 11528 Mar 6 2015 chattr
-rwxr-xr-x. 1 lijun root 62872 Jun 10 2014 chcon
-rwx--x--x. 1 lijun root 23960 Mar 6 2015 chfn
-rwxr-xr-x. 1 lijun root 62760 Jun 10 2014 chgrp
-rwxr-xr-x. 1 lijun root 58552 Jun 10 2014 chmod
-rwxr-xr-x. 1 lijun root 62792 Jun 10 2014 chown
-rwxr-xr-x. 1 lijun root 24440 Mar 6 2015 chrt
-rwx--x--x. 1 lijun root 23856 Mar 6 2015 chsh
-rwxr-xr-x. 1 lijun root 11400 Mar 6 2015 chvt
-rwxr-xr-x. 1 lijun root 33104 Jun 10 2014 cksum
-rwxr-xr-x. 1 lijun root 7184 Jun 10 2014 clear
-rwxr-xr-x. 1 lijun root 45184 Jun 10 2014 cmp
-rwxr-xr-x. 1 lijun root 100584 Mar 6 2015 cmsutil
-rwxr-xr-x. 1 lijun root 24248 Mar 6 2015 col
-rwxr-xr-x. 1 lijun root 11544 Mar 6 2015 colcrt
-rwxr-xr-x. 1 lijun root 20040 Mar 6 2015 colrm
-rwxr-xr-x. 1 lijun root 24344 Mar 6 2015 column
-rwxr-xr-x. 1 lijun root 37376 Jun 10 2014 comm
-rwxr-xr-x. 1 lijun root 31 Mar 6 2015 command
-rwxr-xr-x. 1 lijun root 158224 Dec 7 22:51 coredumpctl
-rwxr-xr-x. 1 lijun root 151032 Jun 10 2014 cp
-rwxr-xr-x. 1 lijun root 141600 Jun 10 2014 cpio
-rwxr-xr-x. 1 lijun root 67928 Mar 6 2015 cpupower
-rwxr-xr-x. 1 lijun root 113312 Mar 6 2015 crlutil
-rwxr-xr-x. 1 lijun root 57536 Jul 30 2014 crontab
-rwxr-xr-x. 1 lijun root 49944 Jun 10 2014 csplit
-rwxr-xr-x. 1 lijun root 19984 Jun 10 2014 csslint-0.6
-rwxr-xr-x. 1 lijun root 152488 Jun 10 2014 curl
-rwxr-xr-x. 1 lijun root 41536 Jun 10 2014 cut
-rwxr-xr-x. 1 lijun root 62168 Jun 10 2014 date
-rwxr-xr-x. 1 lijun root 11480 Aug 7 2014 db_archive
-rwxr-xr-x. 1 lijun root 11568 Aug 7 2014 db_checkpoint
-rwxr-xr-x. 1 lijun root 15664 Aug 7 2014 db_deadlock
-rwxr-xr-x. 1 lijun root 15688 Aug 7 2014 db_dump
-rwxr-xr-x. 1 lijun root 65944 Aug 7 2014 db_dump185
-rwxr-xr-x. 1 lijun root 15696 Aug 7 2014 db_hotbackup
-rwxr-xr-x. 1 lijun root 28144 Aug 7 2014 db_load
-rwxr-xr-x. 1 lijun root 15688 Aug 7 2014 db_log_verify
-rwxr-xr-x. 1 lijun root 33008 Aug 7 2014 db_printlog
-rwxr-xr-x. 1 lijun root 11584 Aug 7 2014 db_recover
-rwxr-xr-x. 1 lijun root 15696 Aug 7 2014 db_replicate
-rwxr-xr-x. 1 lijun root 15608 Aug 7 2014 db_stat
-rwxr-xr-x. 1 lijun root 19784 Aug 7 2014 db_tuner
-rwxr-xr-x. 1 lijun root 11496 Aug 7 2014 db_upgrade
-rwxr-xr-x. 1 lijun root 96760 Jun 10 2014 dbus-binding-tool
-rwxr-xr-x. 1 lijun root 11240 Mar 6 2015 dbus-cleanup-sockets
-rwxr-xr-x. 1 lijun root 441256 Mar 6 2015 dbus-daemon
-rwxr-xr-x. 1 lijun root 19528 Mar 6 2015 dbus-monitor
-rwxr-xr-x. 1 lijun root 23576 Mar 6 2015 dbus-send
-rwxr-xr-x. 1 lijun root 11232 Mar 6 2015 dbus-uuidgen
-rwxr-xr-x. 1 lijun root 11504 Aug 7 2014 db_verify
-rwxr-xr-x. 1 lijun root 45392 Jun 10 2014 dc
-rwxr-xr-x. 1 lijun root 62400 Jun 10 2014 dd
-rwxr-xr-x. 1 lijun root 11408 Mar 6 2015 deallocvt
-rwxr-xr-x. 1 lijun root 100824 Jun 10 2014 df
-rwxr-xr-x. 1 lijun root 514136 Jun 10 2014 dgawk
-rwxr-xr-x. 1 lijun root 200104 Jun 10 2014 diff
-rwxr-xr-x. 1 lijun root 62072 Jun 10 2014 diff3
-rwxr-xr-x. 1 lijun root 117616 Jun 10 2014 dir
-rwxr-xr-x. 1 lijun root 41368 Jun 10 2014 dircolors
-rwxr-xr-x. 1 lijun root 28952 Jun 10 2014 dirname
-rwxr-xr-x. 1 lijun root 45392 Mar 6 2015 dmesg
lrwxrwxrwx. 1 lijun root 8 Feb 29 23:56 dnsdomainname -> hostname
lrwxrwxrwx. 1 lijun root 8 Feb 29 23:56 domainname -> hostname
-rwxr-xr-x 1 lijun root 36528 Aug 3 2017 dos2unix
-rwxr-xr-x. 1 lijun root 57167 Sep 30 2020 dracut
-rwxr-xr-x. 1 lijun root 112912 Jun 10 2014 du
-rwxr-xr-x. 1 lijun root 79336 Mar 6 2015 dumpkeys
-rwxr-xr-x. 1 lijun root 3010184 Mar 6 2015 dwp
-rwxr-xr-x. 1 lijun root 320 Jun 10 2014 easy_install
-rwxr-xr-x. 1 lijun root 328 Jun 10 2014 easy_install-2.7
-rwxr-xr-x. 1 lijun root 33040 Jun 10 2014 echo
-rwxr-xr-x. 1 lijun root 158 Mar 6 2015 egrep
-rwxr-xr-x. 1 lijun root 45640 Mar 6 2015 eject
-rwxr-xr-x. 1 lijun root 32920 Mar 6 2015 elfedit
-rwxr-xr-x. 1 lijun root 28960 Jun 10 2014 env
-rwxr-xr-x. 1 lijun root 36816 Jun 10 2014 envsubst
-rwxr-xr-x. 1 lijun root 147880 Jun 10 2014 eqn
lrwxrwxrwx. 1 lijun root 2 Feb 29 23:56 ex -> vi
-rwxr-xr-x. 1 lijun root 33216 Jun 10 2014 expand
-rwxr-xr-x. 1 lijun root 37384 Jun 10 2014 expr
-rwxr-xr-x. 1 lijun root 95464 Jun 10 2014 factor
-rwxr-xr-x. 1 lijun root 20048 Mar 6 2015 fallocate
-rwxr-xr-x. 1 lijun root 28896 Jun 10 2014 false
-rwxr-xr-x. 1 lijun root 26 Mar 6 2015 fc
-rwxr-xr-x. 1 lijun root 26 Mar 6 2015 fg
-rwxr-xr-x. 1 lijun root 11416 Mar 6 2015 fgconsole
-rwxr-xr-x. 1 lijun root 158 Mar 6 2015 fgrep
-rwxr-xr-x. 1 lijun root 19752 Jun 10 2014 file
-rwxr-xr-x. 1 lijun root 199208 Jun 10 2014 find
-rwxr-xr-x 1 lijun root 23614 Feb 3 2021 find2perl
-rwxr-xr-x. 1 lijun root 55416 Mar 6 2015 findmnt
-rwxr-xr-x. 1 lijun root 15720 Jun 10 2014 fipscheck
-rwxr-xr-x. 1 lijun root 11568 Jun 10 2014 fipshmac
-rwxr-xr-x. 1 lijun root 62012 Mar 6 2015 firewall-cmd
-rwxr-xr-x. 1 lijun root 51850 Mar 6 2015 firewall-offline-cmd
-rwxr-xr-x. 1 lijun root 24232 Mar 6 2015 flock
-rwxr-xr-x. 1 lijun root 37336 Jun 10 2014 fmt
-rwxr-xr-x. 1 lijun root 37296 Jun 10 2014 fold
-rwxr-xr-x. 1 lijun root 19768 Mar 6 2015 free
-rwxr-xr-x. 1 lijun root 19944 Jun 10 2021 gapplication
-rwxr-xr-x. 1 lijun root 428576 Jun 10 2014 gawk
-rwxr-xr-x. 1 lijun root 41136 Jun 10 2021 gdbus
-rwxr-xr-x. 1 lijun root 23064 Mar 6 2015 gencat
lrwxrwxrwx. 1 lijun root 3 Feb 29 23:56 geqn -> eqn
-rwxr-xr-x. 1 lijun root 22848 Mar 6 2015 getconf
-rwxr-xr-x. 1 lijun root 27832 Mar 6 2015 getent
-rwxr-xr-x. 1 lijun root 24848 Jun 10 2014 getfacl
-rwxr-xr-x. 1 lijun root 11416 Mar 6 2015 getkeycodes
-rwxr-xr-x. 1 lijun root 15728 Mar 6 2015 getopt
-rwxr-xr-x. 1 lijun root 31 Mar 6 2015 getopts
-rwxr-xr-x. 1 lijun root 36752 Jun 10 2014 gettext
-rwxr-xr-x. 1 lijun root 4616 Jun 10 2014 gettext.sh
-rwxr-xr-x. 1 lijun root 75176 Jun 10 2021 gio
-rwxr-xr-x. 1 lijun root 11584 Jun 10 2021 gio-querymodules-64
-rwxr-xr-x. 1 lijun root 45440 Jun 10 2021 glib-compile-schemas
lrwxrwxrwx. 1 lijun root 4 Feb 29 23:56 gmake -> make
lrwxrwxrwx. 1 lijun root 4 Feb 29 23:56 gneqn -> neqn
lrwxrwxrwx. 1 lijun root 5 Feb 29 23:56 gnroff -> nroff
-rwxr-xr-x. 1 lijun root 78168 Mar 6 2015 gpasswd
lrwxrwxrwx. 1 lijun root 4 Feb 29 23:56 gpg -> gpg2
-rwxr-xr-x. 1 lijun root 749840 Jun 10 2014 gpg2
-rwxr-xr-x. 1 lijun root 296640 Jun 10 2014 gpg-agent
-rwxr-xr-x. 1 lijun root 143552 Jun 10 2014 gpgconf
-rwxr-xr-x. 1 lijun root 156200 Jun 10 2014 gpg-connect-agent
-rwxr-xr-x. 1 lijun root 23736 Jun 10 2014 gpg-error
-rwxr-xr-x. 1 lijun root 24176 Jun 10 2014 gpgparsemail
-rwxr-xr-x. 1 lijun root 49944 Jun 10 2014 gpgsplit
lrwxrwxrwx. 1 lijun root 5 Feb 29 23:56 gpgv -> gpgv2
-rwxr-xr-x. 1 lijun root 353520 Jun 10 2014 gpgv2
-rwxr-xr-x. 1 lijun root 3307 Jun 10 2014 gpg-zip
lrwxrwxrwx. 1 lijun root 3 Feb 29 23:56 gpic -> pic
