在系统中完成以下用户操作
1.建立用户组Manufacture,Finance,Technology并满足以下要求
*Manufactu re组id为8000
*Finance组id为8001
*Technology组id为8002
#建立监控#
[root@localhost Desktop]# watch -n 1 "tail -n 3 /etc/passwd /etc/group ;echo ===;ls -l /home/"
[root@localhost Desktop]# groupadd -g 8000 Manufacture
[root@localhost Desktop]# groupadd -g 8001 Finance
[root@localhost Desktop]# groupadd -g 8002 Technology
2.建立westosuser ,linux,lee , westosadmin等用户完成以下要求
*westosuser用户的附加组为Manufacture和Technology
* lee的主组为Finance附加组为Technology,lee的uid和gid必须一致
* linux为系统账号不能直接被操作者使用
* westosamdin用户不属于以上三个部内,但是可以在系统中自由的管理用户
方法一:
[root@localhost Desktop]# useradd -G 8000 westosuser
[root@localhost Desktop]# usermod -aG 8002 westosuser
[root@localhost Desktop]# id westosuser
uid=1002(westosuser) gid=1002(westosuser) groups=1002(westosuser),8000(Manufacture),8002(Manufacture)
***************************************************************************
方法二:
[root@localhost Desktop]# useradd -G Manufacture,Manufacture westosuser
方法一:
[root@localhost Desktop]# useradd -g 8001 -G 8002 -u 8001 lee
[root@localhost Desktop]# id lee
uid=8001(lee) gid=8001(Finance) groups=8001(Finance),8002(Technology)
******************************************************************************
方法二:
[root@localhost Desktop]# useradd -u 8001 -g Finance -G Technology lee
[root@localhost Desktop]# useradd -s /sbin/nologin -M Linux
[root@localhost Desktop]# su - Linux
This account is currently not available.
[root@localhost Desktop]# useradd westosadmin
[root@localhost Desktop]# hostname
localhost.localdomain
[root@localhost Desktop]# visudo
#第100行写入以下内容
westosadmin localhost.localdomain=(root) NOPASSWD: /sbin/useradd, /sbin/userdel
#注意这里的主机名要改成自己的hostname
[root@localhost ~]# su - westosadmin
[westosadmin@localhost ~]$ sudo useradd test
[westosadmin@localhost ~]$ sudo userdel -r test
#准确来说管理用户包括useradd userdel usermod passwd四个权限,上条命令我偷懒了,下面这条是完整版的,任选其中一条写在第100行即可
westosadmin localhost.localdomain=(root) NOPASSWD: /user/sbin/useradd, /user/sbin/userdel,/user/sbin/usermod,/user/sbin/passwd
3.
* 以上用户密码均为westos ,并要求用户首次登陆时强制修改密码
* 设定以上用户密码必须在30天内进行修改,并在过期前2天发出警告求
#先附上适合新手的3种命令,注意末尾会有升级版的
[root@localhost ~]# passwd westosadmin
Changing password for user westosadmin.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# echo westos
westos
[root@localhost ~]# echo westos | passwd --stdin westosuser
Changing password for user westosuser.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# for NAME in westosuser linux lee westosadmin
> do
> echo westos | passwd --stdin $NAME
> done
Changing password for user westosuser.
passwd: all authentication tokens updated successfully.
Changing password for user linux.
passwd: all authentication tokens updated successfully.
Changing password for user lee.
passwd: all authentication tokens updated successfully.
#升级后的命令在这里
[root@localhost ~]# for USERNAME in westosuser linux lee westosadmin
passwd: all authentication tokens updated successfully.
> do
> echo westos | passwd --stdin $USERNAME
> done
Changing password for user westosuser.
passwd: all authentication tokens updated successfully.
Changing password for user linux.
passwd: all authentication tokens updated successfully.
Changing password for user lee.
passwd: all authentication tokens updated successfully.
Changing password for user westosadmin.
passwd: all authentication tokens updated successfully.
