该博客主要围绕Linux系统展开,介绍了普通用户的创建与删除操作,包括创建用户的命令及输入密码步骤,还说明了删除用户时相关参数的含义。同时,详细阐述了赋予用户root权限的三种方法,通过修改特定文件来实现权限的提升。
创建普通用户
就是直接输入命令便可以创建
创建用户
useradd mshing
passwd mshing
然后输入两遍密码就创建好一个mshing的用户了
删除普通用户
userdel mshing # 如果加参加-r的话就是连/home/mshing目录一起删除,不加就只是单纯删除用户,不删除数据。
参数说明
useradd创建的账户的默认值
useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
- 新用户添加到GID为100的公共组
- 新用户的HOME目录将会位于/home/username
- 新用户账户密码在过期后不会被禁用
- 新用户账户未被设置为某个日期后就过期
- 新用户账户将bash shell作为默认shell
- 系统会将/etc/skel目录下的内容复制到用户的HOME目录下
- 系统为该用户账户在mail目录下创建一个用于接收邮件的文件
useradd具体参数
useradd -h
Usage: useradd [options] LOGIN
useradd -D
useradd -D [options]
Options:
-b, --base-dir BASE_DIR base directory for the home directory of the
new account
-c, --comment COMMENT GECOS field of the new account
-d, --home-dir HOME_DIR home directory of the new account
-D, --defaults print or change default useradd configuration
-e, --expiredate EXPIRE_DATE expiration date of the new account
-f, --inactive INACTIVE password inactivity period of the new account
-g, --gid GROUP name or ID of the primary group of the new
account
-G, --groups GROUPS list of supplementary groups of the new
account
-h, --help display this help message and exit
-k, --skel SKEL_DIR use this alternative skeleton directory
-K, --key KEY=VALUE override /etc/login.defs defaults
-l, --no-log-init do not add the user to the lastlog and
faillog databases
-m, --create-home create the user's home directory
-M, --no-create-home do not create the user's home directory
-N, --no-user-group do not create a group with the same name as
the user
-o, --non-unique allow to create users with duplicate
(non-unique) UID
-p, --password PASSWORD encrypted password of the new account
-r, --system create a system account
-R, --root CHROOT_DIR directory to chroot into
-s, --shell SHELL login shell of the new account
-u, --uid UID user ID of the new account
-U, --user-group create a group with the same name as the user
-Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping
passwd具体参数
passwd --help
Usage: passwd [OPTION...] <accountName>
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root only)
-l, --lock lock the password for the named account (root only)
-u, --unlock unlock the password for the named account (root only)
-e, --expire expire the password for the named account (root only)
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before
password expiration (root only)
-i, --inactive=DAYS number of days after password expiration when an
account becomes disabled (root only)
-S, --status report password status on the named account (root
only)
--stdin read new tokens from stdin (root only)
Help options:
-?, --help Show this help message
--usage Display brief usage message
userdel具体参数
userdel -h
Usage: userdel [options] LOGIN
Options:
-f, --force force some actions that would fail otherwise
e.g. removal of user still logged in
or files, even if not owned by the user
-h, --help display this help message and exit
-r, --remove remove home directory and mail spool
-R, --root CHROOT_DIR directory to chroot into
-Z, --selinux-user remove any SELinux user mapping for the user
赋予root权限
方法一
修改 /etc/sudoers 文件,找到下面一行,把前面的注释(#)去掉
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
然后修改用户,使其属于root组(wheel),命令如下:
usermod -g root mshing
修改完毕,现在可以用mshing帐号登录,然后用命令 su - ,即可获得root权限进行操作。
方法二
修改 /etc/sudoers 文件,找到下面一行,在root下面添加一行,如下所示:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
mshing ALL=(ALL) ALL
修改完毕,现在可以用mshing帐号登录,然后用命令 su - ,即可获得root权限进行操作。
方法三
修改 /etc/passwd 文件,找到如下行,把用户ID修改为0 ,如下所示:
修改前
mshing:x:500:500:mshing:/home/mshing:/bin/bash
修改后
mshing:x:0:500:mshing:/home/mshing:/bin/bash
保存,用mshing账户登录后,直接获取的就是root帐号的权限。
扫一扫
1458
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
