# 1. 查看当前用户
# whoami
root

# 2. 查看当前登录用户
# who
root tty1 2026-04-02 10:00
root pts/0 2026-04-02 10:01 (192.168.1.100)

# 3. 查看用户详细信息
# id
uid=0(root) gid=0(root) groups=0(root)

# 4. 查看所有用户
# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
systemd-coredump:x:999:997:systemd Core Dumper:/:/usr/sbin/nologin
systemd-resolve:x:998:996:systemd Resolver:/:/usr/sbin/nologin
polkitd:x:997:995:PolicyKit Daemon:/:/usr/sbin/nologin
sshd:x:996:994:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

# 5. 查看所有用户组
# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
wheel:x:10:
users:x:100:

# 1. 创建测试目录
# mkdir -p /data/test
# mkdir -p /data/test/project1
# mkdir -p /data/test/project2
# mkdir -p /data/test/shared

# 2. 创建测试文件
# echo “Project 1 data” > /data/test/project1/file1.txt
# echo “Project 2 data” > /data/test/project2/file2.txt
# echo “Shared data” > /data/test/shared/file3.txt

# 3. 查看目录结构
# tree /data/test
/data/test
├── project1
│ └── file1.txt
├── project2
│ └── file2.txt
└── shared
└── file3.txt

3 directories, 3 files

# 4. 查看文件权限
# ls -la /data/test/
total 20
drwxr-xr-x. 5 root root 4096 Apr 2 12:00 .
drwxr-xr-x. 3 root root 4096 Apr 2 12:00 ..
drwxr-xr-x. 2 root root 4096 Apr 2 12:00 project1
drwxr-xr-x. 2 root root 4096 Apr 2 12:00 project2
drwxr-xr-x. 2 root root 4096 Apr 2 12:00 shared

# 1. 创建用户组
# groupadd devteam
# groupadd qa
# groupadd ops

# 2. 查看创建的用户组
# grep -E “devteam|qa|ops” /etc/group
devteam:x:1001:
qa:x:1002:
ops:x:1003:

# 3. 创建用户并指定主组
# useradd -g devteam -m -s /bin/bash developer1
# useradd -g devteam -m -s /bin/bash developer2
# useradd -g qa -m -s /bin/bash qa1
# useradd -g ops -m -s /bin/bash ops1

# 4. 查看创建的用户
# grep -E “developer1|developer2|qa1|ops1” /etc/passwd
developer1:x:1001:1001::/home/developer1:/bin/bash
developer2:x:1002:1001::/home/developer2:/bin/bash
qa1:x:1003:1002::/home/qa1:/bin/bash
ops1:x:1004:1003::/home/ops1:/bin/bash

# 5. 为用户设置密码
# echo “dev1pass123” | passwd –stdin developer1
Changing password for user developer1.
passwd: all authentication tokens updated successfully.

# echo “dev2pass123” | passwd –stdin developer2
Changing password for user developer2.
passwd: all authentication tokens updated successfully.

# echo “qa1pass123” | passwd –stdin qa1
Changing password for user qa1.
passwd: all authentication tokens updated successfully.

# echo “ops1pass123” | passwd –stdin ops1
Changing password for user ops1.
passwd: all authentication tokens updated successfully.

# 6. 将用户添加到附加组
# usermod -aG qa developer1
# usermod -aG ops developer2
# usermod -aG devteam ops1

# 7. 查看用户组信息
# groups developer1
developer1 : devteam qa

# groups developer2
developer2 : devteam ops

# groups qa1
qa1 : qa

# groups ops1
ops1 : ops devteam

# 1. 设置项目目录的所有者和组
# chown developer1:devteam /data/test/project1
# chown developer2:devteam /data/test/project2
# chown ops1:ops /data/test/shared

# 2. 设置目录权限
# chmod 750 /data/test/project1
# chmod 750 /data/test/project2
# chmod 770 /data/test/shared

# 3. 查看权限设置
# ls -la /data/test/
total 20
drwxr-xr-x. 5 root root 4096 Apr 2 12:00 .
drwxr-xr-x. 3 root root 4096 Apr 2 12:00 ..
drwxr-x—. 2 developer1 devteam 4096 Apr 2 12:00 project1
drwxr-x—. 2 developer2 devteam 4096 Apr 2 12:00 project2
drwxrwx—. 2 ops1 ops 4096 Apr 2 12:00 shared