-rwxr-xr-x. 1 lijun root 100664 Mar 6 2015 gprof
-rwxr-xr-x. 1 lijun root 158928 Mar 6 2015 grep
-rwxr-xr-x. 1 lijun root 83584 Jun 10 2014 groff
-rwxr-xr-x. 1 lijun root 144232 Jun 10 2014 grops
-rwxr-xr-x. 1 lijun root 100952 Jun 10 2014 grotty
-rwxr-xr-x. 1 lijun root 33152 Jun 10 2014 groups
-rwxr-xr-x. 1 lijun root 401312 Mar 26 2015 grub2-editenv
-rwxr-xr-x. 1 lijun root 833680 Mar 26 2015 grub2-file
-rwxr-xr-x. 1 lijun root 1062512 Mar 26 2015 grub2-fstest
-rwxr-xr-x. 1 lijun root 260808 Mar 26 2015 grub2-glue-efi
-rwxr-xr-x. 1 lijun root 1668 Mar 26 2015 grub2-kbdcomp
-rwxr-xr-x. 1 lijun root 243400 Mar 26 2015 grub2-menulst2cfg
-rwxr-xr-x. 1 lijun root 290248 Mar 26 2015 grub2-mkfont
-rwxr-xr-x. 1 lijun root 384032 Mar 26 2015 grub2-mkimage
-rwxr-xr-x. 1 lijun root 266992 Mar 26 2015 grub2-mklayout
-rwxr-xr-x. 1 lijun root 431176 Mar 26 2015 grub2-mknetdir
-rwxr-xr-x. 1 lijun root 273568 Mar 26 2015 grub2-mkpasswd-pbkdf2
-rwxr-xr-x. 1 lijun root 260448 Mar 26 2015 grub2-mkrelpath
-rwxr-xr-x. 1 lijun root 1021368 Mar 26 2015 grub2-mkrescue
-rwxr-xr-x. 1 lijun root 534584 Mar 26 2015 grub2-mkstandalone
-rwxr-xr-x. 1 lijun root 838600 Mar 26 2015 grub2-render-label
-rwxr-xr-x. 1 lijun root 298240 Mar 26 2015 grub2-script-check
-rwxr-xr-x. 1 lijun root 765288 Mar 26 2015 grub2-syslinux2cfg
-rwxr-xr-x. 1 lijun root 24376 Jun 10 2021 gsettings
lrwxrwxrwx. 1 lijun root 6 Feb 29 23:56 gsoelim -> soelim
lrwxrwxrwx. 1 lijun root 3 Feb 29 23:57 gtar -> tar
lrwxrwxrwx. 1 lijun root 3 Feb 29 23:56 gtbl -> tbl
lrwxrwxrwx. 1 lijun root 5 Feb 29 23:56 gtroff -> troff
-rwxr-xr-x. 1 lijun root 2253 Jun 10 2014 gunzip
-rwxr-xr-x. 1 lijun root 5931 Jun 10 2014 gzexe
-rwxr-xr-x. 1 lijun root 100744 Jun 10 2014 gzip
-rwxr-xr-x 1 lijun root 28310 Feb 3 2021 h2ph
-rwxr-xr-x. 1 lijun root 11440 Jun 10 2014 hdsploader
-rwxr-xr-x. 1 lijun root 41432 Jun 10 2014 head
-rwxr-xr-x. 1 lijun root 11360 Jun 10 2014 hesinfo
-rwxr-xr-x. 1 lijun root 32592 Mar 6 2015 hexdump
-rwxr-xr-x. 1 lijun root 28952 Jun 10 2014 hostid
-rwxr-xr-x. 1 lijun root 15768 Jun 10 2014 hostname
-rwxr-xr-x. 1 lijun root 325704 Dec 7 22:51 hostnamectl
-rwxr-xr-x 1 lijun root 23656 May 30 2023 htdbm
-rwxr-xr-x 1 lijun root 15440 May 30 2023 htdigest
-rwxr-xr-x 1 lijun root 19552 May 30 2023 htpasswd
-rwxr-xr-x 1 lijun root 11256 May 30 2023 httxt2dbm
lrwxrwxrwx. 1 lijun root 7 Feb 29 23:56 i386 -> setarch
-rwxr-xr-x. 1 lijun root 60312 Mar 6 2015 iconv
-rwxr-xr-x. 1 lijun root 41440 Jun 10 2014 id
-rwxr-xr-x. 1 lijun root 33232 Jun 10 2014 idn
-rwxr-xr-x. 1 lijun root 3188 Jun 10 2014 igawk
-rwxr-xr-x. 1 lijun root 271480 Jun 10 2014 info
-rwxr-xr-x. 1 lijun root 57400 Jun 10 2014 infocmp
-rwxr-xr-x. 1 lijun root 21976 Jun 10 2014 infokey
lrwxrwxrwx. 1 lijun root 3 Feb 29 23:56 infotocap -> tic
-rwxr-xr-x. 1 lijun root 142880 Jun 10 2014 install
-rwxr-xr-x. 1 lijun root 20160 Mar 6 2015 ionice
-rwxr-xr-x. 1 lijun root 15416 Nov 17 2020 ipcalc
-rwxr-xr-x. 1 lijun root 20280 Mar 6 2015 ipcmk
-rwxr-xr-x. 1 lijun root 24216 Mar 6 2015 ipcrm
-rwxr-xr-x. 1 lijun root 45240 Mar 6 2015 ipcs
lrwxrwxrwx. 1 lijun root 23 Feb 29 23:56 iptables-xml -> /usr/sbin/xtables-multi
-rwxr-xr-x. 1 lijun root 20088 Mar 6 2015 isosize
-rwxr-xr-x. 1 lijun root 28 Mar 6 2015 jobs
-rwxr-xr-x. 1 lijun root 49872 Jun 10 2014 join
-rwxr-xr-x. 1 lijun root 550792 Dec 7 22:51 journalctl
-rwxr-xr-x. 1 lijun root 11440 Mar 6 2015 kbdinfo
-rwxr-xr-x. 1 lijun root 11408 Mar 6 2015 kbd_mode
-rwxr-xr-x. 1 lijun root 11472 Mar 6 2015 kbdrate
-rwxr-xr-x. 1 lijun root 21214 Mar 10 2015 kdumpctl
-rwxr-xr-x. 1 lijun root 4811 Dec 7 22:51 kernel-install
-rwxr-xr-x 1 lijun root 28608 Jun 10 2014 keyctl
-rwxr-xr-x. 1 lijun root 29264 Mar 6 2015 kill
-rwxr-xr-x. 1 lijun root 146680 Apr 1 2020 kmod
-rwxr-xr-x. 1 lijun root 19568 Jun 10 2014 last
lrwxrwxrwx. 1 lijun root 4 Feb 29 23:56 lastb -> last
-rwxr-xr-x. 1 lijun root 15392 Mar 6 2015 lastlog
-rwxr-xr-x. 1 lijun root 19912 Jun 10 2014 lchfn
-rwxr-xr-x. 1 lijun root 15776 Jun 10 2014 lchsh
lrwxrwxrwx. 1 lijun root 20 Feb 29 23:56 ld -> /etc/alternatives/ld
-rwxr-xr-x. 1 lijun root 902472 Mar 6 2015 ld.bfd
-rwxr-xr-x. 1 lijun root 5302 Mar 6 2015 ldd
-rwxr-xr-x. 1 lijun root 4157928 Mar 6 2015 ld.gold
-rwxr-xr-x. 1 lijun root 158240 Jun 10 2014 less
-rwxr-xr-x. 1 lijun root 11376 Jun 10 2014 lessecho
-rwxr-xr-x. 1 lijun root 17056 Jun 10 2014 lesskey
-rwxr-xr-x. 1 lijun root 2291 Feb 4 2014 lesspipe.sh
-rwxr-xr-x. 1 lijun root 87024 Jun 10 2014 lexgrog
-rwxr-xr-x. 1 lijun root 28944 Jun 10 2014 link
lrwxrwxrwx. 1 lijun root 7 Feb 29 23:56 linux32 -> setarch
lrwxrwxrwx. 1 lijun root 7 Feb 29 23:56 linux64 -> setarch
-rwxr-xr-x. 1 lijun root 5995 Jun 10 2014 linux-boot-prober
-rwxr-xr-x. 1 lijun root 58560 Jun 10 2014 ln
-rwxr-xr-x. 1 lijun root 113096 Mar 6 2015 loadkeys
-rwxr-xr-x. 1 lijun root 24432 Mar 6 2015 loadunimap
-rwxr-xr-x. 1 lijun root 38680 Mar 6 2015 locale
-rwxr-xr-x. 1 lijun root 333992 Dec 7 22:51 localectl
-rwxr-xr-x. 1 lijun root 318792 Mar 6 2015 localedef
-rwxr-xr-x. 1 lijun root 24936 Mar 6 2015 logger
-rwxr-xr-x. 1 lijun root 37200 Mar 6 2015 login
-rwxr-xr-x. 1 lijun root 501368 Dec 7 22:51 loginctl
-rwxr-xr-x. 1 lijun root 28944 Jun 10 2014 logname
-rwxr-xr-x 1 lijun root 11264 May 30 2023 logresolve
-rwxr-xr-x. 1 lijun root 11528 Mar 6 2015 look
-rwxr-xr-x. 1 lijun root 117616 Jun 10 2014 ls
-rwxr-xr-x. 1 lijun root 11520 Mar 6 2015 lsattr
-rwxr-xr-x. 1 lijun root 72560 Mar 6 2015 lsblk
-rwxr-xr-x. 1 lijun root 58352 Mar 6 2015 lscpu
-rwxr-xr-x. 1 lijun root 6410 Sep 30 2020 lsinitrd
-rwxr-xr-x. 1 lijun root 37656 Mar 6 2015 lslocks
-rwxr-xr-x. 1 lijun root 88144 Mar 6 2015 lslogins
-rwxr-xr-x. 1 lijun root 15824 Jun 10 2014 lua
-rwxr-xr-x. 1 lijun root 121848 Jun 10 2014 luac
-rwxr-xr-x. 1 lijun root 108384 Oct 1 2020 lz4
lrwxrwxrwx. 1 lijun root 3 Mar 1 01:42 lz4c -> lz4
lrwxrwxrwx. 1 lijun root 3 Mar 1 01:42 lz4cat -> lz4
lrwxrwxrwx 1 lijun root 8 Mar 1 04:25 mac2unix -> dos2unix
-rwxr-xr-x. 1 lijun root 546768 Dec 7 22:51 machinectl
lrwxrwxrwx 1 lijun root 5 Mar 17 20:35 mail -> mailx
lrwxrwxrwx 1 lijun root 15 Mar 17 20:35 Mail -> ../../bin/mailx
lrwxrwxrwx. 1 lijun root 27 Feb 29 23:57 mailq -> /etc/alternatives/mta-mailq
lrwxrwxrwx. 1 lijun root 31 Feb 29 23:57 mailq.postfix -> ../../usr/sbin/sendmail.postfix
-rwxr-xr-x 1 lijun root 392880 Apr 11 2018 mailx
-rwxr-xr-x. 1 lijun root 182736 Jun 10 2014 make
-rwxr-xr-x. 1 lijun root 19032 Mar 6 2015 makedb
-rwxr-xr-x. 1 lijun root 102736 Jun 10 2014 man
-rwxr-xr-x. 1 lijun root 125088 Jun 10 2014 mandb
-rwxr-xr-x. 1 lijun root 33224 Jun 10 2014 manpath
-rwxr-xr-x. 1 lijun root 20232 Mar 6 2015 mapscrn
-rwxr-xr-x. 1 lijun root 15792 Mar 6 2015 mcookie
-rwxr-xr-x. 1 lijun root 41472 Jun 10 2014 md5sum
