账号和用户组
[root@192 ~]# tail -n 1 /etc/passwd
centos8_user: x :1000:1000:centos8_user:/home/centos8_user:/bin/bash
用户名 密码 UiD GID 说明信息 家目录 shell 目录
[root@192 ~]# tail -n 1 /etc/shadow
centos8_user:$6$63uOYua64……: 19077 : 0 : 99999
账号 密码 最近修改密码的时间 密码不可修改的天数 密码需要修改的天数
: 7 : : :
密码需要修改前警告天数 密码过期后宽限时间 密码失效日(与密码无关) 保留
[root@192 ~]# head -n 1 /etc/group
root: x : 0 :
组名 用户组密码 GID 此用户组支持的账号名称
[root@192 ~]# head -n 1 /etc/gshadow
root : : :
组名 密码 用户组管理账号 有加入该用户组支持的所属的账号
#将用户加入组
[root@192 ~]#usermod -d -G users centos8_user
[centos8_user@192 ~]$ groups
centos8_user users
#删除用户
[root@192 ~]# userdel testuser
[root@192 ~]# useradd testuser
[root@192 ~]# ll -d /home/testuser/
drwx------. 2 testuser testuser 62 Mar 27 06:18 /home/testuser/
[root@192 ~]# grep testuser /etc/passwd /etc/shadow /etc/group
/etc/passwd:testuser:x:1001:1001::/home/testuser:/bin/bash
/etc/shadow:testuser:!!:19077:0:99999:7:::
/etc/group:testuser:x:1001:
[root@192 ~]# useradd -u 1500 -g users testuser1
[root@192 ~]# grep testuser1 /etc/passwd /etc/shadow /etc/group
/etc/passwd:testuser1:x:1500:100::/home/testuser1:/bin/bash
/etc/shadow:testuser1:!!:19077:0:99999:7:::
useradd 默认参数
[root@192 ~]# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
[root@192 ~]#
设置密码
[root@192 ~]# passwd testuser
Changing password for user testuser.
New password:
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
密码模块
[root@192 ~]# cat /etc/pam.d/password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authselect is run.
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass nullok
auth required pam_deny.so
account required pam_unix.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
[root@192 ~]# cat /etc/pam.d/passwd
#%PAM-1.0
# This tool only uses the password stack.
password substack system-auth
-password optional pam_gnome_keyring.so use_authtok
password substack postlogin
[root@192 ~]#
密码参数
[root@192 ~]# cat /etc/login.defs | grep '^[^#]'
MAIL_DIR /var/spool/mail
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7
UID_MIN 1000
UID_MAX 60000
SYS_UID_MIN 201
SYS_UID_MAX 999
GID_MIN 1000
GID_MAX 60000
SYS_GID_MIN 201
SYS_GID_MAX 999
CREATE_HOME yes
UMASK 077
USERGROUPS_ENAB yes
ENCRYPT_METHOD SHA512
[root@192 ~]#
锁定、解锁用户
[root@192 ~]# passwd -l testuser
Locking password for user testuser.
passwd: Success
[root@192 ~]# passwd -S testuser
testuser LK 2022-03-26 0 99999 7 -1 (Password locked.)
[root@192 ~]# passwd -u testuser
Unlocking password for user testuser.
