How to modify the hostname and username and password of Raspberry Pi All In One
1.How to fix the bug that there is no signal when the Raspberry Pi is connected to a monitor with an HDMI cable All In One2.Raspberry Pi command line tools vcgencmd All In One3.Python rpi_ws281x library All In One4.Adafruit CircuitPython NeoPixel All In One5.How to fix the problem that Raspberry Pi cannot use the root user for SSH login All In One
6.How to modify the hostname and username and password of Raspberry Pi All In One
7.树莓派 4B 核心电子元器件图解 All In One8.Linux install vim errors All In One9.How to boot the Raspberry Pi system from a USB Mass Storage Device All In One10.How to Control an External USB Web Camera Using a Raspberry Pi All In One11.ARM Cortex-A72 CPU All In One12.Linux shutdown & reboot & poweroff All In One13.软路由 & 旁路由 All In One14.How to change the default Python2 to Python3 on Linux All In One15.Raspberry Pi 4 Model B Product Information Portal All In One16.use SSH to connect to Raspberry Pi methods All In One17.国产单片机开发板 All In One18.How to use Raspberry Pi scan bluetooth devices All In One19.How to use the Raspberry Pi and Python to control a DHT11 wet and temperate module All In One20.How to use the Raspberry Pi and Python to control a buzzer All In One21.gpiozero API All In One22.RPi.GPIO API All In One23.Node.js & Raspberry Pi & WS2812B RGB LEDs strip All In One24.Raspberry Pi 3 Model B and Raspberry Pi 3 Model B+ and and Raspberry Pi 4 Model B All In One25.How to use Linux command or Python code get Raspberry PI's Temperature All In One26.How to connect to multiple SSD1306 OLED Displays using Raspberry Pi GPIO I2C PIN All In One27.Raspberry Pi & 0.96 inch SSD1306 OLED display All In One28.WS2812B RGB LED 灯带外接电源所需要的电压计算公式 All In One29.Raspberry Pi GPIO pins All In One30.如何使用蓝牙控制树莓派 All In One31. Raspberry Pi & Experience AI All In One32.如何修复树莓派在更换了一个 SD 系统卡后,无法使用 SSH 登录问题 All In One33.How to use the Raspberry Pi to study the Linux kernel source code All In One34.Raspberry Pi 设置开机登录后自启动脚本 All In One35.How to use SSH to access the Raspberry Pi without know the Wi-Fi IP address All In One36.Raspberry Pi Code Editor All In One37.Linux copy from pipe command All In One38.how to use crontab to send an email on Linux All In One39.macOS Terminal & Raspberry Pi client_loop: send disconnect: Broken pipe All In One40.Raspberry Pi crontab not work bug All In One41.Raspberry Pi GPIO 针脚图解教程 All In One42.how to get Raspberry Pi System Information All In One43.2023 最新的如何树莓派上安装中文输入法和设置中文语言环境教程 All In One44.Linux change archive mirror All In One45.How to publish a Linux package to mirror All In One46.Raspberry Pi 3B won't turn on after being powered on All In One47.Raspberry Pi Debug Probe All In One48.How to find the "usbmodem" of Raspberry Pi Pico on macOS All In One49.How to check the USB devices connected to Linux by using Terminal All In One50.Raspberry Pi Imager All In One51.use macOS terminal can not install MicroPython on Raspberry Pi Pico bug All In One52.Raspberry Pi Pico All In One53.macOS 如何通过 SSH 访问树莓派 All In One54.面包板使用教程 All In One55.Raspberry Pi Pico & MicroPython All In One56.Raspberry Pi & Python & GPIO All In One57.Raspberry Pi Remote Access All In One58.Raspberry Pi 4 B 8G All In One59.How to use macOS to connect to Raspberry Pi without the monitor All In One60.Linux 关机命令 All In One61.Raspberry Pi 5 All In One62.TensorFlow Lite & Raspberry Pi All In One63.how to install GitLab on Raspberry Pi OS 64.Raspberry Pi & GPIO All In One65.Raspberry Pi 电路图模拟器 All In One66.