Jerin RHCSA: Yadda ake Sarrafa Masu Amfani da Ƙungiyoyi a RHEL 7 - Sashe na 3

Sarrafa uwar garken RHEL 7, kamar yadda yake tare da kowane uwar garken Linux, zai buƙaci ku san yadda ake ƙarawa, gyara, dakatarwa, ko share asusun mai amfani, da baiwa masu amfani da mahimman izini ga fayiloli, kundayen adireshi, da sauran albarkatun tsarin. don aiwatar da ayyukan da aka ba su.

Gudanar da Asusun Mai amfani

Don ƙara sabon asusun mai amfani zuwa uwar garken RHEL 7, zaku iya gudanar da ɗayan umarni biyu masu zuwa azaman tushen:

# adduser [new_account]
# useradd [new_account]

Lokacin da aka ƙara sabon asusun mai amfani, ta tsohuwa ana aiwatar da ayyuka masu zuwa.

  1. An ƙirƙiri littafin littafin sa/ta (/gida/sunan mai amfanisai dai in an bayyana wani abu).
  2. Waɗannan .bash_logout, .bash_profile da .bashrc ana kwafi fayilolin ɓoye a cikin littafin gidan mai amfani, kuma za'a yi amfani dasu don samar da yanayi masu canji don zaman mai amfani da shi. Kuna iya bincika kowannensu don ƙarin cikakkun bayanai.
  3. An ƙirƙiri littafin adireshi na spool don ƙarin asusun mai amfani.
  4. An ƙirƙiri ƙungiya mai suna iri ɗaya da sabon asusun mai amfani.

Ana adana cikakken taƙaitaccen asusu a cikin fayil ɗin /etc/passwd. Wannan fayil ɗin yana riƙe da rikodin kowane asusun mai amfani da tsarin kuma yana da tsari mai zuwa (an raba filayen ta hanji):

[username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell]

  1. Wadannan filaye guda biyu [username] da [Comment] bayanin kansu ne.
  2. Na biyun da aka rubuta 'x' yana nuna cewa an adana asusun ta hanyar kalmar sirri mai inuwa (a cikin /etc/shadow), wacce ake amfani da ita don shiga a matsayin [username] .
  3. Filayen [UID] da [GID] lambobin lamba ne da ke nuna Identification User da Identity Primary Group Identification to which [username] nasa, daidai.

Daga karshe,

  1. The [Home directory] yana nuna cikakken wurin [username]'s kundin adireshin gida, da
  2. [Default shell] shine harsashi da aka yiwa wannan mai amfani lokacin da ya shiga cikin tsarin.

Wani muhimmin fayil da dole ne ka saba dashi shine /etc/group, inda ake adana bayanan rukuni. Kamar yadda lamarin yake tare da /etc/passwd, akwai rikodin guda ɗaya a kowane layi kuma filayensa suma ana iyakance su ta hanyar mallaka:

[Group name]:[Group password]:[GID]:[Group members]

ku,

  1. [Sunan rukuni] shine sunan rukuni.
  2. Shin wannan rukunin yana amfani da kalmar sirri ta rukuni? (An \x yana nufin a'a).
  3. [GID] : daidai da a cikin /etc/passwd.
  4. [Membobin Rukunin]: jerin masu amfani, waɗanda aka ware ta waƙafi, waɗanda su ne membobi na kowace ƙungiya.

Bayan ƙara wani asusu, a kowane lokaci, za ku iya shirya bayanan asusun mai amfani ta amfani da usermod, wanda ainihin ma'anarsa shine:

# usermod [options] [username]

Idan kuna aiki da kamfani wanda ke da wasu nau'ikan manufofin don ba da damar asusu na wani ɗan lokaci, ko kuma idan kuna son ba da dama ga ƙayyadaddun lokaci, kuna iya amfani da --expiredate Tuta yana biye da kwanan wata a cikin tsarin YYYY-MM-DD. Don tabbatar da cewa an yi amfani da canjin, zaku iya kwatanta abin da aka fitar

# chage -l [username]

kafin da bayan sabunta ranar ƙarewar asusun, kamar yadda aka nuna a hoto mai zuwa.

Bayan rukuni na farko wanda aka ƙirƙira lokacin da aka ƙara sabon asusun mai amfani a cikin tsarin, ana iya ƙara mai amfani zuwa ƙarin ƙungiyoyi ta amfani da zaɓin ƙungiyoyin-aG, ko –append – ƙungiyoyi, sannan jerin ƙungiyoyin waƙafi ke biyo baya.

Idan saboda wasu dalilai kuna buƙatar canza wurin tsoho na gidan gida na mai amfani (ban da/gida/sunan mai amfani), kuna buƙatar amfani da zaɓin -d, ko -gida, tare da cikakkiyar hanyar zuwa sabon kundin adireshin gida.

Idan mai amfani yana so ya yi amfani da wani harsashi ban da bash (misali, sh), wanda aka sanya shi ta tsohuwa, yi amfani da usermod tare da tutar –shell, sannan hanyar zuwa sabon harsashi.

Bayan ƙara mai amfani zuwa ƙarin ƙungiyar, zaku iya tabbatar da cewa a zahiri yana cikin waɗannan ƙungiyoyin:

# groups [username]
# id [username]

Hoton mai zuwa yana kwatanta Misalai 2 zuwa 4:

A cikin misalin da ke sama:

# usermod --append --groups gacanepa,users --home /tmp --shell /bin/sh tecmint

Don cire mai amfani daga ƙungiya, cire --append canza a cikin umarnin da ke sama sannan ka jera ƙungiyoyin da kake son mai amfani ya kasance cikin bin alamar --groups flag.

Don kashe asusu, kuna buƙatar amfani da ko dai -L (ƙananan L) ko zaɓin -lock don kulle kalmar sirrin mai amfani. Wannan zai hana mai amfani damar shiga.

Lokacin da kake buƙatar sake kunna mai amfani domin ya sake shiga uwar garken, yi amfani da zaɓi na -U ko -unlock don buɗe kalmar sirrin mai amfani da aka toshe a baya, kamar yadda aka bayyana a Misali na 5 a sama.

# usermod --unlock tecmint

Hoton da ke gaba yana kwatanta Misalai 5 da 6:

Don share ƙungiya, za ku so ku yi amfani da groupdel, yayin da don share asusun mai amfani za ku yi amfani da userdel (ƙara -r switch idan kuma kuna son share abubuwan da ke cikin kundin adireshi na gida da spool):

# groupdel [group_name]        # Delete a group
# userdel -r [user_name]       # Remove user_name from the system, along with his/her home directory and mail spool

Idan akwai fayiloli mallakar group_name, ba za a share su ba, amma za a saita mai rukunin zuwa GID na rukunin da aka goge.