-rwxr-xr-x. 1 lijun root 11240 Jun 10 2014 mesg
-rwxr-xr-x. 1 lijun root 15736 Jun 10 2014 mixartloader
-rwxr-xr-x. 1 lijun root 79712 Jun 10 2014 mkdir
-rwxr-xr-x. 1 lijun root 63008 Jun 10 2014 mkfifo
-rwxr-xr-x. 1 lijun root 3013 Sep 30 2020 mkinitrd
-rwxr-xr-x. 1 lijun root 67144 Jun 10 2014 mknod
-rwxr-xr-x. 1 lijun root 41600 Jun 10 2014 mktemp
-rwxr-xr-x. 1 lijun root 152904 Mar 6 2015 modutil
-rwxr-xr-x. 1 lijun root 41096 Mar 6 2015 more
-rwxr-xr-x. 1 lijun root 44232 Mar 6 2015 mount
-rwxr-xr-x. 1 lijun root 15672 Mar 6 2015 mountpoint
-rwxr-xr-x. 1 lijun root 23856 Jun 10 2014 msgattrib
-rwxr-xr-x. 1 lijun root 23856 Jun 10 2014 msgcat
-rwxr-xr-x. 1 lijun root 24144 Jun 10 2014 msgcmp
-rwxr-xr-x. 1 lijun root 19744 Jun 10 2014 msgcomm
-rwxr-xr-x. 1 lijun root 19728 Jun 10 2014 msgconv
-rwxr-xr-x. 1 lijun root 19728 Jun 10 2014 msgen
-rwxr-xr-x. 1 lijun root 15664 Jun 10 2014 msgexec
-rwxr-xr-x. 1 lijun root 24008 Jun 10 2014 msgfilter
-rwxr-xr-x. 1 lijun root 70320 Jun 10 2014 msgfmt
-rwxr-xr-x. 1 lijun root 103592 Jun 10 2014 msggrep
-rwxr-xr-x. 1 lijun root 12751 Jan 25 2014 msghack
-rwxr-xr-x. 1 lijun root 45432 Jun 10 2014 msginit
-rwxr-xr-x. 1 lijun root 53840 Jun 10 2014 msgmerge
-rwxr-xr-x. 1 lijun root 32432 Jun 10 2014 msgunfmt
-rwxr-xr-x. 1 lijun root 19736 Jun 10 2014 msguniq
-rwxr-xr-x. 1 lijun root 130256 Jun 10 2014 mv
lrwxrwxrwx 1 lijun root 15 Mar 17 20:35 nail -> ../../bin/mailx
-rwxr-xr-x. 1 lijun root 24352 Mar 6 2015 namei
-rwxr-xr-x 1 lijun root 205904 Jun 10 2014 nano
-rwxr-xr-x. 1 lijun root 20064 Jun 10 2014 ndptool
-rwxr-xr-x. 1 lijun root 271 Jun 10 2014 neqn
-rwxr-xr-x 1 lijun root 155008 Aug 9 2019 netstat
-rwxr-xr-x. 1 lijun root 11584 Mar 6 2015 nettle-hash
-rwxr-xr-x. 1 lijun root 7200 Mar 6 2015 nettle-lfib-stream
lrwxrwxrwx. 1 lijun root 32 Feb 29 23:57 newaliases -> /etc/alternatives/mta-newaliases
lrwxrwxrwx. 1 lijun root 31 Feb 29 23:57 newaliases.postfix -> ../../usr/sbin/sendmail.postfix
-rwxr-xr-x. 1 lijun root 41752 Mar 6 2015 newgrp
-rwxr-xr-x. 1 lijun root 36768 Jun 10 2014 ngettext
-rwxr-xr-x. 1 lijun root 33072 Jun 10 2014 nice
lrwxrwxrwx. 1 lijun root 8 Feb 29 23:56 nisdomainname -> hostname
-rwxr-xr-x. 1 lijun root 41536 Jun 10 2014 nl
-rwxr-xr-x. 1 lijun root 42336 Mar 6 2015 nm
-rwxr-xr-x. 1 lijun root 563176 Mar 6 2015 nmcli
-rwxr-xr-x. 1 lijun root 15344 Mar 6 2015 nm-online
-rwxr-xr-x. 4 lijun root 262864 Mar 6 2015 nmtui
-rwxr-xr-x. 4 lijun root 262864 Mar 6 2015 nmtui-connect
-rwxr-xr-x. 4 lijun root 262864 Mar 6 2015 nmtui-edit
-rwxr-xr-x. 4 lijun root 262864 Mar 6 2015 nmtui-hostname
-rwxr-xr-x. 1 lijun root 33144 Jun 10 2014 nohup
-rwxr-xr-x. 1 lijun root 33104 Jun 10 2014 nproc
-rwxr-xr-x. 1 lijun root 3392 Jun 10 2014 nroff
-rwxr-xr-x. 1 lijun root 24520 Mar 6 2015 nsenter
-rwxr-xr-x. 1 lijun root 66224 Jun 10 2014 numfmt
-rwxr-xr-x. 1 lijun root 224280 Mar 6 2015 objcopy
-rwxr-xr-x. 1 lijun root 332248 Mar 6 2015 objdump
-rwxr-xr-x. 1 lijun root 66320 Jun 10 2014 od
-rwxr-xr-x. 1 lijun root 190816 Jun 10 2014 oldfind
lrwxrwxrwx. 1 lijun root 6 Feb 29 23:57 open -> openvt
-rwxr-xr-x. 1 lijun root 508680 Mar 6 2015 openssl
-rwxr-xr-x. 1 lijun root 19928 Mar 6 2015 openvt
-rwxr-xr-x. 1 lijun root 5618 Jun 10 2014 os-prober
-rwxr-xr-x. 1 lijun root 28680 Mar 6 2015 p11-kit
-rwxr-xr-x. 1 lijun root 27832 Jun 10 2014 passwd
-rwxr-xr-x. 1 lijun root 33080 Jun 10 2014 paste
-rwxr-xr-x. 1 lijun root 33056 Jun 10 2014 pathchk
-rwxr-xr-x 2 lijun root 11408 Feb 3 2021 perl
-rwxr-xr-x 2 lijun root 11408 Feb 3 2021 perl5.16.3
-rwxr-xr-x 2 lijun root 44652 Feb 3 2021 perlbug
-rwxr-xr-x 1 lijun root 203 Jun 10 2014 perldoc
-rwxr-xr-x 2 lijun root 44652 Feb 3 2021 perlthanks
-rwxr-xr-x. 1 lijun root 428600 Jun 10 2014 pgawk
-rwxr-xr-x. 1 lijun root 28320 Mar 6 2015 pgrep
-rwxr-xr-x. 1 lijun root 184736 Jun 10 2014 pic
-rwxr-xr-x 1 lijun root 8177 Jun 10 2014 piconv
-rwxr-xr-x. 1 lijun root 2237 Jan 31 2014 pinentry
-rwxr-xr-x. 1 lijun root 50328 Jun 10 2014 pinentry-curses
-rwxr-xr-x. 1 lijun root 44896 Jun 10 2014 ping
-rwxr-xr-x. 1 lijun root 49568 Jun 10 2014 ping6
-rwxr-xr-x. 1 lijun root 37416 Jun 10 2014 pinky
-rwxr-xr-x. 1 lijun root 88856 Mar 6 2015 pk12util
-rwxr-xr-x. 1 lijun root 15344 Jun 10 2014 pkaction
-rwxr-xr-x. 1 lijun root 23568 Jun 10 2014 pkcheck
-rwxr-xr-x. 1 lijun root 15872 Mar 6 2015 pkcs1-conv
-rwxr-xr-x. 1 lijun root 27656 Jun 10 2014 pkexec
-rwxr-xr-x. 1 lijun root 45448 Jun 10 2014 pkg-config
-rwxr-xr-x. 1 lijun root 28320 Mar 6 2015 pkill
-rwxr-xr-x. 1 lijun root 19688 Jun 10 2014 pkla-admin-identities
-rwxr-xr-x. 1 lijun root 27960 Jun 10 2014 pkla-check-authorization
-rwxr-xr-x. 1 lijun root 15304 Jun 10 2014 pkttyagent
-rwxr-xr-x 1 lijun root 4531 Feb 3 2021 pl2pm
-rwxr-xr-x. 1 lijun root 14808 Mar 6 2015 pldd
-rwxr-xr-x. 1 lijun root 40720 Mar 10 2015 plymouth
-rwxr-xr-x. 1 lijun root 28248 Mar 6 2015 pmap
-rwxr-xr-x 1 lijun root 4096 Feb 3 2021 pod2html
-rwxr-xr-x 1 lijun root 13581 Jun 10 2014 pod2man
-rwxr-xr-x 1 lijun root 11004 Jun 10 2014 pod2text
-rwxr-xr-x 1 lijun root 3755 Jun 10 2014 pod2usage
-rwxr-xr-x. 1 lijun root 192048 Jun 10 2014 post-grohtml
-rwxr-xr-x. 1 lijun root 6296 Mar 6 2015 powernow-k8-decode
-rwxr-xr-x. 1 lijun root 66624 Jun 10 2014 pr
-rwxr-xr-x. 1 lijun root 41864 Jun 10 2014 preconv
-rwxr-xr-x. 1 lijun root 88312 Jun 10 2014 pre-grohtml
-rwxr-xr-x. 1 lijun root 28928 Jun 10 2014 printenv
-rwxr-xr-x. 1 lijun root 49736 Jun 10 2014 printf
-rwxr-xr-x. 1 lijun root 37848 Mar 6 2015 prlimit
-rwxr-xr-x. 1 lijun root 100048 Mar 6 2015 ps
-rwxr-xr-x 2 lijun root 53329 Feb 3 2021 psed
lrwxrwxrwx. 1 lijun root 9 Feb 29 23:57 psfaddtable -> psfxtable
lrwxrwxrwx. 1 lijun root 9 Feb 29 23:57 psfgettable -> psfxtable
lrwxrwxrwx. 1 lijun root 9 Feb 29 23:57 psfstriptable -> psfxtable
-rwxr-xr-x. 1 lijun root 19920 Mar 6 2015 psfxtable
-rwxr-xr-x 2 lijun root 36607 Feb 3 2021 pstruct
-rwxr-xr-x. 1 lijun root 66608 Jun 10 2014 ptx
-rwxr-xr-x. 1 lijun root 33200 Jun 10 2014 pwd
-rwxr-xr-x. 1 lijun root 11512 Mar 6 2015 pwdx
-rwxr-xr-x. 1 lijun root 11384 Jun 10 2014 pwmake
-rwxr-xr-x. 1 lijun root 11376 Jun 10 2014 pwscore
-rwxr-xr-x. 1 lijun root 78 Jun 18 2014 pydoc
lrwxrwxrwx. 1 lijun root 7 Feb 29 23:56 python -> python2
lrwxrwxrwx. 1 lijun root 9 Feb 29 23:56 python2 -> python2.7
-rwxr-xr-x. 1 lijun root 7136 Jun 18 2014 python2.7
-rwxr-xr-x 1 lijun root 85312 Aug 9 2019 quota
-rwxr-xr-x 1 lijun root 72544 Aug 9 2019 quotasync
-rwxr-xr-x. 1 lijun root 58472 Mar 6 2015 ranlib
-rwxr-xr-x. 1 lijun root 11528 Mar 6 2015 raw
-rwxr-xr-x 3 lijun root 76760 Jun 10 2014 rb
-rwxr-xr-x. 1 lijun root 28 Mar 6 2015 read
-rwxr-xr-x. 1 lijun root 405344 Mar 6 2015 readelf
