天天看点
返回

Linux相关知识的第三回合

文章目录

    • 文件通配符模式的过招
    • 用户、组管理的过招
    • 文件权限的过招

文件通配符模式的过招

显示/etc目录下,以非字母开头,后面跟了一个字母以及其它任意长度任意字符的文件或目录

[[email protected] ~]$ ll -d /etc/[!a-Z][a-Z]*
-rw-r--r-- 1 root root 19 Mar 23 09:34 /etc/3hooper.conf

[[email protected] ~]$ ll -d /etc/[![:alpha:][:alpha:]]*
-rw-r--r-- 1 root root 19 Mar 23 09:34 /etc/3hooper.conf

复制/etc目录下所有以p开头,以非数字结尾的文件或目录到/tmp/mytest1目录中

[[email protected] ~]$ cp -rp /etc /tmp/mytest1
[[email protected] ~]$ ll -d /tmp/mytest1/p*[!0-9]
-rw-r--r--  1 root root  233 Jun  7  2013 /tmp/mytest1/printcap
drwxr-xr-x  2 root root    6 Jun 10  2014 /tmp/mytest1/popt.d
-rw-r--r--  1 root root 6.4K Oct 31  2018 /tmp/mytest1/protocols
drwxr-xr-x  5 root root   52 Mar  9 10:19 /tmp/mytest1/pm
drwxr-xr-x  2 root root   35 Mar  9 10:20 /tmp/mytest1/python
drwxr-xr-x  3 root root  123 Mar  9 10:20 /tmp/mytest1/ppp
drwxr-xr-x  2 root root   78 Mar  9 10:20 /tmp/mytest1/prelink.conf.d
drwxr-xr-x  2 root root   28 Mar  9 10:20 /tmp/mytest1/plymouth
drwxr-xr-x  2 root root  154 Mar  9 10:21 /tmp/mytest1/postfix
drwxr-xr-x 10 root root  116 Mar  9 10:21 /tmp/mytest1/pki
-rw-r--r--  1 root root 1.9K Mar  9 10:38 /tmp/mytest1/profile
-rw-r--r--  1 root root  925 Mar  9 10:42 /tmp/mytest1/passwd-
drwxr-xr-x  2 root root 4.0K Mar  9 10:42 /tmp/mytest1/pam.d
-rw-r--r--  1 root root 1002 Mar  9 14:58 /tmp/mytest1/passwd
drwxr-xr-x  2 root root 4.0K Mar 10 11:19 /tmp/mytest1/profile.d

[[email protected] ~]$ ll -d /tmp/mytest1/p*[![:digit:]]
-rw-r--r--  1 root root  233 Jun  7  2013 /tmp/mytest1/printcap
drwxr-xr-x  2 root root    6 Jun 10  2014 /tmp/mytest1/popt.d
-rw-r--r--  1 root root 6.4K Oct 31  2018 /tmp/mytest1/protocols
drwxr-xr-x  5 root root   52 Mar  9 10:19 /tmp/mytest1/pm
drwxr-xr-x  2 root root   35 Mar  9 10:20 /tmp/mytest1/python
drwxr-xr-x  3 root root  123 Mar  9 10:20 /tmp/mytest1/ppp
drwxr-xr-x  2 root root   78 Mar  9 10:20 /tmp/mytest1/prelink.conf.d
drwxr-xr-x  2 root root   28 Mar  9 10:20 /tmp/mytest1/plymouth
drwxr-xr-x  2 root root  154 Mar  9 10:21 /tmp/mytest1/postfix
drwxr-xr-x 10 root root  116 Mar  9 10:21 /tmp/mytest1/pki
-rw-r--r--  1 root root 1.9K Mar  9 10:38 /tmp/mytest1/profile
-rw-r--r--  1 root root  925 Mar  9 10:42 /tmp/mytest1/passwd-
drwxr-xr-x  2 root root 4.0K Mar  9 10:42 /tmp/mytest1/pam.d
-rw-r--r--  1 root root 1002 Mar  9 14:58 /tmp/mytest1/passwd
drwxr-xr-x  2 root root 4.0K Mar 10 11:19 /tmp/mytest1/profile.d