passwd: Success
[root@192 ~]#
查看密码参数
[root@192 ~]# chage -l testuser
Last password change : Mar 26, 2022
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
-d Last password change : Mar 26, 2022
-E Account expires : never
-I Password expires : never
-m
-M Number of days of warning before password expires : 7
-W Number of days of warning before password expires : 7
[root@192 ~]# id
uid=0(root) gid=0(root) groups=0(root)
新增、删除用户组
[root@192 ~]# groupadd testgroup
[root@192 ~]# groupdel testgroup
添加组管理员
[root@192 ~]# groupadd testgroup
[root@192 ~]# gpasswd testgroup
Changing the password for group testgroup
New Password:
Re-enter new password:
[root@192 ~]# gpasswd -A centos8_user testgroup
[root@192 ~]# grep testgroup /etc/gshadow /etc/group
/etc/gshadow:testgroup:$6$dg9Bv/80GNb/fc.P$9m.rNQImNxyVEFZ3HWmwcsZUkUtmM8SICgNw.6W6P22tOxwa6WEmhCmMcM8ZsVz1bYIA.ENJdhHkIzaJCTj/r/:centos8_user:
/etc/group:testgroup:
案例
| 账号名称 | 账号全名 | 支持次要用户组 | 是否登录主机 | 密码 |
|---|
| myuser1 | 1st user | mygroup1 | Y | password |
| myuser2 | 2nd user | mygroup1 | Y | password |
| myuser3 | 3rd user | 无额外支持 | N | password |
[root@192 ~]# groupadd mygroup1
[root@192 ~]# useradd -G mygroup1 -c "1st user" mysuer1
[root@192 ~]# useradd -G mygroup1 -c "2nd user" mysuer2
[root@192 ~]# useradd -G mygroup1 -c "3rd user" -s /sbin/nologin mysuer3
[root@192 ~]# echo "password" | passwd --stdin mysuer1
Changing password for user mysuer1.
passwd: all authentication tokens updated successfully.
[root@192 ~]# echo "password" | passwd --stdin mysuer2
Changing password for user mysuer2.
passwd: all authentication tokens updated successfully.
[root@192 ~]# echo "password" | passwd --stdin mysuer3
Changing password for user mysuer3.
passwd: all authentication tokens updated successfully.
| 账号名称 | 支持次要用户组 | 密码 |
|---|
| pro1 | projecta | password |
| pro2 | projecta | password |
| pro3 | projecta | password |
[root@192 ~]# groupadd projecta
[root@192 ~]# useradd -G projecta -c "projecta" pro1
[root@192 ~]# useradd -G projecta -c "projecta" pro2
[root@192 ~]# useradd -G projecta -c "projecta" pro3
[root@192 ~]# echo "password" | passwd --stdin pro1
Changing password for user mysuer1.
passwd: all authentication tokens updated successfully.
[root@192 ~]# echo "password" | passwd --stdin pro2
Changing password for user mysuer2.
passwd: all authentication tokens updated successfully.
[root@192 ~]# echo "password" | passwd --stdin pro3
Changing password for user mysuer3.
passwd: all authentication tokens updated successfully.
[root@192 ~]# mkdir /srv/projecta
[root@192 ~]# chgrp projecta /srv/projecta/
[root@192 ~]# chmod 2775 /srv/projecta/
[root@192 ~]# ll -d /srv/projecta/
drwxrwsr-x. 2 root projecta 6 Mar 27 07:08 /srv/projecta/
[root@192 ~]#gpasswd -A centos8_user projecta
磁盘配额与高级文件管理
计划任务
crontab
[root@192 ~]# crontab -l
0 11 * * * wall "test jihuarenwu"
#分 时 日 月 周 命令
# -e 编辑 -l 查看 -r 删除
[root@192 ~]#
[root@192 ~]#
[root@192 ~]# date
Sun Mar 27 10:59:56 CST 2022
Broadcast message from root@192.168.1.8 (somewhere) (Sun Mar 27 11:00:01 2022):
