linux账户创建及其权限规划 - zbunix/building GitHub Wiki
- 手工指定参数创建git用户
$ sudo addgroup --gid 1002 git
Adding group `git' (GID 1002) ...
Done.
$ sudo adduser --home /git --uid 1002 --gid 1002 git
Warning: The home dir /git you specified already exists.
Adding user `git' ...
Adding new user `git' (1002) with group `git' ...
The home directory `/git' already exists. Not copying from `/etc/skel'.
adduser: Warning: The home directory `/git' does not belong to the user you are currently creating.
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for git
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
$ sudo chown git:git -R /git
- 初始密码
os-group组里用户密码: os123456 app-group组里用户密码: app123456 hw-group组里用户密码: hw123456
- 192.168.1.98用户信息
gitolite:x:490:481:git repository hosting:/var/lib/gitolite:/bin/sh os-git:x:501:503::/home/os-git:/bin/bash app-git:x:502:503::/home/app-git:/bin/bash os-peter:x:503:0::/home/os-peter:/bin/bash os-zhuw:x:504:0::/home/os-zhuw:/bin/bash os-xiaochangfu:x:505:501::/home/os-xiaochangfu:/bin/bash os-luoyangbo:x:506:501::/home/os-luoyangbo:/bin/bash os-tanchenxi:x:507:501::/home/os-tanchenxi:/bin/bash os-test:x:509:501::/home/os-test:/bin/bash app-lilinhuang:x:510:502::/home/app-lilinhuang:/bin/bash app-zhuwenwei:x:511:502::/home/app-zhuwenwei:/bin/bash app-liuweijiang:x:512:502::/home/app-liuweijiang:/bin/bash app-chenwei:x:513:502::/home/app-chenwei:/bin/bash app-wanghanwen:x:514:502::/home/app-wanghanwen:/bin/bash app-test:x:515:502::/home/app-test:/bin/bash tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat5:/bin/sh os-huangfujun:x:516:501::/home/os-huangfujun:/bin/bash os-weizb:x:517:501::/home/os-weizb:/bin/bash os-tt:x:518:501:tt:/home/os-tt:/bin/bash
- 使用addgroup adduser工具方法 ** 新创建组名
root@android-work1:/opt# addgroup --gid 8000 os-group root@android-work1:/opt# addgroup --gid 8001 app-group root@android-work1:/opt# addgroup --gid 8002 hw-group root@android-work1:/opt# addgroup --gid 8003 dqa-group root@android-work1:/opt# addgroup --gid 8010 samba-all root@android-work1:/opt# addgroup --gid 8011 git-group
** 新创建用户名
缺省密码:os123456 root@android-work1:~# adduser --gid 8000 --uid 8000 os-vip root@android-work1:~# adduser --gid 8000 --uid 8001 os-huangfujun root@android-work1:~# adduser --gid 8000 --uid 8002 os-weizb root@android-work1:~# adduser --gid 8000 --uid 8003 os-peter root@android-work1:~# adduser --gid 8000 --uid 8004 os-tanchenxi os-weizb@android-work2:~$ sudo adduser --gid 1001 --uid 1005 os-zhaoxunling 缺省密码:app123456 root@android-work1:~# adduser --gid 8001 --uid 8100 app-vip root@android-work1:~# adduser --gid 8001 --uid 8101 app-lilinhuang root@android-work1:~# adduser --gid 8001 --uid 8102 app-zhuwenwei root@android-work1:~# adduser --gid 8001 --uid 8103 app-liuweijiang root@android-work1:~# adduser --gid 8001 --uid 8104 app-chenwei root@android-work1:~# adduser --gid 8001 --uid 8105 app-wanghanwen root@android-work1:~# adduser --gid 8001 --uid 8106 app-zhanxm os-weizb@android-work2:~$ sudo adduser --gid 1002 --uid 1020 app-zhaodan os-weizb@android-work2:~$ sudo adduser --gid 1002 --uid 1023 app-wanghongbo 缺省密码:hw123456 root@android-work1:~# adduser --gid 8002 --uid 8200 hw-vip root@android-work1:~# adduser --gid 8002 --uid 8201 hw-yangzhu root@android-work1:~# adduser --gid 8002 --uid 8202 hw-liuhe root@android-work1:~# adduser --gid 8002 --uid 8203 hw-fangwei root@android-work1:~# adduser --gid 8003 --uid 8300 dqa-vip root@android-work1:~# adduser os-vip samba-all root@android-work1:~# adduser os-huangfujun samba-all os-weizb@android-work2:~$ sudo adduser os-zhaoxunling samba-all os-weizb@android-work2:~$ sudo adduser app-zhaodan samba-all 缺省密码:vip1234567 os1234567 app1234567 root@android-work1:~# adduser --gid 8011 --uid 8800 --home /nwd-data/vip-git vip-git root@android-work1:~# adduser --gid 8011 --uid 8801 --home /nwd-data/os-git os-git root@android-work1:~# adduser --gid 8011 --uid 8802 --home /nwd-data/app-git app-git
** 修改用户的家目录权限为最低
root@android-work2:/home# chmod -R 700 *
** 后悔药
如何把一个目录下的所有目录属性改为755,文件属性改为644?
