素材来源:Redhat Linux 8.0培训教材《RH124》、《RH134》和《RH294》
玩了5-6年的Linux,现在再来温习一遍RHCE培训教材,按照指导完成实验并与大家分享。
附上汇总贴:玩转Redhat Linux 8.0系列 | 合集_热爱编程的通信人的博客-CSDN博客
1 从workstation,以student用户身份打开连接servera的SSH会话。
[student@workstation ~]$ ssh student@servera
student@servera's password:
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Sat May 20 20:42:48 2023 from 172.16.190.227
[student@servera ~]$
2 在servera上, 使用sudo切换到root, 继承root用户的完整环境。
[student@servera ~]$ sudo su -
[sudo] password for student:
[root@servera ~]#
3 创建operators补充组, 其GID为30000。
[root@servera ~]# groupadd -g 30000 operators
[root@servera ~]#
4 创建admin,作为另外一个补充组。
[root@servera ~]# groupadd admin
[root@servera ~]#
5 验证operators和admin这两个补充组是否都存在。
[root@servera ~]# tail /etc/group
gdm:x:42:
gnome-initial-setup:x:975:
sshd:x:74:
slocate:x:21:
tcpdump:x:72:
student:x:1000:
operator1:x:1001:
operator2:x:1002:
operators:x:30000:
admin:x:30001:
[root@servera ~]#
6 确保用户operator1、operator2和operator3属于组operators。
6.1 将operator1、operator2和operator3添加到operators。
[root@servera ~]# usermod -aG operators operator1
[root@servera ~]# usermod -aG operators operator2
[root@servera ~]# usermod -aG operators operator3
[root@servera ~]#
6.2 确认这些用户已成功添加到该组中。
[root@servera ~]# id operator1
uid=1001(operator1) gid=1001(operator1) groups=1001(operator1),30000(operators)
[root@servera ~]# id operator2
uid=1002(operator2) gid=1002(operator2) groups=1002(operator2),30000(operators)
[root@servera ~]# id operator3
uid=1003(operator3) gid=1003(operator3) groups=1003(operator3),30000(operators)
[root@servera ~]#
7 确保用户sysadmin1、sysadmin2和sysadmin3属于组admin。为admin的所有组成员启用管理权限。验证admin组的任何成员都能运行管理命令。
7.1 将sysadmin1、sysadmin2和sysadmin3添加到admin。
[root@servera ~]# usermod -aG admin sysadmin1
[root@servera ~]# usermod -aG admin sysadmin2
[root@servera ~]# usermod -aG admin sysadmin3
[root@servera ~]#
7.2 确认这些用户已成功添加到该组中。
[root@servera ~]# id sysadmin1
uid=1004(sysadmin1) gid=1004(sysadmin1) groups=1004(sysadmin1),30001(admin)
[root@servera ~]# id sysadmin2
uid=1005(sysadmin2) gid=1005(sysadmin2) groups=1005(sysadmin2),30001(admin)
[root@servera ~]# id sysadmin3
uid=1006(sysadmin3) gid=1006(sysadmin3) groups=1006(sysadmin3),30001(admin)
[root@servera ~]#
7.3 检查/etc/group,以验证补充组成员资格。
[root@servera ~]# tail /etc/group
tcpdump:x:72:
student:x:1000:
operator1:x:1001:
operator2:x:1002:
operators:x:30000:operator1,operator2,operator3
admin:x:30001:sysadmin1,sysadmin2,sysadmin3
operator3:x:1003:
sysadmin1:x:1004:
sysadmin2:x:1005:
sysadmin3:x:1006:
[root@servera ~]#
7.4 创建/etc/sudoers.d/admin文件, 使得admin的成员拥有完整的管理特权。
[root@servera ~]# echo "%admin ALL=(ALL) ALL" >> /etc/sudoers.d/admin
[root@servera ~]#
7.5 切换到sysadmin1(admin的成员), 再验证您能够以sysadmin1身份运行sudo命令。
[root@servera ~]# su - sysadmin1
[sysadmin1@servera ~]$ sudo cat /etc/sudoers.d/admin
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for sysadmin1:
%admin ALL=(ALL) ALL
[sysadmin1@servera ~]$
7.6 从sysadmin1用户的shell退出, 以返回到root用户的shell。
[sysadmin1@servera ~]$ exit
logout
[root@servera ~]#
7.7 从root用户的shell退出, 以返回到student用户的shell。
[root@servera ~]# exit
logout
[student@servera ~]$
7.8 从servera注销。
[student@servera ~]$ exit
logout
Connection to servera closed.
[student@workstation ~]$