<<<五-六单元练习>>>
1.新建用户组,shengchan,caiwu,jishu
[root@localhost ~]# groupadd shengchan
[root@localhost ~]# groupadd caiwu
[root@localhost ~]# groupadd jishu
2.新建用户要求如下:
* tom 是shengchan组的附加用户
* harry 是caiwu组的附加用户
* leo 是jishu组的附加用户
* 新建admin用户,此用户不属于以上提到的三个部门[root@localhost ~]# useradd -G shengchan tom
[root@localhost ~]# useradd -G caiwu harry
[root@localhost ~]# useradd -G jishu leo
[root@localhost ~]# useradd admin
3.新建目录要求如下:
* /pub目录为公共存储目录对所有用户可以读,写,执行,但用户只能删除属于自己的文件
* /sc 目录为生产部存储目录只能对生产部人员可以写入,
并且生产部人员所建立的文件都自动归属到shengchan组中
* /cw 目录为财务部存储目录只能对财务部人员可以写入,
并且财务部人员所建立的文件都自动归属到caiwu组中
* admin用户能用touch工具在/sc目录和/cw目录中任意建立文件,但不能删除文件。
[root@localhost ~]# mkdir /pub
[root@localhost ~]# chmod 1777 /pub/
[root@localhost ~]# mkdir /sc
[root@localhost ~]# chgrp shengchan /sc
[root@localhost ~]# ls -ld /sc
drwxr-xr-x. 2 root shengchan 6 10月 10 20:29 /sc
[root@localhost ~]# chmod 2770 /sc
[root@localhost ~]# mkdir /cw
[root@localhost ~]# chgrp caiwu /cw/
[root@localhost ~]# chmod 2770 /cw
[root@localhost ~]# whereis touch
touch: /usr/bin/touch /usr/share/man/man1/touch.1.gz /usr/share/man/man1p/touch.1p.gz
[root@localhost ~]# cp /usr/bin/touch /home/admin/
[root@localhost ~]# ls -ld /home/admin/touch
-rwxr-xr-x. 1 root root 62432 10月 10 20:37 /home/admin/touch
[root@localhost ~]# chmod u+s /home/admin/touch
[root@localhost ~]# su - adm
[admin@localhost ~]$ /home/admin/touch /sc/root
[admin@localhost ~]$ logout
[root@localhost ~]# cd /sc
[root@localhost sc]# ls
root ##创建成功
4.设定普通用户新建文件权限为"r--r-----"[root@localhost sc]# vim /etc/bashrc
[root@localhost sc]# vim /etc/profile
[root@localhost sc]# source /etc/bashrc
[root@localhost sc]# source /etc/profile
[root@localhost sc]# su - leo
[leo@localhost ~]$ umask
0226
[leo@localhost ~]$ touch file
[leo@localhost ~]$ ls -l ./file
-r--r-----. 1 leo leo 0 Oct 10 20:52 ./file
5.设定admin用户可以通过sudo自由建立新用户
[root@localhost sc]# visudo
root ALL=(ALL) ALL
admin ALL=(root) NOPASSWD: /usr/bin/touch
[root@localhost sc]# su - admin
[admin@localhost ~]$ sudo touch /root/file
[admin@localhost ~]$ touch /root/file1
touch: cannot touch ‘/root/file1’: Permission denied
<<<第九单元练习>>>
1.在desktop主机中建立用户westos,并设定其密码为westoslinux
[root@localhost ~]# useradd westos
[root@localhost ~]# passwd westos
Changing password for user westos.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
2.配置desktop中的sshd服务要求如下:
*)设定sshd服务只允许westos用户可以被访问使用
*)创建westos用户的key认证方式
*)设定westos用户只允许使用key认证方式,屏蔽其系统密码认证方式
[root@localhost ~]# vim /etc/ssh/sshd_config
更改:PermitRootLogin no
更改:AllowUsers westos
[root@localhost /]# systemctl restart sshd.service ##重起sshd服务
*)创建westos用户的key认证方式
[root@localhost /]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
2a:57:39:44:fc:07:14:bd:4a:4f:7f:15:12:50:35:ed root@localhost
The key's randomart image is:
+--[ RSA 2048]----+
| ...o+oooo.|
| .. . .. .o|
| .. . ....|
| . .o + E|
| S. = . .|
| o .. . . .|
| . o . |
| o |
| |
+-----------------+
[root@localhost /]# ls /root/.ssh/
authorized_keys id_rsa id_rsa.pub
[root@localhost /]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost /]# ssh [email protected]
Last failed login: Tue Oct 11 07:26:52 EDT 2016 from 172.25.254.10 on ssh:notty
There were 3 failed login attempts since the last successful login.
*)设定westos用户只允许使用key认证方式,屏蔽其系统密码认证方式
[root@localhost /]# vim /etc/ssh/sshd_config ##修改配置文件
PasswordAuthentication no ##屏蔽密码验证
[root@localhost /]# systemctl restart sshd.service ##重起系统服务
<<<第十二单元练习>>>
1.在server主机中把/etc目录打包压缩到/mnt中,名字为etc.tar.gz
2.复制server主机中的etc.tar.gz到desktop主机的/mnt中
3.同步server主机中的/etc中的所有文件到desktop主机中/mnt中,包含链接文件
1.在server主机中把/etc目录打包压缩到/mnt中,名字为etc.tar.gz
[root@localhost /]# tar -zcf /mnt/etc.tar.gz /etc
tar: Removing leading `/' from member names
[root@localhost /]# ls -all /mnt/etc.tar.gz
-rw--w--w-. 1 root root 8741910 10月 11 07:41 /mnt/etc.tar.gz
2.制server主机中的etc.tar.gz到desktop主机的/mnt中
[root@localhost /]# scp /mnt/etc.tar.gz [email protected]:/mnt/
The authenticity of host '172.25.254.11 (172.25.254.11)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.11' (ECDSA) to the list of known hosts.
[email protected]'s password:
etc.tar.gz 100% 8537KB 8.3MB/s 00:00
[root@localhost /]# ssh [email protected]
[email protected]'s password:
Last login: Tue Oct 11 07:12:26 2016 from 172.25.254.98
[root@localhost ~]# cd /mnt/
[root@localhost mnt]# ls
etc.tar.gz
[root@localhost mnt]# logout
Connection to 172.25.254.11 closed.
3.同步server主机中的/etc中的所有文件到desktop主机中/mnt中,包含链接文件
[root@localhost /]# rsync -lr /etc/ [email protected]:/mnt
[email protected]'s password:
[root@localhost /]# ssh [email protected]
[email protected]'s password:
Last login: Tue Oct 11 07:49:38 2016 from 172.25.254.10
[root@localhost ~]# cd /mnt/
[root@localhost mnt]# ls -all
total 9960