1,linux下文件權限管理,添加用戶組並添加用戶
添加組:groupadd 組名
groupadd deploy
cat /etc/group | grep deploy
如圖:
刪除組:groupdel 組名
groupdel deploy
cat /etc/group | grep deploy
查詢組:cat /etc/group 或者使用管道來精確查詢 cat /etc/group | grep dev
如圖:
/etc 目錄是專門用來保存 系統配置信息 的目錄
group 是保存組信息的文件
2,添加用戶
添加用戶:useradd -m -g 組 新建用戶名 注意:-m 自動建立用戶家目錄; -g 指定用戶所在的組,否則會建立一個和用戶名同名的組
useradd -m -g deploy test
deploy 為用戶組,test1為用戶名
查詢用戶:在/etc/passwd文件下存儲的是用戶的list
cat /etc/passwd
如圖:
只查找deploy用戶
id deploy
如圖:
3,修改和創建密碼 passwd 用戶名 如果不加用戶名則默認修改當前登錄者的密碼
[root@Server-n93yom ~] passwd test1
Changing password for user test1.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@Server-n93yom ~]#
設置好密碼后,使用此賬號和密碼登錄
➜ ~ ssh test1@192.168.85.163
test1@192.168.85.163's password:
Last failed login: Mon Jul 22 17:00:05 CST 2019 from 192.168.1.53 on ssh:notty
There were 3 failed login attempts since the last successful login.
[test1@Server-n93yom ~]$
設置用戶不能修改密碼
[root@Server-n93yom ~] passwd -l test1 //在root下,禁止test1用戶修改密碼的權限
Locking password for user test1. //鎖住test1不能修改密碼
passwd: Success
[root@Server-n93yom ~] su test1 //切換用戶
[test1@Server-n93yom root]$ passwd //修改密碼
Changing password for user test1.
Changing password for test1.
(current) UNIX password:
passwd: Authentication token manipulation error //沒用權限修改密碼
[test1@Server-n93yom root]$
清除密碼
[root@Server-n93yom ~] passwd -d test1 //刪除test1的密碼
Removing password for user test1.
passwd: Success
[root@Server-n93yom ~] passwd -S test1 //查看test1的密碼
test1 NP 2019-07-22 0 99999 7 -1 (Empty password.) //密碼為空
[root@Server-n93yom ~]#
passwd 幫助命令
[root@Server-n93yom ~] passwd --help
Usage: passwd [OPTION...] <accountName>
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root only)
-l, --lock lock the password for the named account (root only)
-u, --unlock unlock the password for the named account (root only)
-e, --expire expire the password for the named account (root only)
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before password
expiration (root only)
-i, --inactive=DAYS number of days after password expiration when an account
becomes disabled (root only)
-S, --status report password status on the named account (root only)
--stdin read new tokens from stdin (root only)
Help options:
-?, --help Show this help message
--usage Display brief usage message
[root@Server-n93yom ~]#
4,設置密碼失效時間
可以編輯/etc/login.defs來設定幾個參數,以后設置口令默認就按照參數設定為准:
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7
當然在/etc/default/useradd可以找到如下2個參數進行設置:
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
通過修改配置文件,能對之后新建用戶起作用,而目前系統已經存在的用戶,則直接用chage來配置。
chage [選項] 用戶名
chage命令是用來修改帳號和密碼的有效期限。
-m:密碼可更改的最小天數。為零時代表任何時候都可以更改密碼。
-M:密碼保持有效的最大天數。
-w:用戶密碼到期前,提前收到警告信息的天數。
-E:帳號到期的日期。過了這天,此帳號將不可用。
-d:上一次更改的日期。
-i:停滯時期。如果一個密碼已過期這些天,那么此帳號將不可用。
-l:例出當前的設置。由非特權用戶來確定他們的密碼或帳號何時過期。
chage -l root 查root賬號的信息
[root@Server-n93yom ~] chage -l root
Last password change : Jul 22, 2019
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@Server-n93yom ~]#
chage -M 60 test 設置密碼過期時間為60天
chage -I 5 test 設置密碼失效時間為5天
以test1賬號為例,再查一次信息賬號信息
[root@Server-n93yom ~] chage -l test1
Last password change : Jul 22, 2019
Password expires : Sep 20, 2019
Password inactive : Sep 25, 2019
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 60
Number of days of warning before password expires : 7
從上述命令可以看到,在密碼過期后5天,密碼自動失效,這個用戶將無法登陸系統了。