在我们创建完用户后,期望用户能登录的话,默认情况下,系统中是限制空密码用户登录
的,此时,就必须给用户提供密码,才能实现登录系统
passwd:
普通用户仅能修改自己的密码,修改时,需要先输入当前用户的密码
管理员:
passwd [username] 没有加用户名时,是修改当前用户的密码,加了用户名之后
是修改指定用户名的密码的,此处修改是不需要原来用户名的密码可以直接进行修改的
NAME
passwd - update user’s authentication tokens 更新用户的身份验证令牌
SYNOPSIS
passwd [-k] [-l] [-u [-f]] [-d] [-e] [-n mindays] [-x maxdays] [-w warndays] [-i inactivedays] [-S] [--stdin] [username]
DESCRIPTION
The passwd utility is used to update user’s authentication token(s).
密码使用时,最好能满足密码复杂度策略:防止被轻易破解
数字、小写、大写和特殊字符至少三类
最短长度5位 建议一般不要少于15位
不要使用易猜测的密码
定期修改,且不要使用最近曾经使用过的密码
[root@linux_basic ~]# passwd user1
Changing password for user user1.
New password:
BAD PASSWORD: it is too simplistic/systematic
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
--stdin
This option is used to indicate that passwd should read the new password from standard input, which can be a pipe.
通过标准输入来读取密码
[root@linux_basic ~]# echo "centos" | passwd --stdin root
Changing password for user root.
passwd: all authentication tokens updated successfully.
身份验证令牌更新成功
[root@linux_basic ~]# echo "123456" | passwd --stdin root > /dev/null 把输出正确信息都重定向到/dev/null中,如果执行不成功
则会输出错误提示的
[root@linux_basic ~]# echo $?
0
[root@linux_basic ~]# head -1 /etc/shadow
root:$6$0LBho94G$uPzBpRjBrDXJSoyVY6QqYXICQTDd6QHAq0OfT4lga7mYnoIjsOkd7MBQu7UOClBq2rDHIKxVU3d9mzCXZy8cu.:16425:0:99999:7:::
加密过程
加密工具就是让我们输入一段明文,他通过处理自己加工后,输出是杂乱无章的数据
加密本身是通过复杂的加密算法来完成的,而算法本身很容易被学习到,而被破解,因此加密本
身一般而言,不仅仅要依赖于算法还要依赖于密钥
解密过程
解密工具读入密文数据能还原成原有数据
加密方式有三种:
对称加密:加密和解密使用同一个密钥(口令);
解密是需要密文和口令的
密钥分发困难 两人第一通信时,希望把数据进行加密通信,用户加密数据后,那对方如何把密码发送另一个人呢?
对称加密无法实现密钥交换
公钥加密(非对称加密):加密和解密使用一对儿密钥,使用公钥加密就得使用与之配对的私钥解密
公钥:公开的
私钥:保密的,私有的
此时,和对方发数据加密通信,使用对方的公钥加密,对方的公钥是公开的,则只有使用与之配对的私钥解密,因为对
方的私钥是只有自己才有的
在互联网上,两人从未通信过,如何获取对方的公钥?如果对方发送公钥的话,任何人都是可以获取的,并且替换的。为
了保证公钥的来源可靠,此时需要用到CA(第三方机构)
CA:证书颁发机构:主要是给每个用户提供一个证书,这个证书包含用户的公钥
Bob <-- Alice
Bob和Alice通信,从Alice那里获取到Alice证书后,Bob此时不会直接信任Alice就是真实的,会去验证他的证书是不是合
法渠道得到的,如果是,就使用对方的公钥来加密数据,否则就拒绝接收对方的数据。
此时还需要一个验证方来验证证书的真伪
不能保证数据完整性,数据完整性是指,接收到的数据在传输过程中没有被修改,接收到的数据就是发送的数据
PKI:公钥基础设施
为了保证数据完整性,有一种高效的方式 单向加密
单向加密:提取数据的惟一的特征码 能加密不能解密,是不可逆的
1、定长输出; 无论数据有多大,得到的结果一定是相同长度的
2、不可逆;
3、雪崩效应: 初始条件的微小改变,得到的结果会产生巨大改变,只要输入数据相同,结果也必相同
[root@linux_basic tmp]# md5sum /tmp/fstab
4c39a1c49e8814dc9fd0db16f4979854(提取的特征码) /tmp/fstab
[root@linux_basic tmp]# echo "1" >> /tmp/fstab
[root@linux_basic tmp]# md5sum /tmp/fstab
3d2d17eea6e41d0c12094aff2bb89be2 /tmp/fstab
用编辑器把1去掉,退到光标的初始位置,再计算特征码
[root@linux_basic tmp]# md5sum fstab