-rwxr-xr-x. 1 lijun root 41760 Jun 10 2014 readlink
-rwxr-xr-x. 1 lijun root 62648 Jun 10 2014 realpath
-rwxr-xr-x. 1 lijun root 15632 Jun 10 2014 recode-sr-latin
-rwxr-xr-x. 1 lijun root 11512 Mar 6 2015 rename
-rwxr-xr-x. 1 lijun root 11464 Mar 6 2015 renice
lrwxrwxrwx. 1 lijun root 4 Feb 29 23:56 reset -> tset
-rwxr-xr-x. 1 lijun root 20072 Mar 6 2015 resizecons
-rwxr-xr-x. 1 lijun root 11512 Mar 6 2015 rev
-rwxr-xr-x. 1 lijun root 62808 Jun 10 2014 rm
lrwxrwxrwx. 1 lijun root 27 Feb 29 23:57 rmail -> /etc/alternatives/mta-rmail
-rwxr-xr-x. 1 lijun root 262 Jun 10 2014 rmail.postfix
-rwxr-xr-x. 1 lijun root 45496 Jun 10 2014 rmdir
lrwxrwxrwx 1 lijun root 4 Mar 9 20:47 rnano -> nano
-rwxr-xr-x. 1 lijun root 93080 Mar 6 2015 rpcgen
-rwxr-xr-x. 1 lijun root 16104 Mar 6 2015 rpm
-rwxr-xr-x. 1 lijun root 11400 Mar 6 2015 rpm2cpio
-rwxr-xr-x. 1 lijun root 11992 Mar 6 2015 rpmdb
-rwxr-xr-x. 1 lijun root 12000 Mar 6 2015 rpmkeys
lrwxrwxrwx. 1 lijun root 13 Feb 29 23:56 rpmquery -> ../../bin/rpm
lrwxrwxrwx. 1 lijun root 13 Feb 29 23:56 rpmverify -> ../../bin/rpm
-rwxr-xr-x 1 lijun root 500096 Dec 16 2022 rsync
-rwxr-xr-x. 1 lijun root 6098 Oct 14 2014 rsyslog-recover-qi.pl
-rwxr-xr-x. 1 lijun root 33208 Jun 10 2014 runcon
-rwxr-xr-x. 1 lijun root 2086 Jun 10 2014 run-parts
lrwxrwxrwx. 1 lijun root 2 Feb 29 23:56 rvi -> vi
lrwxrwxrwx. 1 lijun root 2 Feb 29 23:56 rview -> vi
lrwxrwxrwx 1 lijun root 3 Mar 8 05:53 rvim -> vim
-rwxr-xr-x 3 lijun root 76760 Jun 10 2014 rx
-rwxr-xr-x 3 lijun root 76760 Jun 10 2014 rz
-rwxr-xr-x 2 lijun root 53329 Feb 3 2021 s2p
-rwxr-xr-x 3 lijun root 80872 Jun 10 2014 sb
-rwxr-xr-x. 1 lijun root 70360 Mar 6 2015 scp
-rwxr-xr-x. 1 lijun root 20056 Mar 6 2015 script
-rwxr-xr-x. 1 lijun root 15640 Mar 6 2015 scriptreplay
-rwxr-xr-x. 1 lijun root 49528 Jun 10 2014 sdiff
-rwxr-xr-x 1 lijun root 24640 Apr 1 2020 secon
-rwxr-xr-x. 1 lijun root 76016 Jun 10 2014 sed
-rwxr-xr-x. 1 lijun root 49592 Jun 10 2014 seq
-rwxr-xr-x. 1 lijun root 15624 Mar 6 2015 setarch
-rwxr-xr-x. 1 lijun root 37576 Jun 10 2014 setfacl
-rwxr-xr-x. 1 lijun root 41328 Mar 6 2015 setfont
-rwxr-xr-x. 1 lijun root 11408 Mar 6 2015 setkeycodes
-rwxr-xr-x. 1 lijun root 11424 Mar 6 2015 setleds
-rwxr-xr-x. 1 lijun root 11464 Mar 6 2015 setmetamode
-rwxr-xr-x. 1 lijun root 32624 Mar 6 2015 setpriv
-rwxr-xr-x. 1 lijun root 11480 Mar 6 2015 setsid
-rwxr-xr-x. 1 lijun root 28128 Mar 6 2015 setterm
lrwxrwxrwx. 1 lijun root 19 Feb 29 23:56 setup-nsssysinit -> setup-nsssysinit.sh
-rwxr-xr-x. 1 lijun root 1539 Mar 6 2015 setup-nsssysinit.sh
-rwxr-xr-x. 1 lijun root 11584 Mar 6 2015 setvtrgb
-rwxr-xr-x. 1 lijun root 24176 Mar 6 2015 sexp-conv
-rwxr-xr-x. 1 lijun root 124600 Mar 6 2015 sftp
lrwxrwxrwx. 1 lijun root 6 Feb 29 23:56 sg -> newgrp
lrwxrwxrwx. 1 lijun root 4 Feb 29 23:56 sh -> bash
-rwxr-xr-x. 1 lijun root 37408 Jun 10 2014 sha1sum
-rwxr-xr-x. 1 lijun root 41576 Jun 10 2014 sha224sum
-rwxr-xr-x. 1 lijun root 41576 Jun 10 2014 sha256sum
-rwxr-xr-x. 1 lijun root 41568 Jun 10 2014 sha384sum
-rwxr-xr-x. 1 lijun root 41568 Jun 10 2014 sha512sum
-rwxr-xr-x. 1 lijun root 15816 Mar 6 2015 showconsolefont
-rwxr-xr-x. 1 lijun root 15584 Mar 6 2015 showkey
-rwxr-xr-x. 1 lijun root 54184 Jun 10 2014 shred
-rwxr-xr-x. 1 lijun root 50272 Jun 10 2014 shuf
-rwxr-xr-x. 1 lijun root 167704 Mar 6 2015 signtool
-rwxr-xr-x. 1 lijun root 92368 Mar 6 2015 signver
-rwxr-xr-x. 1 lijun root 28928 Mar 6 2015 size
-rwxr-xr-x. 1 lijun root 24168 Mar 6 2015 skill
-rwxr-xr-x. 1 lijun root 19960 Mar 6 2015 slabtop
-rwxr-xr-x. 1 lijun root 33088 Jun 10 2014 sleep
lrwxrwxrwx. 1 lijun root 5 Feb 29 23:57 slogin -> ./ssh
-rwxr-xr-x. 1 lijun root 24168 Mar 6 2015 snice
-rwxr-xr-x. 1 lijun root 33368 Jun 10 2014 soelim
-rwxr-xr-x. 1 lijun root 117664 Jun 10 2014 sort
-rwxr-xr-x. 1 lijun root 4341 Mar 6 2015 sotruss
-rwxr-xr-x 1 lijun root 18459 Feb 3 2021 splain
-rwxr-xr-x. 1 lijun root 71088 Jun 10 2014 split
-rwxr-xr-x. 1 lijun root 23152 Mar 6 2015 sprof
-rwxr-xr-x. 1 lijun root 56240 Jun 10 2014 sqlite3
-rwxr-xr-x. 1 lijun root 669736 Mar 6 2015 ssh
-rwxr-xr-x. 1 lijun root 339664 Mar 6 2015 ssh-add
---x--x--x. 1 lijun root 293832 Mar 6 2015 ssh-agent
-rwxr-xr-x. 1 lijun root 9495 Mar 6 2015 ssh-copy-id
-rwxr-xr-x. 1 lijun root 418528 Mar 6 2015 ssh-keygen
-rwxr-xr-x. 1 lijun root 432776 Mar 6 2015 ssh-keyscan
-rwxr-xr-x. 1 lijun root 108608 Mar 6 2015 ssltap
-rwxr-xr-x. 1 lijun root 74864 Jun 10 2014 stat
-rwxr-xr-x. 1 lijun root 66408 Jun 10 2014 stdbuf
-rwxr-xr-x. 1 lijun root 28928 Mar 6 2015 strings
-rwxr-xr-x. 1 lijun root 224280 Mar 6 2015 strip
-rwxr-xr-x. 1 lijun root 70224 Jun 10 2014 stty
-rwxr-xr-x. 1 lijun root 32064 Mar 6 2015 su
---x--x--x. 1 lijun root 130720 Mar 6 2015 sudo
lrwxrwxrwx. 1 lijun root 4 Feb 29 23:57 sudoedit -> sudo
---x--x--x. 1 lijun root 65696 Mar 6 2015 sudoreplay
-rwxr-xr-x. 1 lijun root 37400 Jun 10 2014 sum
-rwxr-xr-x 3 lijun root 80872 Jun 10 2014 sx
-rwxr-xr-x. 1 lijun root 28952 Jun 10 2014 sync
-rwxr-xr-x. 1 lijun root 721712 Dec 7 22:51 systemctl
-rwxr-xr-x. 1 lijun root 1562288 Dec 7 22:51 systemd-analyze
-rwxr-xr-x. 1 lijun root 61824 Dec 7 22:51 systemd-ask-password
-rwxr-xr-x. 1 lijun root 40944 Dec 7 22:51 systemd-cat
-rwxr-xr-x. 1 lijun root 334120 Dec 7 22:51 systemd-cgls
-rwxr-xr-x. 1 lijun root 87128 Dec 7 22:51 systemd-cgtop
lrwxrwxrwx. 1 lijun root 11 Mar 1 01:42 systemd-coredumpctl -> coredumpctl
-rwxr-xr-x. 1 lijun root 78680 Dec 7 22:51 systemd-delta
-rwxr-xr-x. 1 lijun root 40928 Dec 7 22:51 systemd-detect-virt
-rwxr-xr-x. 1 lijun root 49352 Dec 7 22:51 systemd-escape
-rwxr-xr-x. 1 lijun root 103952 Dec 7 22:51 systemd-firstboot
-rwxr-xr-x. 1 lijun root 87360 Dec 7 22:51 systemd-hwdb
-rwxr-xr-x. 1 lijun root 317264 Dec 7 22:51 systemd-inhibit
lrwxrwxrwx. 1 lijun root 8 Mar 1 01:42 systemd-loginctl -> loginctl
-rwxr-xr-x. 1 lijun root 53488 Dec 7 22:51 systemd-machine-id-setup
-rwxr-xr-x. 1 lijun root 49288 Dec 7 22:51 systemd-notify
-rwxr-xr-x. 1 lijun root 558976 Dec 7 22:51 systemd-nspawn
-rwxr-xr-x. 1 lijun root 53408 Dec 7 22:51 systemd-path
-rwxr-xr-x. 1 lijun root 396344 Dec 7 22:51 systemd-run
-rwxr-xr-x. 1 lijun root 313112 Dec 7 22:51 systemd-stdio-bridge
-rwxr-xr-x. 1 lijun root 3979 Dec 7 22:51 systemd-sysv-convert
-rwxr-xr-x. 1 lijun root 149640 Dec 7 22:51 systemd-tmpfiles
-rwxr-xr-x. 1 lijun root 86784 Dec 7 22:51 systemd-tty-ask-password-agent
-rwxr-xr-x 3 lijun root 80872 Jun 10 2014 sz
-rwxr-xr-x. 1 lijun root 15664 Jun 10 2014 tabs
-rwxr-xr-x. 1 lijun root 33208 Jun 10 2014 tac
-rwxr-xr-x. 1 lijun root 66776 Jun 10 2014 tail
-rwxr-xr-x. 1 lijun root 20152 Mar 6 2015 tailf
-rwxr-xr-x. 1 lijun root 345976 Jun 10 2014 tar
-rwxr-xr-x. 1 lijun root 28672 Mar 6 2015 taskset
-rwxr-xr-x. 1 lijun root 118744 Jun 10 2014 tbl