test jihuarenwu
| 特殊字符 | 说明 |
|---|
| * | 匹配所有 |
| , | 3,6 3和6 |
| - | 20 7-10 7点到10点 每20分钟 |
| /n | n代表数字 每隔n单位时间 */5 每隔5分钟 |
[root@192 ~]# cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
anacron
[root@192 ~]# cat /etc/anacrontab
# /etc/anacrontab: configuration file for anacron
# See anacron(8) and anacrontab(5) for details.
SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# the maximal random delay added to the base delay of the jobs
RANDOM_DELAY=45
# the jobs will be started during the following hours only
START_HOURS_RANGE=3-22
#period in days delay in minutes job-identifier command
1 5 cron.daily nice run-parts /etc/cron.daily
7 25 cron.weekly nice run-parts /etc/cron.weekly
@monthly 45 cron.monthly nice run-parts /etc/cron.monthly
anacron [-s] [-f] [-n] [-d] [-q] [-t anacrontab] [-S spooldir] [job]
anacron [-S spooldir] -u [-t anacrontab] [job]
anacron [-V|-h]
anacron -T [-t anacrontab]
| option | 说明 |
|---|
| -s | 开始连续执行任务 |
| -f | 强制执行 |
| -n | 立刻执行未执行任务 |
| -u | 更新记录文件时间戳不执行任务 |
| job | /etc/anacrontab定义的任务 |
进程管理
#查看当前进程
[root@192 ~]# ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
0 S 0 7645 7631 0 80 0 - 6370 - pts/0 00:00:00 bash
0 R 0 7758 7645 0 80 0 - 11191 - pts/0 00:00:00 ps
4 T 0 7760 7645 0 80 0 - 8097 - pts/0 00:00:00 ping
[root@192 ~]#
查看后台任务
[root@192 ~]# jobs -l
[2] 7816 Running ping 192.168.1.1 > ping.log &
[3]- 7819 Stopped find / -print
[4]+ 7820 Stopped find / -print
[root@192 ~]# jobs -r
[2] Running ping 192.168.1.1 > ping.log &
[root@192 ~]# jobs -s
[3]- Stopped find / -print
[4]+ Stopped find / -print
[root@192 ~]#
[root@192 ~]# ping 192.168.1.1 > ping.log &
[1] 7828
[root@192 ~]# jobs
[1]+ Running ping 192.168.1.1 > ping.log &
[root@192 ~]# fg
ping 192.168.1.1 > ping.log
^C[root@192 ~]# jobs
[root@192 ~]#
#fg n 将后台任务n显示
杀死进程
[root@192 ~]# kill -l
1) SIGHUP#启动进程 2) SIGINT#终端进程 3) SIGQUIT 4) SIGILL 5) SIGTRAP
6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL#结束进程 10) SIGUSR1
11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM#以正常方式结束进程
16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP#暂停进程 20) SIGTSTP
21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ
26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR
31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3
38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8
43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13
48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12
53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7
58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2
63) SIGRTMAX-1 64) SIGRTMAX
[root@192 ~]# kill -9 %1 ; jobs
[1]+ Running ping 192.168.1.1 > ping.log &
[root@192 ~]# kill -9 %1 ; jobs
-bash: kill: (7830) - No such process
[1]+ Killed ping 192.168.1.1 > ping.log
[root@192 ~]# ps aux | grep "rsys.*"
root 1374 0.0 0.4 208748 9008 ? Ssl Mar26 0:01 /usr/sbin/rsyslogd -n
[root@192 ~]# ps aux | grep "rsys.*" | grep -v 'grep'
root 1374 0.0 0.4 208748 9008 ? Ssl Mar26 0:01 /usr/sbin/rsyslogd -n
[root@192 ~]# ps aux | grep "rsys.*" | grep -v 'grep' | awk '{print $2}'
1374
[root@192 ~]# kill -1 $(ps aux | grep "rsys.*" | grep -v 'grep' | awk '{print $2}')
杀死服务
killall -i 进程名称
查看进程
ps [options]
| option | 说明 |
|---|
| -A | 所有进程与-e一样效果 |
| -a | 不显示与终端有关的进程 |
| -u | 有效使用者的相关进程 |
| x | 列出比较完整的信息 |
| l | pid 信息详细列出来 |
| j | 任务的格式 |
| -f | 做一个完整的输出 |
[root@192 ~]# ps aux | head -n 5
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.7 178652 13204 ? Ss Mar26 0:01 /usr/lib