4c39a1c49e8814dc9fd0db16f4979854 fstab
实现单向加密算法的工具有很多
md5: 定长输出128bits
sha1: 定长输出160bits 这个是更长的,输出长度不同
[root@linux_basic tmp]# sha
sha1sum sha224sum sha256sum sha384sum sha512sum
Bob --> data, fingerprint --> data,
Bob和Alice通信,Bob把通信的数据计算其特征码,把数据和特征码一并发送过去,对方接收下来后,使用
同样的算法,来对数据再次进行加密,加密后,这个两个特征码应该是一样的,如果不一样,则说明,数据
和特征码之间必有一个发生了改变。
此时还是存在不安全,因为数据和特征码都是明文传输的,如果有人把数据窃取下来后,并且修改了,且用
自己的算法计算其特征码,在发送到另一方,那么另一方是无从得知数据是否变化的,则必须有一个方法来
保证数据更改后,另一方可以发现的方式。
用发送方的私钥加密数据,则只有得到与之配对公钥的人才能解密,但是此时数据被修改后,再加密是会被
接收方发现的。
数字签名:使用自己的私钥进行加密的,用自己的公钥解密
/etc/shadow中用户的加密是使用单向加密的,但是如果两个用户的密码相同,因为是单向加密,所以在/etc/shadow中
看到的加密后的结果是一样的,为了防止用户之间因发现对方的密码和自己的密码一样,则把加密后的数据加入一些杂
质(salt盐)后,数据就乱了,passwd正是通过这种方式来加密的,那下次用户登录时,如何来验证密码是设置的密码呢?
则需要登录时,带上所加的杂质就可以实现成功验证了
root:$6$0LBho94G$uPzBpRjBrDXJSoyVY6QqYXICQTDd6QHAq0OfT4lga7mYnoIjsOkd7MBQu7UOClBq2rDHIKxVU3d9mzCXZy8cu.:16425:0:99999:7:::
3个$之间的数据组成的杂质(是密码工具随机生成的),第一第二个$之间的数据是加密算法, 1 是MD5加密 6 是sha512加密
[root@linux_basic tmp]# whatis passwd
passwd (1) - update user's authentication tokens
passwd (5) - password file
passwd [sslpasswd] (1ssl) - compute password hashes
[root@linux_basic tmp]# man sslpasswd
PASSWD(1) OpenSSL PASSWD(1)
NAME
passwd - compute password hashes
SYNOPSIS 加密方法
openssl passwd [-crypt] [-1] [-apr1] [-salt string] [-in file] [-stdin] [-noverify] [-quiet] [-table] {password}
DESCRIPTION
The passwd command computes the hash of a password typed at run-time or the hash of each password in a list. The password
list is taken from the named file for option -in file, from stdin for option -stdin, or from the command line, or from the
terminal otherwise. The Unix standard algorithm crypt and the MD5-based BSD password algorithm 1 and its Apache variant apr1
are available.
如果salt是一样的,则加密后结果也是一样的
[root@linux_basic tmp]# openssl passwd -1 -salt 123456
Password:
$1$123456$3GFsiB8xUJ7EaYT.K6Spz0
[root@linux_basic tmp]# openssl passwd -1 -salt 123456 centos
$1$123456$3GFsiB8xUJ7EaYT.K6Spz0
发现这两个结果是一样的
[root@linux_basic tmp]# openssl passwd -1 -salt 123456 centos
$1$123456$3GFsiB8xUJ7EaYT.K6Spz0
[root@linux_basic tmp]# openssl passwd -1 -salt 12345 centos 修改一位后,结果发生巨大改变
$1$12345$C9tk/jaUbZsGwjXmhicdZ1
可知即使是同一个密码,salt不同,得到的结果也是不同的,用户登录后的验证是通过多次计算比较原来的数据是否相同的
passwd
--stdin
-l: lock 锁定用户
-l This option is used to lock the specified account and it is available to root only. The locking is performed by ren-
dering the encrypted password into an invalid string (by prefixing the encrypted string with an !).