# 4. 为共享目录设置SGID权限
# chmod g+s /data/test/shared

# 5. 查看SGID权限
# ls -la /data/test/
total 20
drwxr-xr-x. 5 root root 4096 Apr 2 12:00 .
drwxr-xr-x. 3 root root 4096 Apr 2 12:00 ..
drwxr-x—. 2 developer1 devteam 4096 Apr 2 12:00 project1
drwxr-x—. 2 developer2 devteam 4096 Apr 2 12:00 project2
drwxrws—. 2 ops1 ops 4096 Apr 2 12:00 shared

# 6. 为QA组添加共享目录的访问权限
# setfacl -m g:qa:rwx /data/test/shared

# 7. 查看ACL权限
# getfacl /data/test/shared
# file: data/test/shared
# owner: ops1
# group: ops
# flags: s-
user::rwx
group::rwx
group:qa:rwx
mask::rwx
other::—

# 1. 切换到developer1用户
# su – developer1
$ whoami
developer1

$ pwd
/home/developer1

# 2. 尝试访问project1目录
$ cd /data/test/project1
$ ls -la
total 4
-rw-r–r–. 1 root root 14 Apr 2 12:00 file1.txt

# 3. 尝试修改文件
$ echo “Modified by developer1” >> file1.txt
$ cat file1.txt
Project 1 data
Modified by developer1

# 4. 尝试访问project2目录
$ cd /data/test/project2
-bash: cd: /data/test/project2: Permission denied

# 5. 尝试访问共享目录
$ cd /data/test/shared
$ ls -la
total 4
-rw-r–r–. 1 root root 11 Apr 2 12:00 file3.txt

# 6. 在共享目录创建文件
$ echo “Created by developer1” > shared_file.txt
$ ls -la
total 8
-rw-r–r–. 1 root root 11 Apr 2 12:00 file3.txt
-rw-r–r–. 1 developer1 devteam 23 Apr 2 12:00 shared_file.txt

# 7. 退出developer1用户
$ exit
logout

# 8. 切换到qa1用户
# su – qa1
$ whoami
qa1

# 9. 尝试访问共享目录
$ cd /data/test/shared
$ ls -la
total 8
-rw-r–r–. 1 root root 11 Apr 2 12:00 file3.txt
-rw-r–r–. 1 developer1 devteam 23 Apr 2 12:00 shared_file.txt

# 10. 在共享目录创建文件
$ echo “Created by qa1” > qa_file.txt
$ ls -la
total 12
-rw-r–r–. 1 root root 11 Apr 2 12:00 file3.txt
-rw-r–r–. 1 developer1 devteam 23 Apr 2 12:00 shared_file.txt
-rw-r–r–. 1 qa1 qa 17 Apr 2 12:00 qa_file.txt

# 11. 退出qa1用户
$ exit
logout

# 1. 查看用户详细信息
# finger developer1
Login: developer1 Name:
Directory: /home/developer1 Shell: /bin/bash
On since Wed Apr 2 12:00 (CST) on pts/0 from 192.168.1.100
No mail.
No Plan.

# 2. 修改用户信息
# usermod -c “Developer 1” developer1
# usermod -s /bin/zsh developer1

# 3. 查看修改后的用户信息
# grep developer1 /etc/passwd
developer1:x:1001:1001:Developer 1:/home/developer1:/bin/zsh

# 4. 锁定用户账户
# passwd -l developer1
Locking password for user developer1.
passwd: Success

# 5. 查看用户密码状态
# passwd -S developer1
developer1 LK 2026-04-02 0 99999 7 -1 (Password locked.)

# 6. 解锁用户账户
# passwd -u developer1
Unlocking password for user developer1.
passwd: Success

# 7. 设置用户密码过期
# chage -M 90 developer1
# chage -l developer1
Last password change : Apr 02, 2026
Password expires : Jul 01, 2026
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 90
Number of days of warning before password expires : 7

# 8. 设置账户过期时间
# chage -E “2026-12-31” developer1
# chage -l developer1 | grep “Account expires”
Account expires : Dec 31, 2026