root 2 0.0 0.0 0 0 ? S Mar26 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? I< Mar26 0:00 [rcu_gp]
root 4 0.0 0.0 0 0 ? I< Mar26 0:00 [rcu_par_gp]
#查看自己的进程
[root@192 ~]# ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
0 S 0 7645 7631 0 80 0 - 6403 - pts/0 00:00:00 bash
4 S 0 7859 7645 0 80 0 - 31037 - pts/0 00:00:00 su
4 S 0 7860 7859 0 80 0 - 6344 - pts/0 00:00:00 bash
#F 4代表root S代表状态:R表示运行、S代表休眠、D代表不可唤醒状态、T停止的状态、Z:僵尸状态
#
#查看所有树状 进程ID
[root@192 ~]# ps axjf | head -n 10
PPID PID PGID SID TTY TPGID STAT UID TIME COMMAND
0 2 0 0 ? -1 S 0 0:00 [kthreadd]
2 3 0 0 ? -1 I< 0 0:00 \_ [rcu_gp]
2 4 0 0 ? -1 I< 0 0:00 \_ [rcu_par_gp]
2 6 0 0 ? -1 I< 0 0:00 \_ [kworker/0:0H]
2 8 0 0 ? -1 I< 0 0:00 \_ [mm_percpu_wq]
2 9 0 0 ? -1 S 0 0:00 \_ [ksoftirqd/0]
2 10 0 0 ? -1 I 0 0:06 \_ [rcu_sched]
2 11 0 0 ? -1 S 0 0:00 \_ [migration/0]
2 12 0 0 ? -1 S 0 0:00 \_ [watchdog/0]
[root@192 ~]#
查看动态进程变化
top -hv|-bcEHiOSs1 -d secs -n max -u|U user -p pid -o fld -w [cols]
| 选项 | 说明 |
|---|
| -d | 刷新时间单位秒 |
| -b | 以批量方式执行top |
| -n | 与-b一起使用,需要执行几次top的输出结果 |
| -p | 指定PID信息 |
| P | 以cpu 排序 |
| M | 以内存排序 |
| N | 以pid排序 |
| T | 由该进程使用的cpu时间累积排序 |
| r | 给予pid一个nice值 |
| k | 给予pid一个信号 |
[root@192 ~]# top | head -n 10
top - 12:31:31 up 14:48, 3 users, load average: 0.00, 0.00, 0.00
Tasks: 153 total, 1 running, 152 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.0 us, 2.9 sy, 0.0 ni, 97.1 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 1806.2 total, 1179.4 free, 261.1 used, 365.7 buff/cache
MiB Swap: 3072.0 total, 3072.0 free, 0.0 used. 1363.5 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 178652 13204 8364 S 0.0 0.7 0:01.75 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
#在top 命令中 输入 相关参数排序
查看系统资源
[root@192 ~]# free -m -t -s 2
# 单位 总量 刷新时间2s
total used free shared buff/cache available
Mem: 1806 260 1179 8 365 1363
Swap: 3071 0 3071
Total: 4878 260 4251
total used free shared buff/cache available
Mem: 1806 260 1179 8 365 1363
Swap: 3071 0 3071
Total: 4878 260 4251
total used free shared buff/cache available
Mem: 1806 260 1179 8 365 1363
Swap: 3071 0 3071
Total: 4878 260 4251
total used free shared buff/cache available
Mem: 1806 260 1179 8 365 1363
Swap: 3071 0 3071
Total: 4878 260 4251
[root@192 ~]# uptime
12:57:29 up 15:14, 3 users, load average: 0.00, 0.00, 0.00
#查看系统运行时间 以及最近1、5、15分钟负载情况
设置SEClinux
root@192 ~]# getenforce
Enforcing
[root@192 ~]# setenforce disabled
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
[root@192 ~]# setenforce 0
[root@192 ~]# getenforce 0
Permissive
服务
[root@192 ~]# cat /usr/lib/systemd/system/sshd.service
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.target
Wants=sshd-keygen.target
[Service]
Type=notify
EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
EnvironmentFile=-/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
[root@192 ~]#
systemctl
systemctl [OPTIONS...] COMMAND [UNIT...]
#start 、stop 、restart、reload、enable、disable、status、
[root@192 ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-03-26 18:57:32 CST; 18h ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 975 (sshd)
Tasks: 1 (limit: 11338)
Memory: 13.6M
CGroup: /system.slice/sshd.service
└─975 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac>
Mar 27 12:03:26 192.168.1.8 sshd[7773]: Accepted password for centos8_user from 192.168.1.5 port 53268 ssh2
Mar 27 12:03:26 192.168.1.8 sshd[7773]: pam_unix(sshd:session): session opened for user centos8_user by (uid=0)
lines 1-21/21 (END)
#查看服务与端口对应
[root@192 ~]# cat -n /etc/services | less
