<<<五-六單元練習>>>
1.新建用戶組,shengchan,caiwu,jishu
[root@localhost ~]# groupadd shengchan
[root@localhost ~]# groupadd caiwu
[root@localhost ~]# groupadd jishu
2.新建用戶要求如下:
* tom 是shengchan組的附加用戶
* harry 是caiwu組的附加用戶
* leo 是jishu組的附加用戶
* 新建admin用戶,此用戶不屬於以上提到的三個部門[root@localhost ~]# useradd -G shengchan tom
[root@localhost ~]# useradd -G caiwu harry
[root@localhost ~]# useradd -G jishu leo
[root@localhost ~]# useradd admin
3.新建目錄要求如下:
* /pub目錄爲公共存儲目錄對所有用戶可以讀,寫,執行,但用戶只能刪除屬於自己的文件
* /sc 目錄爲生產部存儲目錄只能對生產部人員可以寫入,
並且生產部人員所建立的文件都自動歸屬到shengchan組中
* /cw 目錄爲財務部存儲目錄只能對財務部人員可以寫入,
並且財務部人員所建立的文件都自動歸屬到caiwu組中
* admin用戶能用touch工具在/sc目錄和/cw目錄中任意建立文件,但不能刪除文件。
[root@localhost ~]# mkdir /pub
[root@localhost ~]# chmod 1777 /pub/
[root@localhost ~]# mkdir /sc
[root@localhost ~]# chgrp shengchan /sc
[root@localhost ~]# ls -ld /sc
drwxr-xr-x. 2 root shengchan 6 10月 10 20:29 /sc
[root@localhost ~]# chmod 2770 /sc
[root@localhost ~]# mkdir /cw
[root@localhost ~]# chgrp caiwu /cw/
[root@localhost ~]# chmod 2770 /cw
[root@localhost ~]# whereis touch
touch: /usr/bin/touch /usr/share/man/man1/touch.1.gz /usr/share/man/man1p/touch.1p.gz
[root@localhost ~]# cp /usr/bin/touch /home/admin/
[root@localhost ~]# ls -ld /home/admin/touch
-rwxr-xr-x. 1 root root 62432 10月 10 20:37 /home/admin/touch
[root@localhost ~]# chmod u+s /home/admin/touch
[root@localhost ~]# su - adm
[admin@localhost ~]$ /home/admin/touch /sc/root
[admin@localhost ~]$ logout
[root@localhost ~]# cd /sc
[root@localhost sc]# ls
root ##創建成功
4.設定普通用戶新建文件權限爲"r--r-----"[root@localhost sc]# vim /etc/bashrc
[root@localhost sc]# vim /etc/profile
[root@localhost sc]# source /etc/bashrc
[root@localhost sc]# source /etc/profile
[root@localhost sc]# su - leo
[leo@localhost ~]$ umask
0226
[leo@localhost ~]$ touch file
[leo@localhost ~]$ ls -l ./file
-r--r-----. 1 leo leo 0 Oct 10 20:52 ./file
5.設定admin用戶可以通過sudo自由建立新用戶
[root@localhost sc]# visudo
root ALL=(ALL) ALL
admin ALL=(root) NOPASSWD: /usr/bin/touch
[root@localhost sc]# su - admin
[admin@localhost ~]$ sudo touch /root/file
[admin@localhost ~]$ touch /root/file1
touch: cannot touch ‘/root/file1’: Permission denied
<<<第九單元練習>>>
1.在desktop主機中建立用戶westos,並設定其密碼爲westoslinux
[root@localhost ~]# useradd westos
[root@localhost ~]# passwd westos
Changing password for user westos.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
2.配置desktop中的sshd服務要求如下:
*)設定sshd服務只允許westos用戶可以被訪問使用
*)創建westos用戶的key認證方式
*)設定westos用戶只允許使用key認證方式,屏蔽其系統密碼認證方式
[root@localhost ~]# vim /etc/ssh/sshd_config
更改:PermitRootLogin no
更改:AllowUsers westos
[root@localhost /]# systemctl restart sshd.service ##重起sshd服務
*)創建westos用戶的key認證方式
[root@localhost /]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
2a:57:39:44:fc:07:14:bd:4a:4f:7f:15:12:50:35:ed root@localhost
The key's randomart image is:
+--[ RSA 2048]----+
| ...o+oooo.|
| .. . .. .o|
| .. . ....|
| . .o + E|
| S. = . .|
| o .. . . .|
| . o . |
| o |
| |
+-----------------+
[root@localhost /]# ls /root/.ssh/
authorized_keys id_rsa id_rsa.pub
[root@localhost /]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost /]# ssh [email protected]
Last failed login: Tue Oct 11 07:26:52 EDT 2016 from 172.25.254.10 on ssh:notty
There were 3 failed login attempts since the last successful login.
*)設定westos用戶只允許使用key認證方式,屏蔽其系統密碼認證方式
[root@localhost /]# vim /etc/ssh/sshd_config ##修改配置文件
PasswordAuthentication no ##屏蔽密碼驗證
[root@localhost /]# systemctl restart sshd.service ##重起系統服務
<<<第十二單元練習>>>
1.在server主機中把/etc目錄打包壓縮到/mnt中,名字爲etc.tar.gz
2.複製server主機中的etc.tar.gz到desktop主機的/mnt中
3.同步server主機中的/etc中的所有文件到desktop主機中/mnt中,包含鏈接文件
1.在server主機中把/etc目錄打包壓縮到/mnt中,名字爲etc.tar.gz
[root@localhost /]# tar -zcf /mnt/etc.tar.gz /etc
tar: Removing leading `/' from member names
[root@localhost /]# ls -all /mnt/etc.tar.gz
-rw--w--w-. 1 root root 8741910 10月 11 07:41 /mnt/etc.tar.gz
2.制server主機中的etc.tar.gz到desktop主機的/mnt中
[root@localhost /]# scp /mnt/etc.tar.gz [email protected]:/mnt/
The authenticity of host '172.25.254.11 (172.25.254.11)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.11' (ECDSA) to the list of known hosts.
[email protected]'s password:
etc.tar.gz 100% 8537KB 8.3MB/s 00:00
[root@localhost /]# ssh [email protected]
[email protected]'s password:
Last login: Tue Oct 11 07:12:26 2016 from 172.25.254.98
[root@localhost ~]# cd /mnt/
[root@localhost mnt]# ls
etc.tar.gz
[root@localhost mnt]# logout
Connection to 172.25.254.11 closed.
3.同步server主機中的/etc中的所有文件到desktop主機中/mnt中,包含鏈接文件
[root@localhost /]# rsync -lr /etc/ [email protected]:/mnt
[email protected]'s password:
[root@localhost /]# ssh [email protected]
[email protected]'s password:
Last login: Tue Oct 11 07:49:38 2016 from 172.25.254.10
[root@localhost ~]# cd /mnt/
[root@localhost mnt]# ls -all
total 9960