-u: unlock 解锁
-u This is the reverse of the -l option - it will unlock the account password by removing the ! prefix. This option is
available to root only. By default passwd will refuse to create a passwordless account (it will not unlock an account
that has only "!" as a password). The force option -f will override this protection.
[root@linux_basic tmp]# passwd user11
Changing password for user user11.
New password:
BAD PASSWORD: it is too simplistic/systematic
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@linux_basic tmp]# tail -1 /etc/shadow
user11:$6$QfWm2Sr9$XpXFyonX4w8rd6h39PTqzFgMrfVZJ1XsQZlynYXhFxZNrkYU7SKy4Z4EqGvdyiLa6ka6WtTnPEFpQcXHUcFGV/:16426:0:99999:7:::
[root@linux_basic tmp]# passwd -l user11
Locking password for user user11.
passwd: Success
[root@linux_basic tmp]# tail -1 /etc/shadow 锁定用户后,会在/etc/shadow加密的密码前面添加两个!!号的
user11:!!$6$QfWm2Sr9$XpXFyonX4w8rd6h39PTqzFgMrfVZJ1XsQZlynYXhFxZNrkYU7SKy4Z4EqGvdyiLa6ka6WtTnPEFpQcXHUcFGV/:16426:0:99999:7:::
锁定后,用户是不能登录的
解锁用户
[root@linux_basic tmp]# passwd -u user11
Unlocking password for user user11.
passwd: Success
[root@linux_basic tmp]# tail -1 /etc/shadow
user11:$6$QfWm2Sr9$XpXFyonX4w8rd6h39PTqzFgMrfVZJ1XsQZlynYXhFxZNrkYU7SKy4Z4EqGvdyiLa6ka6WtTnPEFpQcXHUcFGV/:16426:0:99999:7:::
/etc/shadow文件格式
用户名:加密的密码:最近一次修改密码的时间:密码最短使用期限:密码最长使用期限:密码过期警告区间:密码非活动期限:帐号过期期限:保留区域
[root@linux_basic tmp]# man 5 shadow
SHADOW(5) File Formats and Conversions SHADOW(5)
NAME
shadow - shadowed password file
DESCRIPTION
shadow is a file which contains the password information for the system′s accounts and optional aging information.
This file must not be readable by regular users if password security is to be maintained.
Each line of this file contains 9 fields, separated by colons (“:”), in the following order:
login name
It must be a valid account name, which exist on the system.
encrypted password
Refer to crypt(3) for details on how this string is interpreted.
If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, the user will not
be able to use a unix password to log in (but the user may log in the system by other means).
This field may be empty, in which case no passwords are required to authenticate as the specified login name. However,
some applications which read the /etc/shadow file may decide not to permit any access at all if the password field is
empty.
A password field which starts with a exclamation mark means that the password is locked. The remaining characters on the
line represent the password field before the password was locked.
date of last password change 最近一次修改密码的时间,是从unix元年到最近一次修改密码的天数
The date of the last password change, expressed as the number of days since Jan 1, 1970.
The value 0 has a special meaning, which is that the user should change her pasword the next time she will log in the
system.
An empty field means that password aging features are disabled.
minimum password age 密码的最短使用期限 用天数计数的
The minimum password age is the number of days the user will have to wait before she will be allowed to change her
password again.
An empty field and value 0 mean that there are no minimum password age.
maximum password age 密码最长使用期限,限定满足密码策略的,到期时必须修改密码
The maximum password age is the number of days after which the user will have to change her password.
After this number of days is elapsed, the password may still be valid. The user should be asked to change her password
the next time she will log in.
An empty field means that there are no maximum password age, no password warning period, and no password inactivity
period (see below).
If the maximum password age is lower than the minimum password age, the user cannot change her password.
password warning period 密码过期的警告时间
The number of days before a password is going to expire (see the maximum password age above) during which the user should
be warned.
An empty field and value 0 mean that there are no password warning period.
password inactivity period 密码过期后还可以使用的时间,登录后,必须修改时间,不修改则不允许操作
The number of days after a password has expired (see the maximum password age above) during which the password should
still be accepted (and the user should update her password during the next login).