树莓派 4B 入门教程 All In One67.如何在树莓派上搭建 gitlab 服务 All In One68.Raspberry Pi & Node.js & WebSockets & IM69.Raspberry Pi & Raspberry Pi 4 All In One70.IoT & Raspberry Pi71.NMAP 使用教程 All In One72.如何使用 config.txt 配置 Raspberry Pi 3 的各种信息!73.如何在没有显示器的情况下查看 Raspberry Pi 3 的 IP 地址信息 All In One74.How To Install Linux & Nginx & MySQL & PHP (LEMP) stack on Raspberry Pi 3 All In One75.如何启用树莓派的硬件看门狗功能,让它在系统宕机时可以自动重新开机 All In One76.如何在 Raspberry Pi 树莓派上安装浏览器的详细教程 All In One77.树莓派(raspberry pi 3) 中文界面支持的设置,安装中文环境,中文输入法 All In One78.2016 最新的树莓派3 上手评测图解教程新手必看 All In OneHow to modify the hostname and username and password of Raspberry Pi All In One
如何修改
树莓派的主机名、用户名和密码
$ cat /boot/userconf.txt
pi:/4g6TptuTP5B6
solutions ✅
raspi-config
$ sudo raspi-config
System Options
Password
Hostname
passwd
# 修改当前登录用户 pi 的密码
$ passwd
add user
# 添加新用户
$ sudo useradd -m xgqfrms -G sudo
to add a new user with the same permissions as the pi user;
This adds a new user called xgqfrms, creates a home folder, and adds the user to the sudo group;
You now need to set a password for the new user;
# 设置新用户的密码
$ sudo passwd xgqfrms
visudo
# 查看权限
$ sudo visudo
$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "@include" directives:
@includedir /etc/sudoers.d
delete user
# 删除用户 pi
$ sudo deluser pi
This command will delete the pi user but will leave the home/pi folder.
If necessary, you can use the command below to remove the home folder for the pi user at the same time.
⚠️ Note the data in this folder will be permanently deleted, so make sure any required data is stored elsewhere.
# 永久的删除用户 pi 的家目录
$ sudo deluser -remove-home pi
backup
# 备份整个 home 目录
$ cp /home/pi /home/xgqfrms
# 仅备份 home 目录下的 Desktop 目录
$ cp /home/pi/Desktop /home/xgqfrms/Desktop
$ cat .profile
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
echo "每次登录自动执行脚本发送树莓派的 IP 地址到钉钉消息✅"
bash /home/pi/Desktop/ip-program.sh
# echo "开启SSD1306 OLED 🖥️ 🌡️"
# sudo python3 /home/pi/OLED_Stats/stats.py &
# $ cat .profile
.zshrc
.bashrc
.profile
.local
locale
vim
nvm
node.js
nginx
docker
git
Security
Placing sudo in front of a command runs it as a superuser, and by default, that does not need a password.
In general, this is not a problem.
However, if your Pi is exposed to the internet and somehow becomes exploited (perhaps via a webpage exploit for example), the attacker will be able to change things that require superuser credential, unless you have set sudo to require a password.
$ ls -alth /etc/sudoers.d
总用量 24K
drwxr-xr-x 120 root root 4.0K 5月 31 17:42 ..
drwxr-xr-x 2 root root 4.0K 5月 3 11:29 .
-r--r----- 1 root root 27 5月 3 10:55 010_pi-nopasswd
-r--r----- 1 root root 958 1月 14 21:29 README
-r--r----- 1 root root 211 3月 18 2022 010_proxy
-r--r----- 1 root root 36 4月 29 2019 010_at-export
To force sudo to require a password,
change the pi entry (or whichever usernames have superuser rights) to.
$ sudo nano /etc/sudoers.d/010_pi-nopasswd
# 开启 sudo 密码验证
pi ALL=(ALL) PASSWD: ALL
$ sudo nano /etc/sudoers.d/010_xgqfrms-nopasswd
# 开启 sudo 密码验证
xgqfrms ALL=(ALL) PASSWD: ALL
demos
$ cat /boot/userconf.txt
pi:/4g6TptuTP5B6
# pi:raspberry
usermod
$ man usermod
$ man usermod > ./man-docs/usermod.md
$ cat ./man-docs/usermod.md
$ man usermod
$ man usermod > ./man-docs/usermod.md
$ cat ./man-docs/usermod.md
USERMOD(8) 系统管理命令 USERMOD(8)
名称
usermod - 修改一个用户账户
大纲
usermod [选项] 登录
描述
The usermod command modifies the system account files to reflect the changes that are
specified on the command line.
