리눅스 사용자 관리하기

Posted on: 2018년 09월 13일 2018년 09월 13일
Categories: 강의자료, 리눅스

root 권한 획득하는 명령 예
1. sudo apt-get update
2. sudo apt-get upgrade
3. sudo shutdown -h now
4. sudo reboot

사용자 계정 관리

사용자 계정 추가
1. useradd guest1
2. useradd -m guest2
3. useradd -p ‘openssl passwd 1234‘ -g grp2019 -m a200012345
  <– ‘ 대신 TAB위의 문자 써야 함(이 홈페이지에는 그 문자가 출력이 안되서 ‘ 로 표기했음)
4. /home에 홈디렉터로 생성
사용자 암호 변경
1. passwd guest1
사용자 계정 삭제
1. userdel guest1
2. rm -rf /home/guest1
3. userdel -r guest1 : 홈디렉터리까지 같이 제거

사용자 계정 확인

cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
whan:x:1000:1000:whan,,,:/home/whan:/bin/bash
sshd:x:122:65534::/run/sshd:/usr/sbin/nologin
gildong:x:1001:1001::/home/gildong:/bin/sh
xrdp:x:123:127::/var/run/xrdp:/usr/sbin/nologin

root:x:0:0:root:/root:/bin/bash

daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin

bin:x:2:2:bin:/bin:/usr/sbin/nologin

sys:x:3:3:sys:/dev:/usr/sbin/nologin

sync:x:4:65534:sync:/bin:/bin/sync

games:x:5:60:games:/usr/games:/usr/sbin/nologin

backup:x:34:34:backup:/var/backups:/usr/sbin/nologin

nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

whan:x:1000:1000:whan,,,:/home/whan:/bin/bash

sshd:x:122:65534::/run/sshd:/usr/sbin/nologin

gildong:x:1001:1001::/home/gildong:/bin/sh

xrdp:x:123:127::/var/run/xrdp:/usr/sbin/nologin

계정이름:x:UID:GID:설명:홈디렉터리:쉘
암호는 /etc/shadow에 별도 저장

cat /etc/shadow

root:$6$fQznzNPAcZTTPwcsKStkHH5U81:17781:0:99999:7:::
daemon:*:17737:0:99999:7:::
bin:*:17737:0:99999:7:::
sys:*:17737:0:99999:7:::
gnome-initial-setup:*:17737:0:99999:7:::
gdm:*:17737:0:99999:7:::
whan:$6$LlW7sKX3GyEWmsGjA/gZuRF8M0:17779:0:99999:7:::
sshd:*:17780:0:99999:7:::
gildong:$6$/Owy9AgHFQq2QX6x9H4vyW.:17782:0:99999:7:::
xrdp:!:17783:0:99999:7:::

root:$6$fQznzNPAcZTTPwcsKStkHH5U81:17781:0:99999:7:::

daemon:*:17737:0:99999:7:::

bin:*:17737:0:99999:7:::

sys:*:17737:0:99999:7:::

gnome-initial-setup:*:17737:0:99999:7:::

gdm:*:17737:0:99999:7:::

whan:$6$LlW7sKX3GyEWmsGjA/gZuRF8M0:17779:0:99999:7:::

sshd:*:17780:0:99999:7:::

gildong:$6$/Owy9AgHFQq2QX6x9H4vyW.:17782:0:99999:7:::

xrdp:!:17783:0:99999:7:::

계정이름:암호:…

cat /etc/group

root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog,whan
tty:x:5:
cdrom:x:24:whan
floppy:x:25:
sudo:x:27:whan
audio:x:29:pulse
dip:x:30:whan
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
shadow:x:42:
plugdev:x:46:whan
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
gdm:x:125:
whan:x:1000:
sambashare:x:126:whan
gildong:x:1001:
xrdp:x:127:

root:x:0:

daemon:x:1:

bin:x:2:

sys:x:3:

adm:x:4:syslog,whan

tty:x:5:

cdrom:x:24:whan

floppy:x:25:

sudo:x:27:whan

audio:x:29:pulse

dip:x:30:whan

www-data:x:33:

backup:x:34:

operator:x:37:

list:x:38:

shadow:x:42:

plugdev:x:46:whan

staff:x:50:

games:x:60:

users:x:100:

nogroup:x:65534:

gdm:x:125:

whan:x:1000:

sambashare:x:126:whan

gildong:x:1001:

xrdp:x:127:

그룹이름:x:GID:계정1,계정2,…
GID
1. 0 : root 그룹
2. 1~999 : 시스템 그룹
3. 1000~ : 사용자 그룹

sudo 권한 부여하기

sudo usermod -a -G sudo guest1

cat /etc/sudoers : sudoers 확인

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification
# User alias specification
# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d

Defaults env_reset

Defaults mail_badpass

Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification

root ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges

%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command

%sudo ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

root 계정과 admin, sudo 그룹에 속한 계정만 sudo 사용가능

whan0623

517