文章目录
- 创建下列用户、组和组成员资格:
- 1.创建名为 sysmgrs 的组
- 2.创建用户 natasha 同时指定sysmgrs作为natasha的附加组
- 3.创建用户 harry 同时指定 sysmgrs作为harry的附加组
- 4.创建用户 sarah 指定shell类型为/sbin/false(无权访问系统上的交互式 shell)且不是 sysmgrs 的成员
- 5.设置natasha 、 harry 和 sarah 的密码都是 123
- 6.创建用户lockuser, 并指定家目录为/home/lock, 然后锁定该用户
- 7.创建用户limituser, gid为1555,userid为1666, 让其密码在10天后过期
- 8.解锁lockuser, 并设定下次登录时必须修改密码
- 9.让natasha具备修改 harry密码的权限(sudo)
- 10. 创建用户testuser并设置密码,修改用户名为normaluser
创建下列用户、组和组成员资格:
1.创建名为 sysmgrs 的组
[root@YXP ~]# groupadd sysmgrs
[root@YXP ~]# tail /etc/group
colord:x:976:
rpcuser:x:29:
gdm:x:42:
gnome-initial-setup:x:975:
tcpdump:x:72:
sshd:x:74:
slocate:x:21:
admin:x:1000:
sysmgrs:x:1002:
apache:x:48:
2.创建用户 natasha 同时指定sysmgrs作为natasha的附加组
[root@YXP ~]# useradd -G sysmgrs natasha
[root@YXP ~]# tail /etc/group
rpcuser:x:29:
gdm:x:42:
gnome-initial-setup:x:975:
tcpdump:x:72:
sshd:x:74:
slocate:x:21:
admin:x:1000:
apache:x:48:
sysmgrs:x:1001:natasha
natasha:x:1002:
3.创建用户 harry 同时指定 sysmgrs作为harry的附加组
[root@YXP ~]# useradd harry -G sysmgrs
[root@YXP ~]# tail /etc/group
gdm:x:42:
gnome-initial-setup:x:975:
tcpdump:x:72:
sshd:x:74:
slocate:x:21:
admin:x:1000:
apache:x:48:
sysmgrs:x:1001:natasha,harry
natasha:x:1002:
harry:x:1003:
4.创建用户 sarah 指定shell类型为/sbin/false(无权访问系统上的交互式 shell)且不是 sysmgrs 的成员
[root@YXP ~]# useradd sarah -s /sbin/false
[root@YXP ~]# tail /etc/passwd
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
gnome-initial-setup:x:975:975::/run/gnome-initial-setup/:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
admin:x:1000:1000:admin:/home/admin:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
harry:x:1003:1003::/home/harry:/bin/bash
natasha:x:1004:1004::/home/natasha:/bin/bash
sarah:x:1005:1005::/home/sarah:/sbin/false
5.设置natasha 、 harry 和 sarah 的密码都是 123
[root@YXP ~]# passwd natasha
Changing password for user natasha.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@YXP ~]# passwd harry
Changing password for user harry.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@YXP ~]# passwd sarah
Changing password for user sarah.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
6.创建用户lockuser, 并指定家目录为/home/lock, 然后锁定该用户
[root@YXP ~]# useradd lockuser -d /home/lock
[root@YXP ~]# usermod lockuser -L
7.创建用户limituser, gid为1555,userid为1666, 让其密码在10天后过期
[root@YXP ~]# useradd limituser -u 1666 -e 2022-7-30
[root@YXP ~]# tail /etc/shadow
gnome-initial-setup:!!:19183::::::
tcpdump:!!:19183::::::
sshd:!!:19183::::::
admin:$6$xcWi7PlqweR/N6yq$PmQhiF7Fgg5Da7azaQG/h9xddb1lgW7zHNQ7NNsmlCk1Bq5RPkNCWaNeLdxu1snXzm4uXCB5ShZNLtsLrK1ug0::0:99999:7:::
apache:!!:19193::::::
harry:$6$rEHHv.OIAMlRCaTl$h65TYTEcp.hHcADZ1qa7KCdjNyvuP7j0C3.n8yDrdo07MarA4kEzBzTFZD9TzY/6Rhfv3f02QA8mbarrmYDQ0.:19193:0:99999:7:::
natasha:$6$9iZ7JHO92OQ4b7g2$AZhKJjEv/S1BXx62nfjwF6mb9GDwkc.ivjw1St/VCxY5LKSITT5Ed0pFH/jcCxWgL4AUXCMpEio/RsWjr.TqU/:19193:0:99999:7:::
sarah:$6$94PO6bAYPq95FZ6u$bght.464VXgy0Xl01r.l5cGrBabjo8BEXwDmoC0KOxlDBUnY.ozKVvWxhc.eQMtJrxLN.afKqoO7G2hLMhGhm.:19193:0:99999:7:::
lockuser:!!:19193:0:99999:7:::
limituser:!!:19193:0:99999:7::19203:
[root@YXP ~]# groupmod -g 1555 limituser
[root@YXP ~]# tail /etc/group
tcpdump:x:72:
sshd:x:74:
slocate:x:21:
admin:x:1000:
apache:x:48:
sysmgrs:x:1001:harry,natasha
harry:x:1003:
natasha:x:1004:
sarah:x:1005:
limituser:x:1555:
8.解锁lockuser, 并设定下次登录时必须修改密码
[root@YXP ~]# usermod -U lockuser
[root@YXP ~]# passwd -e lockuser
Expiring password for user lockuser.
passwd: Success
9.让natasha具备修改 harry密码的权限(sudo)
visudo
Host_Alias RHCSA=lwz
User_Alias USER11=natasha
Cmnd_Alias CHPASS=/usr/bin/passwd harry
USER RCHSA=(root) CHPASS
[root@YXP ~]# visudo
[natasha@YXP ~]$ sudo passwd harry
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for natasha:
Changing password for user harry.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
10. 创建用户testuser并设置密码,修改用户名为normaluser
[root@YXP ~]# useradd testuser -p 123
[root@YXP ~]# usermod -l normaluser testuser
[root@YXP ~]# tail /etc/passwd
tcpdump:x:72:72::/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
admin:x:1000:1000:admin:/home/admin:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
harry:x:1003:1003::/home/harry:/bin/bash
natasha:x:1004:1004::/home/natasha:/bin/bash
sarah:x:1005:1005::/home/sarah:/sbin/false
limituser:x:1666:1555::/home/limituser:/bin/bash
lockuser:x:1667:1667::/home/lock:/bin/bash
normaluser:x:1668:1668::/home/testuser:/bin/bash
11.删除lockuser
[root@YXP ~]# userdel -r lockuser
[root@YXP ~]# tail /etc/passwd
gnome-initial-setup:x:975:975::/run/gnome-initial-setup/:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
admin:x:1000:1000:admin:/home/admin:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
harry:x:1003:1003::/home/harry:/bin/bash
natasha:x:1004:1004::/home/natasha:/bin/bash
sarah:x:1005:1005::/home/sarah:/sbin/false
limituser:x:1666:1555::/home/limituser:/bin/bash
normaluser:x:1668:1668::/home/testuser:/bin/bash