将/etc/issue文件中的内容转换为大写后保存至/tmp/issue.out文件中

[[email protected] ~]$ cat /etc/issue
\S
Kernel \r on an \m

[[email protected] ~]$ tr '[[:lower:]]' '[[:upper:]]' < /etc/issue > /tmp/issue.out
[[email protected] ~]$ cat /tmp/issue.out
\S
KERNEL \R ON AN \M

用户、组管理的过招

请总结描述用户和组管理类命令的使用方法并完成以下练习:

创建组distro,其GID为2019

[[email protected] ~]$ grep 2019 /etc/group
[[email protected] ~]$ sudo groupadd -g 2019 distro
[[email protected] ~]$ grep 2019 /etc/group
distro:x:2019:

创建用户mandriva, 其ID号为1005;基本组为distro

[[email protected] ~]$ id 1005
id: 1005: no such user
[[email protected] ~]$ sudo useradd -g distro -u 1005 mandriva
[[email protected] ~]$ id 1005
uid=1005(mandriva) gid=2019(distro) groups=2019(distro)

创建用户mageia,其ID号为1100,家目录为/home/linux

[[email protected] ~]$ id 1100
id: 1100: no such user
[[email protected] ~]$ sudo useradd -u 1100 -d /home/linux mageia
[[email protected] ~]$ id 1100
uid=1100(mageia) gid=1100(mageia) 组=1100(mageia)
[[email protected] ~]$ grep 1100 /etc/passwd
mageia:x:1100:1100::/home/linux:/bin/bash

给用户mageia添加密码,密码为mageedu,并设置用户密码7天后过期

[[email protected] ~]$ echo 'mageedu' |sudo passwd --stdin mageia -x 7
Adjusting aging data for user mageia.
passwd: Success
[[email protected] ~]$ sudo getent shadow mageia
mageia:$6$NB7X7Qfv$sVq/V6roYzOEjtwviVTI7aF2P/4LAunl8jdM5pv2Bq45p.8bsKmXEnMa8JaJD7bqNYckhYDvQAIDnY1VfhRfr.:18709:0:7:7:::
[[email protected] ~]$ sudo chage -l mageia
Last password change					: Mar 23, 2021
Password expires					: Mar 30, 2021
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 7
Number of days of warning before password expires	: 7

删除mandriva,但保留其家目录

[[email protected] ~]$ ll /home/|grep man
drwx------  2 mandriva distro  62 Mar 23 11:27 mandriva
[[email protected] ~]$ sudo userdel mandriva
[[email protected] ~]$ ll /home/|grep man
drwx------  2   1005 distro  62 Mar 23 11:27 mandriva
[[email protected] ~]$ id mandriva
id: mandriva: no such user

创建用户slackware,其ID号为2002,基本组为distro,附加组peguin

[[email protected] ~]$ id 2002
id: 2002: no such user
[[email protected] ~]$ sudo groupadd peguin && sudo useradd -u 2002 -g distro -G peguin slackware
[[email protected] ~]$ id 2002
uid=2002(slackware) gid=2019(distro) groups=2019(distro),2020(peguin)

修改slackware的默认shell为/bin/tcsh

[[email protected] ~]$ grep slackware /etc/passwd
slackware:x:2002:2019::/home/slackware:/bin/bash
[[email protected] ~]$ sudo usermod -s /bin/tcsh slackware
[[email protected] ~]$ grep slackware /etc/passwd
slackware:x:2002:2019::/home/slackware:/bin/tcsh

为用户slackware新增附加组admins,并设置不可登陆

[[email protected] ~]$ id slackware
uid=2002(slackware) gid=2019(distro) groups=2019(distro),2020(peguin)
[[email protected] ~]$ sudo groupmems  -l -g admins
groupmems: group 'admins' does not exist in /etc/group

[[email protected] ~]$ sudo groupadd admins
[[email protected] ~]$ sudo usermod -aG admins slackware
[[email protected] ~]$ sudo groupmems  -l -g admins
slackware
[[email protected] ~]$ id slackware
uid=2002(slackware) gid=2019(distro) groups=2019(distro),2020(peguin),2021(admins)

# 修改用户不可登录
[[email protected] ~]$ sudo usermod -L slackware
[[email protected] ~]$ sudo passwd -S slackware
slackware LK 2021-03-23 0 99999 7 -1 (Password locked.)

