Linux 实用操作之权限管理

2 minute
CS

添加用户

1[root@VM-0-11-centos ~]# useradd jzh
2
3[root@VM-0-11-centos /]# id jzh
4uid=1000(jzh) gid=1000(jzh) groups=1000(jzh)
5
6[root@VM-0-11-centos /]# grep jzh /etc/passwd /etc/shadow /etc/group
7/etc/passwd:jzh:x:1000:1000::/home/jzh:/bin/bash
8/etc/shadow:jzh:!!:18980:0:99999:7:::
9/etc/group:jzh:x:1000:

x 指代密码,对应到 shadow 中,未设定即为 “!!”。

设置密码

在进行 useradd 后密码还未设定。

1[root@VM-0-11-centos /]# passwd jzh
2Changing password for user jzh.
3New password:
4BAD PASSWORD: The password is shorter than 8 characters
5Retype new password:
6passwd: all authentication tokens updated successfully.

若要让用户第一次能通过默认密码登录得上,并提示用户必须修改密码:

1[root@VM-0-11-centos /]# useradd vbird
2[root@VM-0-11-centos /]# echo "123456" | passwd --stdin vbird
3Changing password for user vbird.
4passwd: all authentication tokens updated successfully.
5[root@VM-0-11-centos /]# chage -d 0 vbird # -d接最近一次需要修改密码的时间

使用 vbird 用户登录:

 1vbird@101.34.217.138's password:
 2You are required to change your password immediately (root enforced)
 3Last login: Mon Dec 20 00:04:51 2021 from 113.200.174.13
 4WARNING: Your password has expired.
 5You must change your password now and login again!
 6# 提示需要修改密码
 7
 8# 修改密码
 9Changing password for user vbird.
10Changing password for vbird.
11(current) UNIX password:
12New password:
13Retype new password:
14passwd: all authentication tokens updated successfully.

添加群组与加入群组

1[root@VM-0-11-centos ~]# groupadd testgroup
2[root@VM-0-11-centos ~]# gpasswd testgroup
3Changing the password for group testgroup
4New Password:
5Re-enter new password:
6[root@VM-0-11-centos ~]# gpasswd -A vbird testgroup
7[root@VM-0-11-centos ~]# grep testgroup /etc/group /etc/gshadow
8/etc/group:testgroup:x:1002:
9/etc/gshadow:testgroup:$1$9v24LYZE$V/yYwmmoaKNpe9.zCPK3U.:vbird:

可见 vbird 已经加入该群组

通过ACL设置专有权限

团队开发时,由于原有权限无法满足需求,通常需要对某些成员设置专有权限。

setfacl&getfacl

  • -m 设置后续 acl 参数给文件使用
  • -x 删除后续 acl 参数
  • -R 递归设置
 1[root@VM-0-11-centos tmp]# touch acl
 2# 针对用户
 3[root@VM-0-11-centos tmp]# setfacl -m u:jzh:rx acl # 为jzh用户设置专有权限
 4
 5# 针对群组
 6[root@VM-0-11-centos tmp]# setfacl -m g:testgroup:rwx acl
 7[root@VM-0-11-centos tmp]# getfacl acl
 8# file: acl
 9# owner: root
10# group: root
11user::rw-
12user:jzh:r-x
13group::r--
14group:testgroup:rwx
15mask::rwx
16other::r--

登录

1su - # 使用root登录
2su - jzh # 使用jzh登录