目录: find path -type d -exec chmod 755 {} \;
文件: find path -type f -exec chmod 644 {} \;
其中path为你需要修改的目录的路径
** 查看用户名的ID及组信息:
root@android-work2:~# id os-vip uid=1007(os-vip) gid=1002(os-group) 组=1002(os-group)
** 修改用户信息,修改os-vip用户所属组为os-weizb
root@android-work2:~# usermod -g os-weizb os-vip
** 手工修改其目录文件所属新的组
root@android-work2:/nwd-data/app-group# chown -R root:app-group app-zhanxm root@android-work2:/nwd-data/app-group# chmod 770 app-zhanxm
** 创建备份的组目录和用户目录及其权限
root@android-work2:/nwd-data# mkdir -p os-group/os-vip root@android-work2:/nwd-data# mkdir -p os-group/os-weizb root@android-work2:/nwd-data# mkdir -p os-group/os-peter root@android-work2:/nwd-data# mkdir -p os-group/os-huangfujun root@android-work2:/nwd-data# mkdir -p os-group/os-tanchenxi root@android-work2:/nwd-data# chgrp os-group -R /nwd-data/os-group root@android-work2:/nwd-data# chmod 770 -R /nwd-data/os-group root@android-work2:/nwd-data# root@android-work2:/nwd-data# mkdir -p app-group/app-vip root@android-work2:/nwd-data# mkdir -p app-group/app-lilinhuang root@android-work2:/nwd-data# mkdir -p app-group/app-chenwei root@android-work2:/nwd-data# mkdir -p app-group/app-liuweijiang root@android-work2:/nwd-data# mkdir -p app-group/app-wanghanwen root@android-work2:/nwd-data# mkdir -p app-group/app-zhuwenwei root@android-work2:/nwd-data# chgrp app-group -R /nwd-data/app-group root@android-work2:/nwd-data# chmod 770 -R /nwd-data/app-group root@android-work2:/nwd-data/app-group# mkdir app-wanghongbo root@android-work2:/nwd-data/app-group# chown -R app-wanghongbo:app-group app-wanghongbo root@android-work2:/nwd-data/app-group# chmod -R 770 app-wanghongbo
** 创建samba-all组
root@android-work1:~# addgroup samba-all
** 增加指定用户到samba-all组
root@android-work1:~# adduser os-weizb samba-all root@android-work1:~# adduser os-peter samba-all root@android-work1:~# adduser os-tanchenxi samba-all root@android-work1:~# adduser os-huangfujun samba-all root@android-work1:~# adduser os-vip samba-all root@android-work1:~# adduser app-lilinhuang samba-all root@android-work1:~# adduser app-zhuwenwei samba-all root@android-work1:~# adduser app-liuweijiang samba-all root@android-work1:~# adduser app-chenwei samba-all root@android-work1:~# adduser app-wanghanwen samba-all root@android-work1:~# adduser app-vip samba-all root@android-work1:~# adduser hw-yangzhu samba-all root@android-work1:~# adduser hw-liuhe samba-all root@android-work1:~# adduser hw-vip samba-all root@android-work2:/nwd-data/app-group# adduser app-wanghongbo samba-all
** 创建3部用户在windows都可以读写的目录
root@android-work1:~# mkdir /nwd-data/os3-server root@android-work1:~# chgrp -R samba-all /nwd-data/os3-server root@android-work1:~# chmod -R 770 /nwd-data/os3-server
* 添加删除用户和用户组 ** 直接修改用户配置文件/etc/passwd和/etc/groups方法
/etc/shadow、/etc/groups和/etc/gshadow 文件* 无密码认证登录查看/etc/default/useradd 和/etc/login.defs文件的规则
useradd秀出现在的预设值 root@android-work2:/etc/default# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/sh SKEL=/etc/skel CREATE_MAIL_SPOOL=no
查看 /home/beinanlinux目录下的文件,是不是和/etc/skel目录中的一样
关于在添加新用户时用户组,添加用户时,如果不使用-n 参数,系统会自动建一个与用户名同名的用户组;
97服务器 os-weizb@android-work1:~$ ssh-keygen os-weizb@android-work1:~/.ssh$ cat id_rsa.pub > authorized_keys99服务器 os-weizb@android-work2:
$ mkdir .ssh && cd .ssh os-weizb@android-work2:/.ssh$ scp [email protected]:/.ssh/id_rsa* . os-weizb@android-work2:/.ssh$ cat id_rsa.pub > authorized_keys98服务器 [/home/os-weizb]$ mkdir .ssh && cd .ssh [/home/os-weizb/.ssh] $ scp [email protected]:~/.ssh/id_rsa* . [/home/os-weizb/.ssh] $ cat id_rsa.pub > authorized_keys