# 1. 创建用户列表文件
# cat > /tmp/users.txt << 'EOF' john:devteam:John Smith jane:devteam:Jane Doe mike:qa:Mike Johnson sarah:qa:Sarah Williams tom:ops:Tom Brown EOF # 2. 查看用户列表 # cat /tmp/users.txt john:devteam:John Smith jane:devteam:Jane Doe mike:qa:Mike Johnson sarah:qa:Sarah Williams tom:ops:Tom Brown # 3. 创建批量用户创建脚本 # cat > /tmp/create_users.sh << 'EOF' #!/bin/bash # 批量用户创建脚本 # 作者：fgedu # 日期：2026-04-02 USER_FILE="/tmp/users.txt" LOG_FILE="/tmp/user_creation.log" # 创建日志函数 log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE" } # 检查用户文件是否存在 if [ ! -f "$USER_FILE" ]; then log "错误：用户文件 $USER_FILE 不存在" exit 1 fi # 开始创建用户 log "==========================================" log "开始批量创建用户" log "==========================================" # 读取用户文件 while IFS=':' read -r username group comment; do # 跳过空行和注释 [ -z "$username" ] && continue [[ "$username" =~ ^#.* ]] && continue log "处理用户：$username" # 检查用户是否已存在 if id "$username" &>/dev/null; then
log “警告：用户 $username 已存在，跳过”
continue
fi

# 检查用户组是否存在
if ! grep -q “^${group}:” /etc/group; then
log “创建用户组：$group”
groupadd “$group” 2>> “$LOG_FILE”
if [ $? -ne 0 ]; then
log “错误：无法创建用户组 $group”
continue
fi
fi

# 创建用户
log “创建用户：$username”
useradd -g “$group” -c “$comment” -m “$username” 2>> “$LOG_FILE”

# 检查用户创建是否成功
if [ $? -eq 0 ]; then
# 设置默认密码
default_pass=”${username}@123″
echo “$default_pass” | passwd –stdin “$username” &>> “$LOG_FILE”

# 强制用户首次登录时修改密码
chage -d 0 “$username” 2>> “$LOG_FILE”

log “用户 $username 创建成功，默认密码：$default_pass”
else
log “错误：无法创建用户 $username”
fi
done < "$USER_FILE" # 完成创建 log "==========================================" log "批量用户创建完成" log "==========================================" # 显示创建的用户列表 log "创建的用户列表：" tail -n +1 /etc/passwd | grep -E "$(awk -F: '{print $1}' "$USER_FILE" | tr '\n' '|')" | cut -d: -f1,5 exit 0 EOF # 4. 设置脚本执行权限 # chmod +x /tmp/create_users.sh # 5. 执行批量用户创建脚本 # /tmp/create_users.sh ========================================== 开始批量创建用户 ========================================== 处理用户：john 创建用户：john 用户 john 创建成功，默认密码：john@123 处理用户：jane 创建用户：jane 用户 jane 创建成功，默认密码：jane@123 处理用户：mike 创建用户：mike 用户 mike 创建成功，默认密码：mike@123 处理用户：sarah 创建用户：sarah 用户 sarah 创建成功，默认密码：sarah@123 处理用户：tom 创建用户：tom 用户 tom 创建成功，默认密码：tom@123 ========================================== 批量用户创建完成 ========================================== 创建的用户列表： john:John Smith jane:Jane Doe mike:Mike Johnson sarah:Sarah Williams tom:Tom Brown # 6. 查看创建的用户 # grep -E "john|jane|mike|sarah|tom" /etc/passwd john:x:1005:1001:John Smith:/home/john:/bin/bash jane:x:1006:1001:Jane Doe:/home/jane:/bin/bash mike:x:1007:1002:Mike Johnson:/home/mike:/bin/bash sarah:x:1008:1002:Sarah Williams:/home/sarah:/bin/bash tom:x:1009:1003:Tom Brown:/home/tom:/bin/bash

# 1. 创建项目目录结构
# mkdir -p /projects/{web,database,logs}
# mkdir -p /projects/web/{frontend,backend}
# mkdir -p /projects/database/{mysql,redis}
# mkdir -p /projects/logs/{app,system}