选项
The options which apply to the usermod command are:
-a, --append
Add the user to the supplementary group(s). Use only with the -G option.
-b, --badnames
Allow names that do not conform to standards.
-c, --comment COMMENT
The new value of the user's password file comment field. It is normally modified
using the chfn(1) utility.
-d, --home HOME_DIR
用户的新登录目录。
If the -m option is given, the contents of the current home directory will be
moved to the new home directory, which is created if it does not already exist.
-e, --expiredate EXPIRE_DATE
The date on which the user account will be disabled. The date is specified in the
format YYYY-MM-DD.
An empty EXPIRE_DATE argument will disable the expiration of the account.
This option requires a /etc/shadow file. A /etc/shadow entry will be created if
there were none.
-f, --inactive INACTIVE
密码过期之后,账户被彻底禁用之前的天数。
0 表示密码过期时,立即禁用账户;-1 表示不使用这个功能。
This option requires a /etc/shadow file. A /etc/shadow entry will be created if
there were none.
-g, --gid GROUP
用户的新初始登录组的组名或数字代号。此组必须存在。
用户主目录中,属于原来的主组的文件将转交新组所有。
主目录之外的文件所属的组必须手动修改。
-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
A list of supplementary groups which the user is also a member of. Each group is
separated from the next by a comma, with no intervening whitespace. The groups are
subject to the same restrictions as the group given with the -g option.
If the user is currently a member of a group which is not listed, the user will be
removed from the group. This behaviour can be changed via the -a option, which
appends the user to the current supplementary group list.
-l, --login NEW_LOGIN
The name of the user will be changed from LOGIN to NEW_LOGIN. Nothing else is
changed. In particular, the user's home directory or mail spool should probably be
renamed manually to reflect the new login name.
-L, --lock
Lock a user's password. This puts a '!' in front of the encrypted password,
effectively disabling the password. You can't use this option with -p or -U.
Note: if you wish to lock the account (not only access with a password), you
should also set the EXPIRE_DATE to 1.
-m, --move-home
将用户的主目录移动到新位置。
This option is only valid in combination with the -d (or --home) option.
usermod will try to adapt the ownership of the files and to copy the modes, ACL
and extended attributes, but manual changes might be needed afterwards.
-o, --non-unique
When used with the -u option, this option allows to change the user ID to a
non-unique value.
-p, --password PASSWORD
The encrypted password, as returned by crypt(3).
Note: This option is not recommended because the password (or encrypted password)
will be visible by users listing the processes.
The password will be written in the local /etc/passwd or /etc/shadow file. This
might differ from the password database configured in your PAM configuration.
您应该确保密码符合系统的密码政策。
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the
CHROOT_DIR directory.
-P, --prefix PREFIX_DIR
Apply changes in the PREFIX_DIR directory and use the configuration files from the
PREFIX_DIR directory. This option does not chroot and is intended for preparing a
cross-compilation target. Some limitations: NIS and LDAP users/groups are not
verified. PAM authentication is using the host files. No SELINUX support.
-s, --shell SHELL
用户的新登录 shell 的名称。将此字段设置为空会让系统选择默认的登录 shell。
-u, --uid UID
用户 ID 的新数值。
This value must be unique, unless the -o option is used. The value must be
non-negative.
用户的邮箱,用户主目录中属于此用户的文件的属主 ID 也将自动更改。
用户主目录之外文件所有权必须手动修复。
No checks will be performed with regard to the UID_MIN, UID_MAX, SYS_UID_MIN, or
SYS_UID_MAX from /etc/login.defs.
-U, --unlock
Unlock a user's password. This removes the '!' in front of the encrypted password.
You can't use this option with -p or -L.
Note: if you wish to unlock the account (not only access with a password), you
should also set the EXPIRE_DATE (for example to 99999, or to the EXPIRE value from
/etc/default/useradd).
-v, --add-subuids FIRST-LAST
Add a range of subordinate uids to the user's account.
This option may be specified multiple times to add multiple ranges to a users
account.
No checks will be performed with regard to SUB_UID_MIN, SUB_UID_MAX, or
SUB_UID_COUNT from /etc/login.defs.
-V, --del-subuids FIRST-LAST
Remove a range of subordinate uids from the user's account.