After expiration of the password and this expiration period is elapsed, no login is possible using the current user′s
password. The user should contact her administrator.
An empty field means that there are no enforcement of an inactivity period.
account expiration date 账号的截止日期,指定时间后,到了即不能再使用了
The date of expiration of the account, expressed as the number of days since Jan 1, 1970.
Note that an account expiration differs from a password expiration. In case of an acount expiration, the user shall not
be allowed to login. In case of a password expiration, the user is not allowed to login using her password.
An empty field means that the account will never expire.
The value 0 should not be used as it is interpreted as either an account with no expiration, or as an expiration on Jan
1, 1970.
reserved field 保留的
This field is reserved for future use.
userdel:
userdel [options] USERNAME
NAME
userdel - delete a user account and related files
SYNOPSIS
userdel [options] LOGIN
DESCRIPTION
The userdel command modifies the system account files, deleting all entries that refer to the user name LOGIN. The named user
must exist.
-r: 一并删除用户及其家目录
-r, --remove
Files in the user′s home directory will be removed along with the home directory itself and the user′s mail spool. Files
located in other file systems will have to be searched for and deleted manually.
[root@linux_basic tmp]# ls /home/
cactiuser user1 user10 user11 user2 user3 user4 user5 user7 user8
[root@linux_basic tmp]# userdel -r user2
[root@linux_basic tmp]# ls /home/
cactiuser user1 user10 user11 user3 user4 user5 user7 user8
groupdel:
groupdel GRPNAME
NAME
groupdel - delete a group
SYNOPSIS
groupdel group
DESCRIPTION
The groupdel command modifies the system account files, deleting all entries that refer to group. The named group must exist.
删除组,如果组内有用户会发生什么情况呢? 查询用户组的组名是不存在了,组id依然存在
[root@linux_basic tmp]# groupadd mytest
[root@linux_basic tmp]# tail -1 /etc/group
mytest:x:1009:
[root@linux_basic tmp]# chown root.mytest A
[root@linux_basic tmp]# groupdel mytest
[root@linux_basic tmp]# ls -l A
-rw-r--r--. 1 root 1009 0 Dec 20 18:04 A
id -G查看到组id 是组一定得存在,不存在组id 就查看不到
usermod:
NAME
usermod - modify a user account 修改用户账号
SYNOPSIS
usermod [options] LOGIN
DESCRIPTION
The usermod command modifies the system account files to reflect the changes that are specified on the command line.
usermod命令修改系统帐户文件以反映在命令行上指定的变化。
to reflect 反映
-u UID
-u, --uid UID 修改用户的uid
The new numerical value of the user′s ID.
This value must be unique, unless the -o option is used. The value must be non-negative. Values between 0 and 999 are
这个值必须是唯一的,除非使用-o选项。
typically reserved for system accounts.
这个值在0-999是代表为系统用户而保留的
The user′s mailbox, and any files which the user owns and which are located in the user′s home directory will have the
file user ID changed automatically.
The ownership of files outside of the user′s home directory must be fixed manually.
[root@linux_basic ~]# id user1
uid=501(user1) gid=501(user1) groups=501(user1)
[root@linux_basic ~]# usermod -u 510 user1
[root@linux_basic ~]# id user1
uid=510(user1) gid=501(user1) groups=501(user1)
-g GID: 修改用户的基本组
-g, --gid GROUP
The group name or number of the user′s new initial login group. The group must exist.
组必须存在才能修改
[root@linux_basic ~]# groupadd hello
[root@linux_basic ~]# usermod -g hello user1
[root@linux_basic ~]# id user1
uid=510(user1) gid=1009(hello) groups=1009(hello)
-G GID,...:修改用户的附加组; 此选项通过跟-a一起使用以追加方式修改附加组
-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with
no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option.
If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour
can be changed via the -a option, which appends the user to the current supplementary group list.