-rwxr-xr-x. 1 lijun root 150408 Mar 6 2015 teamd
-rwxr-xr-x. 1 lijun root 29664 Mar 6 2015 teamdctl
-rwxr-xr-x. 1 lijun root 19552 Mar 6 2015 teamnl
-rwxr-xr-x. 1 lijun root 33112 Jun 10 2014 tee
-rwxr-xr-x. 1 lijun root 37288 Jun 10 2014 test
-rwxr-xr-x. 1 lijun root 30488 Jun 10 2014 testgdbm
-rwxr-xr-x. 1 lijun root 65776 Jun 10 2014 tic
-rwxr-xr-x. 1 lijun root 338144 Dec 7 22:51 timedatectl
-rwxr-xr-x. 1 lijun root 54552 Jun 10 2014 timeout
-rwxr-xr-x. 1 lijun root 15728 Mar 6 2015 tload
-rwxr-xr-x. 1 lijun root 31856 Mar 6 2015 tmon
-rwxr-xr-x. 1 lijun root 15784 Jun 10 2014 toe
-rwxr-xr-x. 1 lijun root 106840 Mar 6 2015 top
-rwxr-xr-x. 1 lijun root 62432 Jun 10 2014 touch
-rwxr-xr-x. 1 lijun root 15776 Jun 10 2014 tput
-rwxr-xr-x. 1 lijun root 45640 Jun 10 2014 tr
-rwxr-xr-x. 1 lijun root 15432 Jun 10 2014 tracepath
-rwxr-xr-x. 1 lijun root 15432 Jun 10 2014 tracepath6
-rwxr-xr-x 1 lijun root 62768 Jun 10 2014 tree
-rwxr-xr-x. 1 lijun root 525272 Jun 10 2014 troff
-rwxr-xr-x. 1 lijun root 28896 Jun 10 2014 true
-rwxr-xr-x. 1 lijun root 53896 Jun 10 2014 truncate
-rwxr-xr-x. 1 lijun root 179096 Mar 6 2015 trust
-rwxr-xr-x. 1 lijun root 20056 Jun 10 2014 tset
-rwxr-xr-x. 1 lijun root 37312 Jun 10 2014 tsort
-rwxr-xr-x. 1 lijun root 28936 Jun 10 2014 tty
-rwxr-xr-x. 1 lijun root 47552 Mar 6 2015 turbostat
-rwxr-xr-x. 1 lijun root 7339 Mar 6 2015 tzselect
-rwxr-xr-x. 1 lijun root 424216 Dec 7 22:51 udevadm
-rwxr-xr-x. 1 lijun root 19920 Mar 6 2015 ul
-rwxr-xr-x. 1 lijun root 29 Mar 6 2015 umask
-rwxr-xr-x. 1 lijun root 31960 Mar 6 2015 umount
-rwxr-xr-x. 1 lijun root 31 Mar 6 2015 unalias
-rwxr-xr-x. 1 lijun root 33048 Jun 10 2014 uname
-rwxr-xr-x. 1 lijun root 33200 Jun 10 2014 unexpand
-rwxr-xr-x. 1 lijun root 2555 Mar 6 2015 unicode_start
-rwxr-xr-x. 1 lijun root 363 Mar 6 2015 unicode_stop
-rwxr-xr-x. 1 lijun root 45752 Jun 10 2014 uniq
-rwxr-xr-x 1 lijun root 36528 Aug 3 2017 unix2dos
lrwxrwxrwx 1 lijun root 8 Mar 1 04:25 unix2mac -> unix2dos
-rwxr-xr-x. 1 lijun root 28944 Jun 10 2014 unlink
lrwxrwxrwx. 1 lijun root 3 Mar 1 01:42 unlz4 -> lz4
-rwxr-xr-x. 1 lijun root 11472 Mar 6 2015 unshare
lrwxrwxrwx. 1 lijun root 2 Feb 29 23:56 unxz -> xz
-rwxr-xr-x. 1 lijun root 1014 Sep 18 2014 update-ca-trust
-rwxr-xr-x. 1 lijun root 49768 Jun 10 2014 update-mime-database
-rwxr-xr-x. 1 lijun root 11464 Mar 6 2015 uptime
-rwxr-xr-x. 1 lijun root 12465 Mar 6 2015 urlgrabber
-rwxr-xr-x. 1 lijun root 33152 Jun 10 2014 users
-rwxr-xr-x. 1 lijun root 11208 Nov 17 2020 usleep
-rwxr-xr-x. 1 lijun root 15760 Jun 10 2014 usx2yloader
-rwxr-xr-x. 1 lijun root 15808 Mar 6 2015 utmpdump
-rwxr-xr-x. 1 lijun root 11464 Mar 6 2015 uuidgen
-rwxr-xr-x. 1 lijun root 117616 Jun 10 2014 vdir
-rwxr-xr-x. 1 lijun root 910040 Jun 10 2014 vi
lrwxrwxrwx. 1 lijun root 2 Feb 29 23:56 view -> vi
-rwxr-xr-x 1 lijun root 2337208 Dec 16 2020 vim
lrwxrwxrwx 1 lijun root 3 Mar 8 05:53 vimdiff -> vim
-rwxr-xr-x 1 lijun root 2084 Dec 16 2020 vimtutor
-rwxr-xr-x. 1 lijun root 16088 Mar 6 2015 vlock
-rwxr-xr-x. 1 lijun root 32208 Mar 6 2015 vmstat
-rwxr-xr-x. 1 lijun root 15728 Jun 10 2014 vxloader
-rwxr-xr-x. 1 lijun root 19896 Mar 6 2015 w
-rwxr-xr-x. 1 lijun root 28 Mar 6 2015 wait
-r-xr-xr-x. 1 lijun root 15344 Jun 10 2014 wall
-rwxr-xr-x. 1 lijun root 24704 Mar 6 2015 watch
-rwxr-xr-x. 1 lijun root 15648 Jun 10 2014 watchgnupg
-rwxr-xr-x. 1 lijun root 41616 Jun 10 2014 wc
-rwxr-xr-x. 1 lijun root 37312 Mar 6 2015 wdctl
-rwxr-xr-x 1 lijun root 418776 May 16 2019 wget
-rwxr-xr-x. 1 lijun root 46456 Jun 10 2014 whatis
-rwxr-xr-x. 1 lijun root 20656 Mar 6 2015 whereis
-rwxr-xr-x. 1 lijun root 24336 Jun 10 2014 which
-rwxr-xr-x. 1 lijun root 28504 Jun 10 2014 whiptail
-rwxr-xr-x. 1 lijun root 49832 Jun 10 2014 who
-rwxr-xr-x. 1 lijun root 28952 Jun 10 2014 whoami
-rwxr-xr-x. 1 lijun root 19536 Mar 6 2015 write
lrwxrwxrwx. 1 lijun root 7 Feb 29 23:56 x86_64 -> setarch
-rwxr-xr-x. 1 lijun root 10480 Mar 6 2015 x86_energy_perf_policy
-rwxr-xr-x. 1 lijun root 62264 Jun 10 2014 xargs
-rwxr-xr-x. 1 lijun root 233688 Jun 10 2014 xgettext
-rwxr-xr-x. 1 lijun root 19752 Oct 22 2014 xmlcatalog
-rwxr-xr-x. 1 lijun root 63408 Oct 22 2014 xmllint
-rwxr-xr-x. 1 lijun root 24560 Jun 10 2014 xmlwf
-rwxr-xr-x 1 lijun root 14808 Dec 16 2020 xxd
-rwxr-xr-x. 1 lijun root 71080 Oct 1 2014 xz
lrwxrwxrwx. 1 lijun root 2 Feb 29 23:56 xzcat -> xz
lrwxrwxrwx. 1 lijun root 6 Feb 29 23:56 xzcmp -> xzdiff
-rwxr-xr-x. 1 lijun root 11448 Oct 1 2014 xzdec
-rwxr-xr-x. 1 lijun root 5516 Oct 1 2014 xzdiff
lrwxrwxrwx. 1 lijun root 6 Feb 29 23:56 xzegrep -> xzgrep
lrwxrwxrwx. 1 lijun root 6 Feb 29 23:56 xzfgrep -> xzgrep
-rwxr-xr-x. 1 lijun root 5424 Oct 1 2014 xzgrep
-rwxr-xr-x. 1 lijun root 1807 Oct 1 2014 xzless
-rwxr-xr-x. 1 lijun root 2166 Oct 1 2014 xzmore
-rwxr-xr-x. 1 lijun root 28944 Jun 10 2014 yes
lrwxrwxrwx. 1 lijun root 8 Feb 29 23:56 ypdomainname -> hostname
-rwxr-xr-x. 1 lijun root 801 Mar 10 2015 yum
-rwxr-xr-x. 1 lijun root 1941 Jun 10 2014 zcat
-rwxr-xr-x. 1 lijun root 1760 Jun 10 2014 zcmp
-rwxr-xr-x. 1 lijun root 5768 Jun 10 2014 zdiff
-rwxr-xr-x. 1 lijun root 123 Jun 10 2014 zegrep
-rwxr-xr-x. 1 lijun root 123 Jun 10 2014 zfgrep
-rwxr-xr-x. 1 lijun root 2140 Jun 10 2014 zforce
-rwxr-xr-x. 1 lijun root 5916 Jun 10 2014 zgrep
-rwxr-xr-x. 1 lijun root 2041 Jun 10 2014 zless
-rwxr-xr-x. 1 lijun root 2859 Jun 10 2014 zmore
-rwxr-xr-x. 1 lijun root 5343 Jun 10 2014 znew
lrwxrwxrwx. 1 lijun root 6 Feb 29 23:56 zsoelim -> soelim
知识回顾
解释一下这个
-rw-r--r-- 1 lijun root 196 Mar 19 02:45 /etc/hosts
r 4
w 2
x 1
- rw- r-- r--
代表文件类型 所有者 所属组 其他用户
6 4 4
含义:说明这个文件所有者是lijun 有读执行权限 他的所属组是root有读的权限 其他用户有读的权限
查看登录用户 命令
w
此命令一把我们可以用来巡检服务器
信息注解:
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
什么用户登录 登录方式 从哪个ip登录 登录时间 空闲时间 终端消耗的总cpu时间 用户消耗cpu时间 用户当前正在执行的命令或程序,
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
USER:登录用户名称。
TTY:终端类型,pts/0 和 pts/1 表示虚拟终端,通常通过 SSH 登录。
FROM:用户从哪个IP地址登录,这里均为 10.0.1.1。
LOGIN@:用户登录的具体时间,分别是 00:18 和 02:50。
IDLE:用户自最后一次操作以来的空闲时间,单位为分钟。第一个用户 root 的 IDLE 为 0.00s,表示最近有活动;第二个用户 root 的 IDLE 为 11:52,表示该用户已经空闲了11小时52分钟。
JCPU:该终端进程消耗的总CPU时间,包括子进程的CPU时间。
PCPU:该用户在当前进程上消耗的CPU时间。
WHAT:用户当前正在执行的命令或程序,第一个用户 root 正在执行 w 命令来查看用户信息,第二个用户 root 正在运行 bash,即Bourne-Again Shell,这是一个常用的Linux shell环境。
[root@master ~]# w
03:39:52 up 3:23, 2 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 10.0.1.1 00:18 0.00s 0.17s 0.00s w
root pts/1 10.0.1.1 02:50 11:52 0.01s 0.00s bash
用户权限讲解
需求1: 比如你是wangyu用户账号,你现在想要修改系统名称,但是你没有权限,只能去找你的上司去了,他是如何配置的呢?
[lijun@master root]$ echo master1 > /etc/hostname
bash: /etc/hostname: Permission denied
修改拒绝了
[lijun@master usr]$ hostname
master
[lijun@master usr]$ hostnamectl set-hostname master1