This option may be specified multiple times to remove multiple ranges to a users
account. When both --del-subuids and --add-subuids are specified, the removal of
all subordinate uid ranges happens before any subordinate uid range is added.
No checks will be performed with regard to SUB_UID_MIN, SUB_UID_MAX, or
SUB_UID_COUNT from /etc/login.defs.
-w, --add-subgids FIRST-LAST
Add a range of subordinate gids to the user's account.
This option may be specified multiple times to add multiple ranges to a users
account.
No checks will be performed with regard to SUB_GID_MIN, SUB_GID_MAX, or
SUB_GID_COUNT from /etc/login.defs.
-W, --del-subgids FIRST-LAST
Remove a range of subordinate gids from the user's account.
This option may be specified multiple times to remove multiple ranges to a users
account. When both --del-subgids and --add-subgids are specified, the removal of
all subordinate gid ranges happens before any subordinate gid range is added.
No checks will be performed with regard to SUB_GID_MIN, SUB_GID_MAX, or
SUB_GID_COUNT from /etc/login.defs.
-Z, --selinux-user SEUSER
用户登陆的 SELinux 用户。
A blank SEUSER will remove the SELinux user mapping for user LOGIN (if any).
CAVEATS
You must make certain that the named user is not executing any processes when this
command is being executed if the user's numerical user ID, the user's name, or the
user's home directory is being changed. usermod checks this on Linux. On other
platforms it only uses utmp to check if the user is logged in.
You must change the owner of any crontab files or at jobs manually.
您必须更改 NIS 服务器上的 NIS 相关内容。
配置文件
The following configuration variables in /etc/login.defs change the behavior of this
tool:
LASTLOG_UID_MAX (number)
Highest user ID number for which the lastlog entries should be updated. As higher
user IDs are usually tracked by remote user identity and authentication services
there is no need to create a huge sparse lastlog file for them.
No LASTLOG_UID_MAX option present in the configuration means that there is no user
ID limit for writing lastlog entries.
MAIL_DIR (string)
邮箱目录。修改或删除用户账户时需要处理邮箱,如果没有指定,将使用编译时指定的默认
值。
MAIL_FILE (string)
定义用户邮箱文件的位置(相对于主目录)。
The MAIL_DIR and MAIL_FILE variables are used by useradd, usermod, and userdel to
create, move, or delete the user's mail spool.
MAX_MEMBERS_PER_GROUP (number)
Maximum members per group entry. When the maximum is reached, a new group entry
(line) is started in /etc/group (with the same name, same password, and same GID).
默认值是 0,意味着组中的成员数没有限制。
此功能(分割组)允许限制组文件中的行长度。这对于确保 NIS 组的行比长于 1024 字符。
如果要强制这个限制,可以使用 25。
注意:分割组可能不受所有工具的支持(甚至在 Shadow 工具集中)。您不应该使用这个变
量,除非真的需要。
SUB_GID_MIN (number), SUB_GID_MAX (number), SUB_GID_COUNT (number)
If /etc/subuid exists, the commands useradd and newusers (unless the user already
have subordinate group IDs) allocate SUB_GID_COUNT unused group IDs from the range
SUB_GID_MIN to SUB_GID_MAX for each new user.
The default values for SUB_GID_MIN, SUB_GID_MAX, SUB_GID_COUNT are respectively
100000, 600100000 and 65536.
SUB_UID_MIN (number), SUB_UID_MAX (number), SUB_UID_COUNT (number)
If /etc/subuid exists, the commands useradd and newusers (unless the user already
have subordinate user IDs) allocate SUB_UID_COUNT unused user IDs from the range
SUB_UID_MIN to SUB_UID_MAX for each new user.
The default values for SUB_UID_MIN, SUB_UID_MAX, SUB_UID_COUNT are respectively
100000, 600100000 and 65536.
文件
/etc/group
组账户信息。
/etc/gshadow
安全组账户信息。
/etc/login.defs
Shadow 密码套件配置。
/etc/passwd
用户账户信息。
/etc/shadow
安全用户账户信息。
/etc/subgid
Per user subordinate group IDs.
/etc/subuid
Per user subordinate user IDs.