[root@linux_basic ~]# id user1
uid=510(user1) gid=1009(hello) groups=1009(hello)
[root@linux_basic ~]# groupadd love
[root@linux_basic ~]# groupadd to
[root@linux_basic ~]# usermod -a -G love,to user1
[root@linux_basic ~]# id user1
uid=510(user1) gid=1009(hello) groups=1009(hello),1010(love),1011(to)
[root@linux_basic ~]# groupadd me
[root@linux_basic ~]# usermod -G me user1 不指定-a会覆盖原来的附加组
[root@linux_basic ~]# id user1
uid=510(user1) gid=1009(hello) groups=1009(hello),1012(me)
-c COMMENT:
-c, --comment COMMENT
The new value of the user′s password file comment field. It is normally modified using the chfn(1) utility.
-d /path/to/somewhere: 修改家目录的位置;同时使用-m选项可保证创建家目录,并将用户原有的文件移动至新的家目录中;
-d, --home HOME_DIR
The user′s new login directory.
If the -m option is given, the contents of the current home directory will be moved to the new home directory, which is
created if it does not already exist. If the current home directory does not exist the new home directory will not be
created.
[root@linux_basic tmp]# mkdir /home/you
[root@linux_basic tmp]# usermod -d /home/you user
[root@linux_basic tmp]# su - user
-bash-4.1$
[root@linux_basic tmp]# usermod -m -d /home/how user3
[root@linux_basic tmp]# su - user3
[user3@linux_basic ~]$ exit
logout
[root@linux_basic tmp]# ls -a /home/how/
. .. .bash_history .bash_logout .bash_profile .bashrc
-s SHELL: 改变用户的shell
如果当前用户登录了,修改其shell后要到下此登录才能生效
-l LOGIN_NAME: 修改用户名
-l, --login NEW_LOGIN
The name of the user will be changed from LOGIN to NEW_LOGIN. Nothing else is changed. In particular, the user′s home
directory name should probably be changed manually to reflect the new login name.
[root@linux_basic tmp]# usermod -l user user1
[root@linux_basic tmp]# id user
uid=510(user) gid=1009(hello) groups=1009(hello),1012(me)
-L: 锁定用户
-L, --lock
Lock a user′s password. This puts a ′!′ in front of the encrypted password, effectively disabling the password. You can′t
use this option with -p or -U.
-U:解锁用户
-U, --unlock
Unlock a user′s password. This removes the ′!′ in front of the encrypted password. You can′t use this option with -p or
-L.
Note: if you wish to unlock the account (not only access with a password), you should also set the EXPIRE_DATE (for
example to 99999, or to the EXPIRE value from /etc/default/useradd).
[root@linux_basic ~]# cat /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
[root@linux_basic tmp]# usermod -L user
[root@linux_basic tmp]# tail -1 /etc/shadow
user:!$6$rt4j2U0Y$twv03e.7/P6FNEtICOiKxrjlPK33NA4RkJ7PZxTbW.5RtmLmG9ZstIQDDTPqCdPKPWWKUFQbKGczPUlfohd/I1:16425:0:99999:7:::
[root@linux_basic tmp]# su - user
-bash-4.1$ \q
-bash: q: command not found
-bash-4.1$ exit
logout
[root@linux_basic tmp]# ssh user@192.168.20.120
The authenticity of host '192.168.20.120 (192.168.20.120)' can't be established.
RSA key fingerprint is 15:87:f9:09:a7:e6:e3:42:b1:3c:b1:56:04:7d:f6:5c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.20.120' (RSA) to the list of known hosts.
user@192.168.20.120's password:
Permission denied, please try again.
user@192.168.20.120's password:
[root@linux_basic tmp]# usermod -U user
[root@linux_basic tmp]# ssh user@192.168.20.120
user@192.168.20.120's password:
-bash-4.1$ exit
logout
Connection to 192.168.20.120 closed.
chsh USERNAME 修改shell的
chfn USERNAME 修改注释信息
chage:
NAME
chage - change user password expiry information
SYNOPSIS
chage [options] [LOGIN] 用来改变密码的使用期限
DESCRIPTION
The chage command changes the number of days between password changes and the date of the last password change. This
information is used by the system to determine when a user must change his/her password.