# 通过修改用户登录的shell,来禁止用户登录
# /bin/false是最严格的禁止login选项,一切服务都不能用
# /sbin/nologin只是不允许login系统,但可以使用其他ftp等服务
[[email protected] ~]$ grep slackware /etc/passwd
slackware:x:2002:2019::/home/slackware:/bin/tcsh
[[email protected] ~]$ sudo usermod -s /sbin/nologin slackware
[[email protected] ~]$ grep slackware /etc/passwd
slackware:x:2002:2019::/home/slackware:/sbin/nologin

文件权限的过招

创建用户user1、user2、user3。在/data/下创建目录test

# 方法一:
[[email protected] ~]$ for i in {1..3};do sudo useradd user$i;done
Try 'id --help' for more information.
[[email protected] ~]$ id user1
uid=2003(user1) gid=2003(user1) 组=2003(user1)
[[email protected] ~]$ id user2
uid=2004(user2) gid=2004(user2) 组=2004(user2)
[[email protected] ~]$ id user3
uid=2005(user3) gid=2005(user3) 组=2005(user3)

# 方法二:
for i in $(seq 3);do sudo useradd user$i;done

目录/data/test属主、属组为user1

[[email protected] ~]$ sudo mkdir /data/test
[[email protected] ~]$ ll -d /data/test/
drwxr-xr-x 2 root root 6 3月  23 14:30 /data/test/
[[email protected] ~]$ sudo chown user1:user1 /data/test
[[email protected] ~]$ ll -d /data/test/
drwxr-xr-x 2 user1 user1 6 3月  23 14:30 /data/test/

在目录属主、属组不变的情况下,user2对文件有读写权限

[[email protected] ~]$ sudo setfacl -m u:user2:rx /data/test
[[email protected] ~]$ ll -d /data/test
drwxr-xr-x+ 2 user1 user1 6 Mar 23 14:30 /data/test

user1在/data/test目录下创建文件a1.sh, a2.sh, a3.sh, a4.sh,设置所有用户都不可删除1.sh,2.sh文件、除了user1及root之外,所有用户都不可删除a3.sh, a4.sh

# 创建文件
[[email protected] ~]$ sudo su - user1
Last login: Tue Mar 23 14:39:38 CST 2021 on pts/0
[[email protected] ~]$ ll /data/test/
total 0
[[email protected] ~]$ touch /data/test/a{1..4}.sh
[[email protected] ~]$ ll /data/test/
total 0
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a1.sh
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a2.sh
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a3.sh
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a4.sh

# 设置1.sh,2.sh文件权限,所有用户都不能删除
[[email protected] test]$ exit
logout
[[email protected] ~]$ cd /data/test/
[[email protected] test]$ ll
total 0
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a1.sh
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a2.sh
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a3.sh
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a4.sh
[[email protected] test]$ sudo chattr +i a1.sh a2.sh
[[email protected] test]$ lsattr a1.sh a2.sh
----i----------- a1.sh
----i----------- a2.sh
[[email protected] test]$ ll
total 0
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a1.sh
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a2.sh
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a3.sh
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a4.sh
# 验证
[[email protected] test]$ rm -rf /data/test/a1.sh
rm: cannot remove ‘/data/test/a1.sh’: Permission denied
[[email protected] ~]$ rm -rf /data/test/a1.sh
rm: cannot remove ‘/data/test/a1.sh’: Operation not permitted