参见
chfn(1), chsh(1), passwd(1), crypt(3), gpasswd(8), groupadd(8), groupdel(8),
groupmod(8), login.defs(5), subgid(5), subuid(5), useradd(8), userdel(8).
shadow-utils 4.8.1 2020-02-07 USERMOD(8)
# pi & root
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
systemd-network:x:101:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:102:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
pi:x:1000:1000:,,,:/home/pi:/bin/bash
systemd-timesync:x:103:109:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:104:110::/nonexistent:/usr/sbin/nologin
_rpc:x:105:65534::/run/rpcbind:/usr/sbin/nologin
sshd:x:106:65534::/run/sshd:/usr/sbin/nologin
statd:x:107:65534::/var/lib/nfs:/usr/sbin/nologin
avahi:x:108:113:Avahi mDNS daemon,,,:/run/avahi-daemon:/usr/sbin/nologin
dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
lightdm:x:110:114:Light Display Manager:/var/lib/lightdm:/bin/false
rtkit:x:111:116:RealtimeKit,,,:/proc:/usr/sbin/nologin
pulse:x:112:119:PulseAudio daemon,,,:/run/pulse:/usr/sbin/nologin
saned:x:113:122::/var/lib/saned:/usr/sbin/nologin
colord:x:114:123:colord colour management daemon,,,:/var/lib/colord:/usr/sbin/nologin
hplip:x:115:7:HPLIP system user,,,:/run/hplip:/bin/false
systemd-coredump:x:996:996:systemd Core Dumper:/:/usr/sbin/nologin
passwd
$ man passwd
$ man passwd > ./man-docs/passwd.md
$ cat ./man-docs/passwd.md
$ man passwd
$ man passwd > ./man-docs/passwd.md
$ cat ./man-docs/passwd.md
PASSWD(1) 用户命令 PASSWD(1)
名称
passwd - 更改用户密码
大纲
passwd [选项] [登录]
描述
The passwd command changes passwords for user accounts. A normal user may only change
the password for their own account, while the superuser may change the password for
any account. passwd also changes the account or associated password validity period.
密码更改
如果有旧密码,首先提示用户输入旧密码。加密这个密码然后和存储的密码进行比较。用户只有一
次机会输入正确密码。允许超级用户略过这个步骤,以便更改忘记了的密码。
After the password has been entered, password aging information is checked to see if
the user is permitted to change the password at this time. If not, passwd refuses to
change the password and exits.
提示用户输入两次新密码。第二次和第一次进行比较,并且需要相同才能更改密码。
然后,测试密码的负责程度。一般来讲,密码应该包含 6 到 8 位字符,从下边的一个或多个集合
中选择:
• 小写字母
• 数字 0 到 9
• 标点符号
Care must be taken not to include the system default erase or kill characters. passwd
will reject any password which is not suitably complex.
关于用户密码的提示
The security of a password depends upon the strength of the encryption algorithm and
the size of the key space. The legacy UNIX System encryption method is based on the
NBS DES algorithm. More recent methods are now recommended (see ENCRYPT_METHOD). The
size of the key space depends upon the randomness of the password which is selected.
由于粗心地或处理选择密码,会危及密码的安全。由于这个原因,您不应该选择出现在词典中或者
必须要写下来才能记住的密码。密码也不应该是一个名字、许可证号、生日或者街道号。所有这些
可以用于猜测来损害系统安全。
You can find advice on how to choose a strong password on
http://en.wikipedia.org/wiki/Password_strength
选项
The options which apply to the passwd command are:
-a, --all
This option can be used only with -S and causes show status for all users.
-d, --delete
删除用户密码(让它为空)。这是禁用一个用户密码的快速方法。它将设置给出名称的账户。
-e, --expire
让一个账户的密码立即过期。这可以强制一个用户下次登录时更改密码。
-h, --help
现实帮助信息并退出。
-i, --inactive INACTIVE
This option is used to disable an account after the password has been expired for
a number of days. After a user account has had an expired password for INACTIVE
days, the user may no longer sign on to the account.
-k, --keep-tokens
表示密码更改只应该因为认证口令(密码)过期更改。用户希望保持他们尚未过期的口令。
-l, --lock
锁定指定账户的密码。此选项通过将密码更改为一个不可能与加密值匹配的值来禁用(它在密
码开头添加一个“!”)。
Note that this does not disable the account. The user may still be able to login
using another authentication token (e.g. an SSH key). To disable the account,
administrators should use usermod --expiredate 1 (this set the account's expire
date to Jan 2, 1970).
