@TOC
一、查看本地零碎版本
查看本地环境的操作系统版本,本次实际为centos7.6版本。
[root@docker ~]# cat /etc/os-release NAME="CentOS Linux"VERSION="7 (Core)"ID="centos"ID_LIKE="rhel fedora"VERSION_ID="7"PRETTY_NAME="CentOS Linux 7 (Core)"ANSI_COLOR="0;31"CPE_NAME="cpe:/o:centos:centos:7"HOME_URL="https://www.centos.org/"BUG_REPORT_URL="https://bugs.centos.org/"CENTOS_MANTISBT_PROJECT="CentOS-7"CENTOS_MANTISBT_PROJECT_VERSION="7"REDHAT_SUPPORT_PRODUCT="centos"REDHAT_SUPPORT_PRODUCT_VERSION="7"二、创立redhat普通用户
1.创立redhat用户
[root@docker ~]# useradd redhat2.为redhat用户设置明码
[root@docker ~]# passwd redhatChanging password for user redhat.New password: BAD PASSWORD: The password is shorter than 8 charactersRetype new password: passwd: all authentication tokens updated successfully.3.查问创立用户相干命令的绝对路径
[root@docker ~]# which useradd /usr/sbin/useradd[root@docker ~]# which passwd /usr/bin/passwd[root@docker ~]# which userdel /usr/sbin/userdel三、编辑/etc/sudoers文件
[root@docker ~]# vim /etc/sudoers[root@docker ~]# grep redhat /etc/sudoersredhat ALL=(ALL) /usr/sbin/useradd,/usr/bin/passwd,/usr/sbin/userdel四、查看redhat用户权限
1.切换到redhat用户
[root@docker ~]# su - redhat[redhat@docker ~]$ 2.新建huawei账号
[redhat@docker ~]$ sudo useradd huaweiWe trust you have received the usual lecture from the local SystemAdministrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.[sudo] password for redhat: 3.查看新创建用户
[redhat@docker ~]$ id huaweiuid=1002(huawei) gid=1002(huawei) groups=1002(huawei)4.为huawei账号设置明码
[redhat@docker ~]$ sudo passwd huaweiChanging password for user huawei.New password: BAD PASSWORD: The password is shorter than 8 charactersRetype new password: passwd: all authentication tokens updated successfully.5.删除huawei账号
[redhat@docker ~]$ sudo userdel huawei[redhat@docker ~]$ id huaweiid: huawei: no such user五、批量用户受权
1.设置别名
[root@docker ~]# grep -Evn '^#|^$|^##' /etc/sudoers22:User_Alias ADMINS = zhangsan, lisi30:Cmnd_Alias USERTEST = /usr/sbin/useradd, /usr/bin/passwd, /usr/sbin/userdel 59:Defaults !visiblepw68:Defaults always_set_home69:Defaults match_group_by_gid77:Defaults always_query_group_plugin79:Defaults env_reset80:Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"81:Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"82:Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"83:Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"84:Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"92:Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin104:root ALL=(ALL) ALL105:redhat ALL=(ALL) /usr/sbin/useradd,/usr/bin/passwd,/usr/sbin/userdel112:%wheel ALL=(ALL) ALL2.配置sudo受权
[root@docker ~]# grep ADMINS /etc/sudoers# User_Alias ADMINS = jsmith, mikemUser_Alias ADMINS = zhangsan, lisiADMINS ALL=(ALL) USERTEST六、测试批量受权成果
1.新建用户zhangsan
[root@docker ~]# useradd zhangsan[root@docker ~]# passwd zhangsanChanging password for user zhangsan.New password: BAD PASSWORD: The password contains the user name in some formRetype new password: passwd: all authentication tokens updated successfully.2.切换zhangsan用户
[root@docker ~]# su - zhangsan3.新建lisi用户并设置明码
[zhangsan@docker ~]$ sudo useradd lisiWe trust you have received the usual lecture from the local SystemAdministrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.[sudo] password for zhangsan: [zhangsan@docker ~]$ sudo passwd lisiChanging password for user lisi.New password: BAD PASSWORD: The password is shorter than 8 charactersRetype new password: passwd: all authentication tokens updated successfully.4.切换lisi用户
[zhangsan@docker ~]$ su - lisiPassword: [lisi@docker ~]$ id lisiuid=1003(lisi) gid=1003(lisi) groups=1003(lisi)5.切换lisi用户
[zhangsan@docker ~]$ su - lisiPassword: [lisi@docker ~]$ id lisiuid=1003(lisi) gid=1003(lisi) groups=1003(lisi)6.测试lisi用户权限
[lisi@docker ~]$ sudo useradd userWe trust you have received the usual lecture from the local SystemAdministrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.[sudo] password for lisi: [lisi@docker ~]$ sudo passwd userChanging password for user user.New password: BAD PASSWORD: The password is shorter than 8 charactersRetype new password: passwd: all authentication tokens updated successfully.[lisi@docker ~]$ id useruid=1004(user) gid=1004(user) groups=1004(user)[lisi@docker ~]$ sudo userdel user[lisi@docker ~]$ id userid: user: no such user