-d, --lastday LAST_DAY 最近一次修改密码的时间
-E, --expiredate EXPIRE_DATE 账号的截止日期
-I, --inactive INACTIVE 密码过期后,可以使用的时间
-m, --mindays MIN_DAYS
-M, --maxdays MAX_DAYS
-W, --warndays WARN_DAYS
-l, --list show account aging information 列出用户的实效日期
[root@linux_basic tmp]# chage -l user
Last password change : Dec 21, 2014
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@linux_basic tmp]# chage -d 6000 user
[root@linux_basic tmp]# chage -l user
Last password change : Jun 06, 1986
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@linux_basic ~]# chage -E 500 user
[root@linux_basic ~]# chage -l user
Last password change : May 16, 1971
Password expires : never
Password inactive : never
Account expires : May 16, 1971
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@linux_basic ~]# chage -I 500 user
[root@linux_basic ~]# chage -l user
Last password change : May 16, 1971
Password expires : never
Password inactive : never
Account expires : May 16, 1971
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@linux_basic ~]# chage -M 500 user
[root@linux_basic ~]# chage -l user
Last password change : May 16, 1971
Password expires : Sep 27, 1972
Password inactive : Feb 09, 1974
Account expires : May 16, 1971
Minimum number of days between password change : 0
Maximum number of days between password change : 500
Number of days of warning before password expires : 7
[root@linux_basic ~]# chage -m 200 user
[root@linux_basic ~]# chage -l user
Last password change : May 16, 1971
Password expires : Sep 27, 1972
Password inactive : Feb 09, 1974
Account expires : May 16, 1971
Minimum number of days between password change : 200
Maximum number of days between password change : 500
Number of days of warning before password expires : 7
查看用户信息:
id USERNAME
-g
-G
-n
-u
id -gn
可用来判断用户是否存在
[root@linux_basic ~]# id -ng user
hello
[root@linux_basic ~]# id user
uid=510(user) gid=1009(hello) groups=1009(hello),1012(me)
who
whoami
finger 查看用户信息 centos 6默认没有安装的,需要安装
切换用户:
su: switch user
su [option] USERNAME
-l: 完全切换,l可省略
两种情况下,查看 PATH有很大不同的
-c 'COMMAND': 仅以指定用户运行命令,并取回结果
su username -c 'command'
[root@linux_basic ~]# su cactiuser -c 'ls /home/'
cactiuser how me user1 user10 user11 user4 user5 user7 user8 you
[root@linux_basic ~]# su cactiuser
[cactiuser@linux_basic root]$ echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[cactiuser@linux_basic root]$ exit
exit
[root@linux_basic ~]# su - cactiuser
[cactiuser@linux_basic ~]$ echo $PATH
/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/cactiuser/bin
[cactiuser@linux_basic ~]$ exit
logout
修改组:
groupmod
-g GID
-n NEW_GRP_NAME
给组设定密码:
gpasswd
切换新的基本组
newgrp
学习命令w
[root@linux_basic ~]# whatis w
w (1) - Show who is logged on and what they are doing
[root@linux_basic ~]# type w
w is /usr/bin/w
[root@linux_basic ~]# man w
W(1) Linux User’s Manual W(1)
NAME
w - Show who is logged on and what they are doing.
SYNOPSIS
w - [husfV] [user]
[root@linux_basic ~]# w user
14:56:50 up 2 days, 2:25, 3 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
[root@linux_basic ~]# w
14:56:54 up 2 days, 2:26, 3 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.20.93 07:14 39:26 0.47s 0.47s -bash
root pts/1 192.168.20.93 10:37 10:27 0.51s 0.51s -bash
root pts/2 192.168.20.93 14:15 0.00s 0.12s 0.01s w
命令总结:useradd, userdel, passwd, usermod, chage, chsh, chfn, who, id, finger, groupadd, groupdel, groupmod, gpasswd, newgrp, su, w
练习:
1、创建用户mandriva, 其ID为2200, 基本组为distro,组ID为3300, 附加组为peguin;
# groupadd -g 3300 distro
# groupadd peguin
# useradd -u 2200 -g distro -G peguin mandriva
2、创建用户gentoo,其全名为“Gentoo”,默认shell为/bin/tcsh;
# useradd -c "Gentoo" -s /bin/tcsh gentoo
3、修改mandriva的UID为4400, 基本组为linux, 附加组为distro和gentoo;
# usermod -u 4400 -g linux -a -G distro,gentoo mandriva
4、给gentoo添加密码,并设定其密码最短使用期限为2天,最长为60天,警告为3天,非活动期限为7天;
# echo 'gentoo' | passwd --stdin gentoo
# chage
1166
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