==== AUTHENTICATING FOR org.freedesktop.hostname1.set-static-hostname ===
Authentication is required to set the statically configured local host name, as well as the pretty host name.
Authenticating as: root
可以看到这里是需要root密码的,如果你不知道的话,就无法修改
上司或者你给他人配置
方式1:
chown wangwu.root /etc/hosts
缺点:虽然可以,但是需要一次一次配置设置,不效率
方式2:
sudo 用户授权
visudo
需求2:给wangwu用户只能创建用户权限,其他无权限
[root@node-2 ~]# useradd it02
[root@node-2 ~]# passwd it02
Changing password for user it02.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@node-2 ~]# visudo
[root@node-2 ~]# visudo
1 ## Sudoers allows particular users to run various commands as
2 ## the root user, without needing the root password.
3 ##
4 ## Examples are provided at the bottom of the file for collections
7 ##
8 ## This file must be edited with the 'visudo' command.
9
10 ## Host Aliases
11 ## Groups of machines. You may prefer to use hostnames (perhaps using
12 ## wildcards for entire domains) or IP addresses instead.
13 # Host_Alias FILESERVERS = fs1, fs2
14 # Host_Alias MAILSERVERS = smtp, smtp2
15
16 ## User Aliases
17 ## These aren't often necessary, as you can use regular groups
18 ## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
19 ## rather than USERALIAS
20 # User_Alias ADMINS = jsmith, mikem
21
22
23 ## Command Aliases
24 ## These are groups of related commands...
25
26 ## Networking
28
29 ## Installation and management of software
30 # Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
31
32 ## Services
33 # Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
34
35 ## Updating the locate database
36 # Cmnd_Alias LOCATE = /usr/bin/updatedb
37
38 ## Storage
40
41 ## Delegating permissions
42 # Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
43
44 ## Processes
45 # Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
46
47 ## Drivers
48 # Cmnd_Alias DRIVERS = /sbin/modprobe
49
50 # Defaults specification
51
52 #
53 # Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
54 # You have to run "ssh -t hostname sudo <cmd>".
55 #
56 Defaults requiretty
57
58 #
59 # Refuse to run if unable to disable echo on the tty. This setting should also be
60 # changed in order to be able to use sudo without a tty. See requiretty above.
61 #
62 Defaults !visiblepw
63
64 #
65 # Preserving HOME has security implications since many programs
66 # use it when searching for configuration files. Note that HOME
67 # is already set when the the env_reset option is enabled, so
68 # this option is only effective for configurations where either
69 # env_reset is disabled or HOME is present in the env_keep list.
70 #
71 Defaults always_set_home
72
73 Defaults env_reset
74 Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
75 Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
76 Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
77 Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
78 Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
79
80 #
81 # Adding HOME to env_keep may enable a user to run unrestricted
82 # commands via sudo.
83 #
84 # Defaults env_keep += "HOME"
85
86 Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
87
88 ## Next comes the main part: which users can run what software on
89 ## which machines (the sudoers file can be shared between multiple
90 ## systems).
91 ## Syntax:
92 ##
93 ## user MACHINE=COMMANDS
94 ##
95 ## The COMMANDS section may have other options added to it.
96 ##
97 ## Allow root to run any commands anywhere
98 root ALL=(ALL) ALL
99 it02 ALL=(ALL) /usr/sbin/useradd
100 ## Allows members of the 'sys' group to run networking, software,
101 ## service management apps and more.
102 # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
103
104 ## Allows people in group wheel to run all commands
105 %wheel ALL=(ALL) ALL
106
107 ## Same thing without a password
108 # %wheel ALL=(ALL) NOPASSWD: ALL
109
110 ## Allows members of the users group to mount and unmount the
111 ## cdrom as root
112 # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
113
114 ## Allows members of the users group to shutdown this system
115 # %users localhost=/sbin/shutdown -h now
116
117 ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
118 #includedir /etc/sudoers.d
119 it01 ALL=(ALL) NOPASSWD: ALL
在98行这里更改加上用户和他的权限
97 ## Allow root to run any commands anywhere
98 root ALL=(ALL) ALL
99 it02 ALL=(ALL) /usr/sbin/useradd
不知道权限怎么找的,可以看下面 用which
[root@node-2 ~]# which useradd
/usr/sbin/useradd
[root@node-2 ~]# which userdel
/usr/sbin/userdel
如果想要给他一个命令以上权限,比如我这里再加上userdel权限,你可以看一下
97 ## Allow root to run any commands anywhere
98 root ALL=(ALL) ALL
99 it02 ALL=(ALL) /usr/sbin/useradd,/usr/sbin/useradd
一个以上命令就需要用逗号隔开了,注意是英文的逗号
保存到普通账户机器上查看就可以了
普通用户机器测试
[root@node-2 ~]# su it02
[it02@node-2 root]$ useradd it03
bash: /usr/sbin/useradd: Permission denied
[it02@node-2 root]$ useradd it03
bash: /usr/sbin/useradd: Permission denied
[it02@node-2 root]$ sudo -l
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for it02:
Sorry, try again.
[sudo] password for it02:
Matching Defaults entries for it02 on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME
LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET
XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User it02 may run the following commands on this host:
(ALL) /usr/sbin/useradd
[it02@node-2 root]$ useradd it03
bash: /usr/sbin/useradd: Permission denied
[it02@node-2 root]$ sudo useradd it03
[it02@node-2 root]$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
wang:x:1000:1000:wang:/home/wang:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
it01:x:1001:1001::/home/it01:/bin/bash
it02:x:1002:1002::/home/it02:/bin/bash
it03:x:1003:1003::/home/it03:/bin/bash
[it02@node-2 root]$ sudo -l
[sudo] password for it02:
Matching Defaults entries for it02 on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME
LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET
XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User it02 may run the following commands on this host:
(ALL) /usr/sbin/useradd, (ALL) /usr/sbin/userdel
[it02@node-2 root]$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
wang:x:1000:1000:wang:/home/wang:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
it01:x:1001:1001::/home/it01:/bin/bash
it02:x:1002:1002::/home/it02:/bin/bash
it03:x:1003:1003::/home/it03:/bin/bash
[it02@node-2 root]$ sudo userdel it03
[it02@node-2 root]$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
wang:x:1000:1000:wang:/home/wang:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
it01:x:1001:1001::/home/it01:/bin/bash
it02:x:1002:1002::/home/it02:/bin/bash
[it02@node-2 root]$ userdel it03
bash: /usr/sbin/userdel: Permission denied
注意:这里我们普通用户需要执行命令,前面都要加上sudo才可以
sudo功能配置方法路径文件
方式1
visudo
方式2
vi /etc/sudoers
总结:本质都是打开一个文件
如何检查visudo配置文件是否出错?