#基础版
[root@localhost ~]# passwd -x 30 -w 2 westosuser
Adjusting aging data for user westosuser.
passwd: Success
[root@localhost ~]# passwd -e westosuser
Expiring password for user westosuser.
passwd: Success
[root@localhost ~]# passwd -e linux
Expiring password for user linux.
passwd: Success
[root@localhost ~]# passwd -x 30 -w 2 lee
Adjusting aging data for user lee.
passwd: Success
[root@localhost ~]# passwd -e lee
Expiring password for user lee.
passwd: Success
[root@localhost ~]# passwd -x 30 -w 2 westosadmin
Adjusting aging data for user westosadmin.
passwd: Success
[root@localhost~]# passwd -e westosadmin
Expiring password for user westosadmin.
passwd: Success
#升级版
[root@localhost ~]# for USERNAME in westosuser linux lee westosadmin;do passwd -e $USERNAME; done
Expiring password for user westosuser.
passwd: Success
Expiring password for user linux.
passwd: Success
Expiring password for user lee.
passwd: Success
Expiring password for user westosadmin.
passwd: Success
[root@localhost ~]# for USERNAME in westosuser linux lee westosadmin;do passwd -x 30 -w 2 $USERNAME; done
Adjusting aging data for user westosuser.
passwd: Success
Adjusting aging data for user linux.
passwd: Success
Adjusting aging data for user lee.
passwd: Success
Adjusting aging data for user westosadmin.
passwd: Success
4.建立目录完成以下要求
*新建目录/WESTOS Manufacture /WESTOS Finance /WESTOS Technology /WESTOS Public
*/MESTOS Manufacture目录是Nanufacture内的数据存储目录,只能被Manufacture内的人员读写,并且在sc中建立的文件都属于Manufacture
*/WESTOS Finance目录是Finance内的数据存储目录,只能被Finance内的人员读写,并且在cw中建立的文件都属于Finance内
*/WESTOS Technology目录是Technology/内的数据存储目录,只能被Technology内的人员读写,并且在js中建立的文件都属于Technology内
* WESTOS Public为公司人员公共目录,可以被公司任何员工读写,但是只能删除自己的文件
* westosadmin用户可以对/WESTOS_Manufacture /wESTOS_Finance /wESToS_Technology /MESTo_Public做任何操作
[root@localhost ~]# mkdir -p /WESTOS_Manufacture /WESTOS_Finance /WESTOS_Technology /WESTOS_Public
[root@localhost ~]# chgrp Manufacture /WESTOS_Manufacture
[root@localhost ~]# chgrp Finance /WESTOS_Finance
[root@localhost ~]# chgrp Technology /WESTOS_Technology
[root@localhost ~]# chmod 1770 /WESTOS_Public/
[root@localhost ~]# chmod 3770 /WESTOS_Manufacture /WESTOS_Finance /WESTOS_Technology
[root@localhost ~]# ls -ld /WESTOS_Manufacture /WESTOS_Finance /WESTOS_Technology /WESTOS_Public
drwxrws--T. 2 root Finance 6 Dec 1 23:31 /WESTOS_Finance
drwxrws--T. 2 root Manufacture 6 Dec 1 23:31 /WESTOS_Manufacture
drwxrwx--T. 2 root root 6 Dec 1 23:31 /WESTOS_Public
drwxrws--T. 2 root Technology 6 Dec 1 23:31 /WESTOS_Technology
*****************************************************************************
[root@localhost ~]# chmod 1777 /WESTOS_Public/
[root@localhost ~]# setfacl -m u:westosadmin:rwx /WESTOS_Manufacture /WESTOS_Finance /WESTOS_Technology /WESTOS_Public
[root@localhost ~]# setfacl -m d:u:westosadmin:rwx /WESTOS_Manufacture /WESTOS_Finance /WESTOS_Technology /WESTOS_Public
[root@localhost ~]# getfacl /WESTOS_Public
getfacl: Removing leading '/' from absolute path names
# file: WESTOS_Public
# owner: root
# group: root
# flags: --t
user::rwx
user:westosadmin:rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:user:westosadmin:rwx
default:group::rwx
default:mask::rwx
default:other::---
916
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