被锁定了密码的用户不允许更改密码。
-n, --mindays MIN_DAYS
Set the minimum number of days between password changes to MIN_DAYS. A value of
zero for this field indicates that the user may change their password at any time.
-q, --quiet
安静模式。
-r, --repository REPOSITORY
change password in REPOSITORY repository
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the
CHROOT_DIR directory.
-S, --status
显示账户状态信息。状态信息包含 7 个字段。首个字段是用户的登录名,第二个字段表示用
户账户是否已经锁定密码(L)、没有密码 (NP)或者密码可用(P),第三个字段给出最后一次更
改密码的日期。接下来的四个字段分别是密码的最小年龄、最大年龄、警告期和禁用期。这些
年龄以天为单位计算。
-u, --unlock
Unlock the password of the named account. This option re-enables a password by
changing the password back to its previous value (to the value before using the -l
option).
-w, --warndays WARN_DAYS
Set the number of days of warning before a password change is required. The
WARN_DAYS option is the number of days prior to the password expiring that a user
will be warned that their password is about to expire.
-x, --maxdays MAX_DAYS
Set the maximum number of days a password remains valid. After MAX_DAYS, the
password is required to be changed.
Passing the number -1 as MAX_DAYS will remove checking a password's validity.
CAVEATS
密码复杂性检查在每台机器间不同。用户应该选择适合的尽量复杂的密码。
在启动了 NIS 的系统上,如果没有登录 NIS 服务器,用户或许不能更改自己的密码。
passwd uses PAM to authenticate users and to change their passwords.
文件
/etc/passwd
用户账户信息。
/etc/shadow
安全用户账户信息。
/etc/pam.d/passwd
PAM configuration for passwd.
退出值
The passwd command exits with the following values:
0
success
1
permission denied
2
invalid combination of options
3
unexpected failure, nothing done
4
unexpected failure, passwd file missing
5
passwd file busy, try again
6
invalid argument to option
参见
chpasswd(8), passwd(5), shadow(5), usermod(8).
shadow-utils 4.8.1 2020-02-07 PASSWD(1)
shadow
$ man shadow
$ man shadow > ./man-docs/shadow.md
$ cat ./man-docs/shadow.md
$ man shadow
$ man shadow > ./man-docs/shadow.md
$ cat ./man-docs/shadow.md
SHADOW(5) 文件格式和转化 SHADOW(5)
名称
shadow - 影子化了的密码文件
描述
shadow is a file which contains the password information for the system's
accounts and optional aging information.
如果没有维护好密码安全,此文件绝对不能让普通用户可读。
Each line of this file contains 9 fields, separated by colons (“:”), in the
following order:
登录名
必须是有效的账户名,且已经存在于系统中。
加密了的密码
This field may be empty, in which case no passwords are required to
authenticate as the specified login name. However, some applications which
read the /etc/shadow file may decide not to permit any access at all if
the password field is empty.
A password field which starts with an exclamation mark means that the
password is locked. The remaining characters on the line represent the
password field before the password was locked.
Refer to crypt(3) for details on how this string is interpreted.
If the password field contains some string that is not a valid result of
crypt(3), for instance ! or *, the user will not be able to use a unix
password to log in (but the user may log in the system by other means).
最后一次更改密码的日期
最近一次更改密码的时间,表示从1970年1月1日开始的天数。
The value 0 has a special meaning, which is that the user should change
her password the next time she will log in the system.
空字段表示密码年龄功能被禁用。
密码的最小年龄
最小密码年龄是指,用户一次更改密码之后,要等多长时间才再次被允许更改密码。
空字段或 0 表示没有最小密码年龄。
最大密码年龄
最大密码年龄是指,这写天之后,用户必须更改密码。
这写天之后,密码仍然可用。用户将会在下次登录的时候被要求更改密码。
空字段表示没有最大密码年龄,没有密码警告时间段,没有密码禁用时间段(请看下
边)。
如果最大密码年龄小于最小密码年龄,用户将会不能更改密码。
密码警告时间段
密码过期之前,提前警告用户的的天数(请参考上边的密码的最大年龄)。
空字段或者 0 表示没有密码警告期。
密码禁用期
密码过期(查看上边的密码最大年龄)后,仍然接受此密码的天数(在此期间,用户应
该在下次登录时修改密码)。
密码到期并且过了这个宽限期之后,使用用户的当前的密码将会不能登录。用户需要
联系系统管理员。
空字段表示没有强制密码过期。
账户过期日期
账户过期的日期,表示从1970年1月1日开始的天数。
Note that an account expiration differs from a password expiration. In
case of an account expiration, the user shall not be allowed to login. In
case of a password expiration, the user is not allowed to login using her
password.