[root@node-2 ~]# visudo -c
/etc/sudoers: parsed OK
需求1:授权单个命令或者多个命令
99 it02 ALL=(ALL) /usr/sbin/useradd,/usr/sbin/userdel
需求2:授权多个目录全部命令
99 it02 ALL=(ALL) /usr/sbin/*,/usr/bin/*
也可以测试看下
[it02@node-2 root]$ sudo -l
Matching Defaults entries for it02 on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME
LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET
XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User it02 may run the following commands on this host:
(ALL) /usr/sbin/useradd, (ALL) /usr/sbin/userdel, (ALL) /usr/bin/cp
[it02@node-2 root]$ visudo
visudo: /etc/sudoers: Permission denied
visudo: /etc/sudoers: Permission denied
[it02@node-2 root]$ sudo -l
[sudo] password for it02:
Matching Defaults entries for it02 on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME
LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET
XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User it02 may run the following commands on this host:
(ALL) /usr/sbin/*, (ALL) /usr/bin/*
[it02@node-2 data]$ sudo touch {1..20}.txt
[it02@node-2 data]$ ls
10.txt 12.txt 14.txt 16.txt 18.txt 1.txt 2.txt 4.txt 6.txt 8.txt
11.txt 13.txt 15.txt 17.txt 19.txt 20.txt 3.txt 5.txt 7.txt 9.txt
[it02@node-2 data]$ sudo rm -rf *
[it02@node-2 data]$ ls
[it02@node-2 data]$
基本上的命令都可以用了
如果此时有一些敏感的配置文件,不能让普通用户有执行权限,怎么办?
比如这个visudo这个配置文件,如果不想让普通用户有这个文件权限,就这样做
他的路径在这
[root@node-2 ~]# which visudo
/usr/sbin/visudo
加个这个,前面加个!代表锁定文件以防止并发修改,也就是不让他修改,无权限修改这个文件
!/usr/sbin/visudo
98 root ALL=(ALL) ALL
99 it02 ALL=(ALL) /usr/sbin/*,/usr/bin/*,!/usr/sbin/visudo
测试
这下普通用户编辑不了这个文件了
[it02@node-2 data]$ sudo -l
Matching Defaults entries for it02 on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME
LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET
XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User it02 may run the following commands on this host:
(ALL) /usr/sbin/*, (ALL) /usr/bin/*, (ALL) !/usr/sbin/visudo
[it02@node-2 data]$ sudo visudo
Sorry, user it02 is not allowed to execute '/sbin/visudo' as root on node-2.
注意:
/usr/sbin/*,/usr/bin/*
这两个文件包含了大量的命令,所以这个文件授权出去,基本上就等于把root差不多也给授权出去了的。不过与root还是有差别的,毕竟还是需要超级管理员root来给你权限的
`/usr/sbin` 和 `/usr/bin` 是Linux系统中存放二进制可执行文件的两个目录。
- `/usr/sbin`:这个目录通常用于存放系统级的守护程序(daemons)和管理工具,这些程序和工具一般由系统管理员(root用户)执行,或者是需要较高权限才能运行的服务程序。例如,很多服务器相关的服务脚本和管理工具都存放在这个目录下。
- `/usr/bin`:这个目录包含了大量的通用二进制可执行文件,这些程序可供所有用户使用,包括日常的命令行工具和图形界面程序。例如,大部分常用的命令行工具如 `ls`、`mkdir`、`vi` 等都在此目录下。
`/usr/sbin/*,/usr/bin/*` 这样的表达式通常在Shell脚本或命令行中用来表示这两个目录下的所有可执行文件。例如,在搜索特定文件、批量更改权限或执行其他涉及多个二进制文件的操作时,可能会用到这种通配符表达式。
需求3:如何去除普通用户登录执行命令需要密码----不需要输入密码,直接sudo管理
[root@node-2 ~]# su it02
[it02@node-2 root]$ sudo useradd 1101
[sudo] password for it02:
root端设置
visudo
加上这个就可以NOPASSWD: 含义就是不要输入密码登录了
98 root ALL=(ALL) ALL
99 it02 ALL=(ALL) NOPASSWD: /usr/sbin/*,/usr/bin/*,!/usr/sbin/visudo
测试
[root@node-2 ~]# su it02
[it02@node-2 root]$ sudo useradd 1101
useradd: user '1101' already exists
如何防范系统重要文件被破坏?
思路:给我们的重要文件加个锁
chattr
用chattr命令防止系统中某个关键文件被修改
a:让文件或目录仅供附加用途;
b:不更新文件或目录的最后存取时间;
c:将文件或目录压缩后存放;
d:将文件或目录排除在倾倒操作之外;
i:不得任意更动文件或目录;
s:保密性删除文件或目录;
S:即时更新文件或目录;
u:预防意外删除
常用的就是 -i 和 +i 解密 加密
[root@node-2 ~]# chattr +i /etc/passwd
[root@node-2 ~]# useradd laoliu
useradd: cannot open /etc/passwd
[root@node-2 ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
wang:x:1000:1000:wang:/home/wang:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
it01:x:1001:1001::/home/it01:/bin/bash
it02:x:1002:1002::/home/it02:/bin/bash
lao:x:1003:1003::/home/lao:/bin/bash
1101:x:1004:1004::/home/1101:/bin/bash
[root@node-2 ~]# mv /etc/passwd /tmp
mv: cannot move ‘/etc/passwd’ to ‘/tmp/passwd’: Operation not permitted
[root@node-2 ~]# vi /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
wang:x:1000:1000:wang:/home/wang:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
it01:x:1001:1001::/home/it01:/bin/bash
it02:x:1002:1002::/home/it02:/bin/bash
lao:x:1003:1003::/home/lao:/bin/bash
1101:x:1004:1004::/home/1101:/bin/bash
~
~
~
~
~
~
~
~
~
~
"/etc/passwd" [readonly] 25L, 1142C
vi也变成只读模式了,无法修改
可以看到只能看,不能做,气不气,嘿嘿
如何解除呢?
chattr -i /etc/passwd
[root@node-2 ~]# chattr -i /etc/passwd
[root@node-2 ~]# vi /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
wang:x:1000:1000:wang:/home/wang:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
it01:x:1001:1001::/home/it01:/bin/bash
it02:x:1002:1002::/home/it02:/bin/bash
lao:x:1003:1003::/home/lao:/bin/bash
1101:x:1004:1004::/home/1101:/bin/bash
~
~
~
~
~
~
~
~
~
~
可以看到又可以编辑了,嘿嘿
这是有个问题,如果黑客进来,同样可以用chattr解密?这……
思路:把这个命令路径给移动走,移走之后给我重命名这个命令,这样即使黑客用find命令找,他也找不到了,因为黑客不知道我给这个命令重名了什么名字了
这时,不管怎么讲,优势在我
操作:
[root@node-2 ~]# chattr +i /etc/passwd
[root@node-2 ~]# which chattr
/usr/bin/chattr
[root@node-2 ~]# mv /usr/bin/chattr /usr/local/src/
[root@node-2 ~]# cd /usr/local/src/
[root@node-2 src]# ls
chattr
这里因为你把命令路径移动走了,所以我们需要再当前的这个目录执行加锁解锁
[root@node-2 src]# chattr -i /etc/passwd
-bash: /usr/bin/chattr: No such file or directory
[root@node-2 src]# ./chattr -i /etc/passwd
默认黑客查找,这是他用find一下就找到了
[root@node-2 src]# find / -type f -name chattr
/usr/local/src/chattr
[root@node-2 src]#
[root@node-2 src]#
[root@node-2 src]# ls
chattr
,不用怕,我们做个重命名
[root@node-2 src]# mv chattr chattr1
模拟黑客查找
[root@node-2 src]# find / -type f -name chattr
[root@node-2 src]# find / -type f -name chattr
这下他找不到了吧,哈哈
注意,以后我们在执行命令的时候,这个命令就不是原来的chattr了,而是你重命名之后的,我这里是chattr1
[root@node-2 src]# ./chattr +i /etc/passwd
-bash: ./chattr: No such file or directory
[root@node-2 src]# ./chattr1 +i /etc/passwd
重点回顾
cat /etc/passwd --常用的
cat /etc/shadow 密码信息
cat /etc/group 组用户记录信息
cat /etc/gshadow 组用户密码信息
cat /etc/passwd 用户信息 常用
文件分析
root :x :0 :0 :root :/root :/bin/bash
1 2 3 4 5 6 7
用户名称 密码信息 uid信息 gid信息 注释信息 家目录 登录方式
:/bin/bash 通用解释器
:/sbin/nologin 不能登录系统
常用命令-history-useradd-usermod-userdel-groupadd-chown-chmod-w-chattr
常用选项
history -c 清除
history -a 或 history -w 将历史命令文件写入到当前缓存区
注意:一般在生产环境中,都是清除一下自己的历史命令,尤其涉及到密码 不然被看到了,所以还是建议大家清除一下
history
history命令用于显示指定数目的指令命令,读取历史命令文件中的目录到历史命令缓冲区和将历史命令缓冲区中的目录写入命令文件。
该命令单独使用时,仅显示历史命令,在命令行中,可以使用符号!执行指定序号的历史命令。例如,要执行第2个历史命令,则输入!2。
历史命令是被保存在内存中的,当退出或者登录shell时,会自动保存或读取。在内存中,历史命令仅能够存储1000条历史命令,该数量是由环境变量HISTSIZE进行控制。
语法
history(选项)(参数)
选项
-c:清空当前历史命令;
-a:将历史命令缓冲区中命令写入历史命令文件中;
-r:将历史命令文件中的命令读入当前历史命令缓冲区;
-w:将当前历史命令缓冲区命令写入历史命令文件中。
参数
n:打印最近的n条历史命令。
实例
使用history命令显示最近使用的10条历史命令,输入如下命令:
[root@localhost ~]# history 10
92 ls
93 cd ..