# 设置a3.sh、a4.sh文件权限,只有user1及root可以删除,其他人不能删除
[[email protected] test]$ sudo chmod a+t a3.sh a4.sh
[[email protected] test]$ ll
total 0
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a1.sh
-rw-rw-r-- 1 user1 user1 0 Mar 23 14:41 a2.sh
-rw-rw-r-T 1 user1 user1 0 Mar 23 14:41 a3.sh
-rw-rw-r-T 1 user1 user1 0 Mar 23 14:41 a4.sh
# 验证
[[email protected] test]$ rm -rf /data/test/a3.sh
rm: cannot remove ‘/data/test/a3.sh’: Permission denied
[[email protected] ~]$ rm -rf /data/test/a3.sh
[[email protected] ~]$ ll /data/test/|grep "a3.sh"

user3增加附加组user1,同时要求user1不能访问/data/test目录及其下所有文件

[[email protected] test]$ sudo usermod -aG user1 user3
[[email protected] test]$ id user3
uid=2005(user3) gid=2005(user3) groups=2005(user3),2003(user1)

# 修改文件权限
[[email protected] ~]$ sudo su - user1
Last login: Tue Mar 23 14:54:33 CST 2021 on pts/0
[[email protected] ~]$ cd /data/test/
[[email protected] test]$ ll
total 0
-rw-rw-r--  1 user1 user1 0 Mar 23 14:41 a1.sh
-rw-rw-r--  1 user1 user1 0 Mar 23 14:41 a2.sh
-rw-rw-r-T+ 1 user1 user1 0 Mar 23 14:41 a3.sh
-rw-rw-r-T+ 1 user1 user1 0 Mar 23 14:41 a4.sh
[[email protected] ~]$ echo "beijing" > /data/test/a1.sh
-bash: /data/test/a1.sh: Permission denied
[[email protected] ~]$ getfacl /data/test/
getfacl: Removing leading '/' from absolute path names
# file: data/test/
# owner: user1
# group: user1
user::rwx
user:user1:---
user:user2:r-x
group::r-x
mask::r-x
other::r-x

[[email protected] ~]$ getfacl /data/test/*.sh
getfacl: Removing leading '/' from absolute path names
# file: data/test/a1.sh
# owner: user1
# group: user1
user::rw-
group::rw-
other::r--

# file: data/test/a2.sh
# owner: user1
# group: user1
user::rw-
group::rw-
other::r--

# file: data/test/a3.sh
# owner: user1
# group: user1
# flags: --t
user::rw-
user:user1:---
group::rw-
mask::rw-
other::r--

# file: data/test/a4.sh
# owner: user1
# group: user1
# flags: --t
user::rw-
user:user1:---
group::rw-
mask::rw-
other::r--

清理/data/test目录及其下所有文件的acl权限

[[email protected] ~]$ sudo chattr -i /data/test/a{1,2}.sh
[[email protected] ~]$ sudo lsattr /data/test/*.sh
---------------- /data/test/a1.sh
---------------- /data/test/a2.sh
[[email protected] ~]$ sudo setfacl -R -b /data/test
[[email protected] ~]$ sudo getfacl -R /data/test
getfacl: Removing leading '/' from absolute path names
# file: data/test
# owner: user1
# group: user1
user::rwx
group::r-x
other::r-x

# file: data/test/a1.sh
# owner: user1
# group: user1
user::rw-
group::rw-
other::r--

# file: data/test/a2.sh
# owner: user1
# group: user1
user::rw-
group::rw-
other::r--

# file: data/test/a4.sh
# owner: user1
# group: user1
# flags: --t
user::rw-
group::rw-
other::r--

# file: data/test/a3.sh
# owner: user1
# group: user1
# flags: --t
user::rw-
group::rw-
other::r--
2021-SRE # 检验用功的作业 Linux
上一篇: SpringMVC拦截器简介
下一篇: Linux相关知识的第八回合Linux相关知识的第八回合

继续阅读