# 2. 查看目录结构
# tree /projects
/projects
├── web
│ ├── frontend
│ └── backend
├── database
│ ├── mysql
│ └── redis
└── logs
├── app
└── system

8 directories, 0 files

# 3. 设置web目录权限
# chown -R john:devteam /projects/web
# chmod -R 750 /projects/web

# 4. 设置database目录权限
# chown -R mike:qa /projects/database
# chmod -R 750 /projects/database

# 5. 设置logs目录权限
# chown -R tom:ops /projects/logs
# chmod -R 770 /projects/logs

# 6. 为devteam组添加logs目录的读取权限
# setfacl -R -m g:devteam:rx /projects/logs

# 7. 查看权限设置
# ls -la /projects/
total 20
drwxr-xr-x. 5 root root 4096 Apr 2 12:00 .
drwxr-xr-x. 3 root root 4096 Apr 2 12:00 ..
drwxr-x—. 4 mike qa 4096 Apr 2 12:00 database
drwxrwx—. 2 tom ops 4096 Apr 2 12:00 logs
drwxr-x—. 4 john devteam 4096 Apr 2 12:00 web

# 8. 查看ACL权限
# getfacl /projects/logs
# file: projects/logs
# owner: tom
# group: ops
user::rwx
group::rwx
group:devteam:r-x
mask::rwx
other::—

# 9. 为logs目录设置SGID权限
# chmod g+s /projects/logs

# 10. 验证SGID权限
# ls -la /projects/logs/
total 8
drwxrws—+ 2 tom ops 4096 Apr 2 12:00 app
drwxrws—+ 2 tom ops 4096 Apr 2 12:00 system

# 1. 查看所有用户
# awk -F: ‘{print $1}’ /etc/passwd | sort
adm
bin
daemon
developer1
developer2
halt
john
jane
lp
mail
mike
nobody
operator
ops1
polkitd
qa1
root
sarah
shutdown
sshd
sync
systemd-coredump
systemd-resolve
tom

# 2. 查看所有用户组
# awk -F: ‘{print $1}’ /etc/group | sort
adm
bin
daemon
devteam
disk
games
input
kmem
lp
mail
man
mem
network
ops
qa
root
shadow
sys
tape
tty
users
video
wheel

# 3. 查看用户组成员
# for group in devteam qa ops; do echo “=== $group ===”; grep “^$group:” /etc/group; done
=== devteam ===
devteam:x:1001:developer1,developer2,john,jane,ops1
=== qa ===
qa:x:1002:qa1,developer1,mike,sarah
=== ops ===
ops:x:1003:ops1,developer2,tom

# 4. 查找没有密码的用户
# awk -F: ‘($2 == “” || $2 == “*” || $2 == “!”) {print $1}’ /etc/shadow
bin
daemon
adm
lp
mail
operator
games
ftp
nobody
systemd-coredump
systemd-resolve
polkitd
sshd

# 5. 查找UID为0的用户（除了root）
# awk -F: ‘($3 == 0) {print $1}’ /etc/passwd
root

# 6. 查找有sudo权限的用户
# grep -E “^%wheel|^%admin” /etc/sudoers
%wheel ALL=(ALL) ALL

# 7. 查看wheel组成员
# grep “^wheel:” /etc/group
wheel:x:10:

# 8. 查看用户登录Shell
# awk -F: ‘($7 != “/sbin/nologin” && $7 != “/bin/false”) {print $1 ” – ” $7}’ /etc/passwd
root – /bin/bash
developer1 – /bin/zsh
developer2 – /bin/bash
qa1 – /bin/bash
ops1 – /bin/bash
john – /bin/bash
jane – /bin/bash
mike – /bin/bash
sarah – /bin/bash
tom – /bin/bash

# 9. 查看用户家目录
# awk -F: ‘($7 != “/sbin/nologin” && $7 != “/bin/false”) {print $1 ” – ” $6}’ /etc/passwd
root – /root
developer1 – /home/developer1
developer2 – /home/developer2
qa1 – /home/qa1
ops1 – /home/ops1
john – /home/john
jane – /home/jane
mike – /home/mike
sarah – /home/sarah
tom – /home/tom