空字段表示账户永不过期。
应该避免使用 0,因为它既能理解成永不过期也能理解成在1970年1月1日过期。
保留字段
此字段保留作将来使用。
文件
/etc/passwd
用户账户信息。
/etc/shadow
安全用户账户信息。
/etc/shadow-
/etc/shadow 的备份文件。
注意,此文件由 shadow 工具集使用,而不是所有的用户和密码管理工具都会使用。
参见
chage(1), login(1), passwd(1), passwd(5), pwck(8), pwconv(8), pwunconv(8),
su(1), sulogin(8).
shadow-utils 4.8.1 2020-02-07 SHADOW(5)
vcgencmd
pi@raspberrypi:~ $ vcgencmd display_power 0
display_power=1
pi@raspberrypi:~ $ vcgencmd display_power
display_power=1
https://www.raspberrypi.com/documentation/computers/os.html#vcgencmd
docs
https://www.raspberrypi.com/documentation/computers/configuration.html#change-user-password
https://www.raspberrypi.com/documentation/computers/configuration.html#change-the-default-password
# 添加
$ sudo adduser xgqfrms
# 授权
$ sudo usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi xgqfrms
# 检查
$ sudo su - xgqfrms
# 删除 ⚠️
$ sudo deluser pi
$ sudo deluser -remove-home pi
https://www.raspberrypi.com/documentation/computers/configuration.html#changing-your-username
https://www.raspberrypi.com/documentation/computers/configuration.html#configuring-a-user
https://www.raspberrypi.com/documentation/computers/configuration.html#update-the-sudoers-file
$ sudo visudo /etc/sudoers.d/010_pi-nopasswd
# pi ALL=(ALL) PASSWD: ALL
https://www.raspberrypi.com/documentation/computers/configuration.html#make-sudo-require-a-password
$ ls -alth /etc/environment
$ cat /etc/environment
https://www.raspberrypi.com/documentation/computers/configuration.html#using-a-proxy-server
$ sudo nano /etc/ssh/sshd_config
AllowUsers abc xyz
DenyUsers ufo anonymous
https://www.raspberrypi.com/documentation/computers/configuration.html#improving-ssh-security
# 防火墙
$ sudo apt install ufw
$ sudo ufw enable
$ sudo ufw disable
$ sudo ufw allow 22
$ sudo ufw deny 22
$ sudo ufw deny 22/tcp
$ sudo ufw allow ssh
$ sudo ufw status
$ sudo ufw limit ssh/tcp
$ sudo ufw deny from 192.168.2.1 port 30
https://www.raspberrypi.com/documentation/computers/configuration.html#install-a-firewall
refs
https://forums.raspberrypi.com/viewtopic.php?t=193620
https://stackoverflow.com/questions/71804429/raspberry-pi-ssh-access-denied/76373448#76373448
©xgqfrms 2012-2025
www.cnblogs.com/xgqfrms 发布文章使用:只允许注册用户才可以访问!
原创文章,版权所有©️xgqfrms, 禁止转载 🈲️,侵权必究⚠️!
本文首发于博客园,作者:xgqfrms,原文链接:https://www.cnblogs.com/xgqfrms/p/17446689.html
未经授权禁止转载,违者必究!
合集:
Raspberry Pi
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· 单线程的Redis速度为什么快?
· 展开说说关于C#中ORM框架的用法!
· Pantheons:用 TypeScript 打造主流大模型对话的一站式集成库
2022-05-31 Apple iPhone 12 Pro 扬声器水流声 bug All In One
2022-05-31 Media Source Extensions All In One
2021-05-31 ES6 destructuring assignment & default value & rename All In One
2021-05-31 default-passive-events All In One
2021-05-31 nrm & cnpm All In One
2020-05-31 Wi-Fi 6
2020-05-31 bind & this & new & arrow function