94 ls
95 exit
96 ls -a
97 cd .ssh/
98 ls
99 cat known_hosts
100 exit
101 history 10
useradd
useradd命令用于Linux中创建的新的系统用户。useradd可用来建立用户帐号。帐号建好之后,再用passwd设定帐号的密码.而可用userdel删除帐号。使用useradd指令所建立的帐号,实际上是保存在/etc/passwd文本文件中。
在Slackware中,adduser指令是个script程序,利用交谈的方式取得输入的用户帐号资料,然后再交由真正建立帐号的useradd命令建立新用户,如此可方便管理员建立用户帐号。在Red Hat Linux中,adduser命令则是useradd命令的符号连接,两者实际上是同一个指令。
语法
useradd(选项)(参数)
选项
-c<备注>:加上备注文字。备注文字会保存在passwd的备注栏位中;
-d<登入目录>:指定用户登入时的启始目录;
-D:变更预设值;
-e<有效期限>:指定帐号的有效期限;
-f<缓冲天数>:指定在密码过期后多少天即关闭该帐号;
-g<群组>:指定用户所属的群组;
-G<群组>:指定用户所属的附加群组;
-m:自动建立用户的登入目录;
-M:不要自动建立用户的登入目录;
-n:取消建立以用户名称为名的群组;
-r:建立系统帐号;
-s<shell>:指定用户登入后所使用的shell;
-u<uid>:指定用户id。
参数
用户名:要创建的用户名。
实例
新建用户加入组:
useradd –g sales jack –G company,employees //-g:加入主要组、-G:加入次要组
建立一个新用户账户,并设置ID:
useradd caojh -u 544
需要说明的是,设定ID值时尽量要大于500,以免冲突。因为Linux安装后会建立一些特殊用户,一般0到499之间的值留给bin、mail这样的系统账号。
usermod
usermod命令用于修改用户的基本信息。usermod命令不允许你改变正在线上的使用者帐号名称。当usermod命令用来改变user id,必须确认这名user没在电脑上执行任何程序。你需手动更改使用者的crontab档。也需手动更改使用者的at工作档。采用NIS server须在server上更动相关的NIS设定。
语法
usermod(选项)(参数)
选项
-c<备注>:修改用户帐号的备注文字;
-d<登入目录>:修改用户登入时的目录;
-e<有效期限>:修改帐号的有效期限;
-f<缓冲天数>:修改在密码过期后多少天即关闭该帐号;
-g<群组>:修改用户所属的群组;
-G<群组>;修改用户所属的附加群组;
-l<帐号名称>:修改用户帐号名称;
-L:锁定用户密码,使密码无效;
-s<shell>:修改用户登入后所使用的shell;
-u<uid>:修改用户ID;
-U:解除密码锁定。
参数
登录名:指定要修改信息的用户登录名。
实例
将newuser2添加到组staff中:
usermod -G staff newuser2
修改newuser的用户名为newuser1:
usermod -l newuser1 newuser
锁定账号newuser1:
usermod -L newuser1
解除对newuser1的锁定:
usermod -U newuser1
userdel
userdel命令用于删除给定的用户,以及与用户相关的文件。若不加选项,则仅删除用户帐号,而不删除相关文件。
语法
userdel(选项)(参数)
选项
-f:强制删除用户,即使用户当前已登录;
-r:删除用户的同时,删除与用户相关的所有文件。
参数
用户名:要删除的用户名。
实例
userdel命令很简单,比如我们现在有个用户niaoge,其家目录位于/var目录中,现在我们来删除这个用户:
userdel niaoge //删除用户niaoge,但不删除其家目录及文件;
userdel -r niaoge //删除用户niaoge,其家目录及文件一并删除;
请不要轻易用-r选项;他会删除用户的同时删除用户所有的文件和目录,切记如果用户目录下有重要的文件,在删除前请备份。
其实也有最简单的办法,但这种办法有点不安全,也就是直接在/etc/passwd中删除您想要删除用户的记录;但最好不要这样做,/etc/passwd是极为重要的文件,可能您一不小心会操作失误。
groupadd
groupadd命令用于创建一个新的工作组,新工作组的信息将被添加到系统文件中。
语法
groupadd(选项)(参数)
选项
-g:指定新建工作组的id;
-r:创建系统工作组,系统工作组的组ID小于500;
-K:覆盖配置文件“/ect/login.defs”;
-o:允许添加组ID号不唯一的工作组。
参数
组名:指定新建工作组的组名。
实例
建立一个新组,并设置组ID加入系统:
groupadd -g 344 niaoge
此时在/etc/passwd文件中产生一个组ID(GID)是344的项目
chown
chown命令改变某个文件或目录的所有者和所属的组,该命令可以向某个用户授权,使该用户变成指定文件的所有者或者改变文件所属的组。用户可以是用户或者是用户D,用户组可以是组名或组id。文件名可以使由空格分开的文件列表,在文件名中可以包含通配符。
只有文件主和超级用户才可以便用该命令。
语法
chown(选项)(参数)
选项
-c或——changes:效果类似“-v”参数,但仅回报更改的部分;
-f或--quite或——silent:不显示错误信息;
-h或--no-dereference:只对符号连接的文件作修改,而不更改其他任何相关文件;
-R或——recursive:递归处理,将指定目录下的所有文件及子目录一并处理;
-v或——version:显示指令执行过程;
--dereference:效果和“-h”参数相同;
--help:在线帮助;
--reference=<参考文件或目录>:把指定文件或目录的拥有者与所属群组全部设成和参考文件或目录的拥有者与所属群组相同;
--version:显示版本信息。
参数
用户:组:指定所有者和所属工作组。当省略“:组”,仅改变文件所有者;
文件:指定要改变所有者和工作组的文件列表。支持多个文件和目标,支持shell通配符。
实例
将目录/usr/meng及其下面的所有文件、子目录的文件主改成 liu:
chown -R liu /usr/meng
chmod
chmod命令用来变更文件或目录的权限。在UNIX系统家族里,文件或目录权限的控制分别以读取、写入、执行3种一般权限来区分,另有3种特殊权限可供运用。用户可以使用chmod指令去变更文件与目录的权限,设置方式采用文字或数字代号皆可。符号连接的权限无法变更,如果用户对符号连接修改权限,其改变会作用在被连接的原始文件。
权限范围的表示法如下:
u User,即文件或目录的拥有者;
g Group,即文件或目录的所属群组;
o Other,除了文件或目录拥有者或所属群组之外,其他用户皆属于这个范围;
a All,即全部的用户,包含拥有者,所属群组以及其他用户;
r 读取权限,数字代号为“4”;
w 写入权限,数字代号为“2”;
x 执行或切换权限,数字代号为“1”;
- 不具任何权限,数字代号为“0”;
s 特殊功能说明:变更文件或目录的权限。
语法
chmod(选项)(参数)
选项
-c或——changes:效果类似“-v”参数,但仅回报更改的部分;
-f或--quiet或——silent:不显示错误信息;
-R或——recursive:递归处理,将指令目录下的所有文件及子目录一并处理;
-v或——verbose:显示指令执行过程;
--reference=<参考文件或目录>:把指定文件或目录的所属群组全部设成和参考文件或目录的所属群组相同;
<权限范围>+<权限设置>:开启权限范围的文件或目录的该选项权限设置;
<权限范围>-<权限设置>:关闭权限范围的文件或目录的该选项权限设置;
<权限范围>=<权限设置>:指定权限范围的文件或目录的该选项权限设置;
参数
权限模式:指定文件的权限模式;
文件:要改变权限的文件。
例:rwx rw- r--
r=读取属性 //值=4
w=写入属性 //值=2
x=执行属性 //值=1
chmod u+x,g+w f01 //为文件f01设置自己可以执行,组员可以写入的权限
chmod u=rwx,g=rw,o=r f01
chmod 764 f01
chmod a+x f01 //对文件f01的u,g,o都设置可执行属性
文件的属主和属组属性设置
chown user:market f01 //把文件f01给uesr,添加到market组
ll -d f1 查看目录f1的属性
w
w命令用于显示已经登陆系统的用户列表,并显示用户正在执行的指令。执行这个命令可得知目前登入系统的用户有那些人,以及他们正在执行的程序。单独执行w命令会显示所有的用户,您也可指定用户名称,仅显示某位用户的相关信息。
语法
w(选项)(参数)
选项
-h:不打印头信息;
-u:当显示当前进程和cpu时间时忽略用户名;
-s:使用短输出格式;
-f:显示用户从哪登录;
-V:显示版本信息。
参数
用户:仅显示指定用户。
实例
w
20:39:37 up 136 days, 3:58, 1 user, load average: 0.00, 0.00, 0.00
USER TTY FROM login@ IDLE JCPU PCPU WHAT
root pts/0 222.94.97.122 20:39 1.00s 0.00s 0.00s w
chattr
chattr命令用来改变文件属性。这项指令可改变存放在ext2文件系统上的文件或目录属性,这些属性共有以下8种模式:
a:让文件或目录仅供附加用途;
b:不更新文件或目录的最后存取时间;
c:将文件或目录压缩后存放;
d:将文件或目录排除在倾倒操作之外;
i:不得任意更动文件或目录;
s:保密性删除文件或目录;
S:即时更新文件或目录;
u:预防意外删除。
语法
chattr(选项)
选项
-R:递归处理,将指令目录下的所有文件及子目录一并处理;
-v<版本编号>:设置文件或目录版本;
-V:显示指令执行过程;
+<属性>:开启文件或目录的该项属性;
-<属性>:关闭文件或目录的该项属性;
=<属性>:指定文件或目录的该项属性。
实例
用chattr命令防止系统中某个关键文件被修改:
chattr +i /etc/fstab
然后试一下rm、mv、rename等命令操作于该文件,都是得到Operation not permitted的结果。
让某个文件只能往里面追加内容,不能删除,一些日志文件适用于这种操作:
chattr +a /data1/user_act.log
知识扩展和实例
Linux用 户分为:拥有者、组群(Group)、其他(other),Linux系统中,预设的情況下,系统中所有的帐号与一般身份使用者,以及root的相关信息, 都是记录在/etc/passwd文件中。每个人的密码则是记录在/etc/shadow文件下。 此外,所有的组群名称记录在/etc/group內!
linux文件的用户权限的分析图
相对路径和绝对路径
cd /data 和 cd data/ 区别?
cd /data 绝对路径-从根目录去找
cd data/ 相对路径-从当前目录去找
- `cd /data`:
这个命令会切换当前工作目录到根目录 `/` 下的 `data` 目录。由于前面带有斜杠 `/`,这意味着它会从文件系统的根开始寻找 `data` 目录,不论你当前位于哪个目录下。
- `cd data/`:
这个命令也会尝试切换当前工作目录,但它会从当前工作目录开始查找名为 `data` 的子目录。如果当前目录下存在名为 `data` 的子目录,那么会切换到这个子目录;如果当前目录下不存在 `data` 目录,该命令将失败,并且通常会显示类似 "no such file or directory" 的错误信息。
总结来说,`cd /data` 是绝对路径,总是从根目录开始;而 `cd data/` 是相对路径,相对于当前工作目录进行查找。如果希望明确表示切换到当前目录下的 `data` 子目录,也可以使用 `cd ./data/` 来表示相对路径,其中 `./` 表示当前目录。
