day60:Linux compression and packaging & User Management & user authorization sudo&grep,sed,awk,sort,uniq

catalogue

1. File management - compression and packaging

2. User management

  How do users check

  How to create a user

  Where is the created user information stored?

  The file in which the user stores the password

  How to set a password for a user?

3. User group

4. User rights

5.Extra: additional supplement

File management - compression and packaging

There are two formats of compressed package: zip and tar gz

1. What is a compressed package?

A compressed package is a special file that integrates multiple files and directories into one file.

2. Why use compressed packages?

1. Easy transmission

2. The compressed volume will become smaller

3. What are the tools for packaging and compression

Windows and tar: zip

linux: zip and tar gz

4. How to implement the compressed package?

1.gzip: for files only

gzip /etc/yum.repo.d/CentOS-Base.repo  # Compressed, the original file is missing

zcat  /etc/yum.repo.d/CentOS-Base.repo.gz # see

gzip -d /etc/yum.repo.d/CentOS-Base.repo.gz # decompression

2.zip: for files and directories

yum install zip -y # Install it zip

zip -r yum_local.zip  /etc/yum.repo.d # compress

yum install unzip -y # Install it unzip

unzip yum_local.zip -d /opt # Unzip to/opt

3.tar.gz

'''
c:establish
z:Compression type
f:Specify file name
x:Automatically identify file types
'''

tar czf etc.tar.gz /etc /home/ # compress

tar xf etc.tar.gz # decompression

tar xf etc.tar.gz -C /mnt/ /# Specify extract to/mnt/catalogue

user management

1. What are users?

It refers to the ability to log in to the operating system normally

2. Why should there be users?

1. When the process is running, it needs to rely on the identity of a specific user to run normally

2. The server may have multiple users. The root permission is too large, and some ordinary users need to be created

3. User classification

Type name ID number
Super administrator {root} 0
System user 1 ~ 999 <-- User used for normal operation of the system [system user | virtual user]
Ordinary users: 1000+ <-- Users who can log in the system normally [ordinary users]

How a process can access a file and directory depends on whether the "user identity" of the process has corresponding permissions on the file or directory.

4. How do users check

id root # see root User information
'''uid=0(root) gid=0(root) group=0(root)'''

5. How to create a user

useradd oldboy # Create user
id oldboy # see oldboy User information
'''uid=1001(oldboy) gid=1001(oldboy) group=1001(oldboy)'''

6. Where is the created user information stored?

User information is stored with colon as separator, with a total of 7 columns

cat /etc/passwd # View all user information
root:x:0:0:root:/root:/bin/bash
oldboy:x:1001:1001::home/oldboy:/bin/bash

The user information is stored with colon as the name separator, with a total of 7 columns

Column 1: users

The second column: password placeholder. The password is stored in / etc/shadow

Column 3: user's UID

Column 4: GID of the user

Column 5: description information commit

Column 6: user's home directory

Column 7: bash type of user login

7. User password storage file

cat /etc/shadow

8. Learn more about some parameters for creating users

-u: Specifies the UID of the user

-g: Specify the basic group of the user (if not specified, a group with the same name as the user is created by default)

-G: Specify additional group (Godfather)

-c: Specify annotation information

-s: Specify the bash type of login. The default is / bin/bash

-r: Specify system user

-M: Do not create user's home directory

Example 1

#1.establish oldboyedu Users, UID5001,Basic group students,Additional group sa Annotation information:2019 new student,land shell:/bin/bash
[root@oldboy-pythonedu ~]# groupadd students
[root@oldboy-pythonedu ~]# groupadd sa
[root@oldboy-pythonedu ~]# useradd oldboyedu -u 5001 -g students -G sa -c "2020 new student" -s /bin/bash

Example 2

#2.establish mysql System users,-M Do not create user home directory -s appoint nologin Make its users unable to log in to the system
[root@oldboy-pythonedu ~]# useradd mysql -r  -M -s /sbin/nologin 

9. How to set the password for the user?

  1. Simple: easy to crack

  2. Complex: bad memory

Recommended password tool: lastpass -- > windows MAC Android IOS

How to set the password

# interactive:  
passwd [username]

# Non interactive:
[root@oldboy-pythonedu ~]# echo "12" | passwd --stdin root   #Fixed password 
[root@oldboy-pythonedu ~]# echo $RANDOM | md5sum  | cut -c 2-10 | tee 1.txt |passwd --stdin root # Random password

Create users in batches and set random passwords

[root@oldboy-pythonedu ~]# cat useradd_2.sh 
        #!/usr/bin/bash


        read -p "Please enter the name of the user you want to create: " User
        read -p "Please enter the number of users you want to create: " Number


        #1.How to batch create users
        for i in $(seq $Number)
        do
            user_name=$User-$i
            pass=$(echo $RANDOM | md5sum  | cut -c 2-10)
            
            # Determine whether the user exists,If present, do not create
            id $user_name &>/dev/null
            if [ $? -eq 0 ];then
                continue
            else
                # Create user
                useradd $user_name 
                # Set password
                echo "$pass" | passwd --stdin $user_name &>/dev/null
                echo "Username: $user_name  Password: $pass ok.."
                echo "Username: $user_name  Password: $pass ok.." >> user_password.txt
            fi 
        done

delete user

userdel -r old-23 # delete user
'''Not recommended-r: Because in many cases, there are many software and configuration files in the user's home directory'''

User group

1. Basic concept of group

Easy to manage

2. Classification of groups

Primary group (Group): when creating a user, if the primary group is not specified, a group with the same name will be created by default

Additional group: when creating a user, you can specify the additional group I want to join. At this time, the user can have the permission of the additional group

There can only be one primary group and many additional groups

3. Create a group

-g: Specify gid. If it is not specified by default, it starts from 1000 +

groupadd -g 5005 devops

4. Delete group

groupdel devops
groupdel students
userdel -r oldboyedu
groupdel students

User rights related

1.su switch identity

# You need to know the user's password before you can switch
su -root  # input root Password for

Question:

  1. Do not want to give the development root permission, which is easy to cause failure

  2. No development permission is given. Some tasks require root permission

2.sudo rights

1. Quickly assign sudo permissions to users

usermod -G wheel oldxu # Add user to group
echo "123" | passwd --stdin oldxu # Set password for user

2. Verify permissions

yum install wget -y # You need root Permission to execute this command
sudo yum install wget -y # 

3. Assign different permissions to different users

Requirements: assign some permissions to the company's operation and maintenance department and some permissions to the development department

yum install wget -y # You need root Permission to execute this command
sudo yum install wget -y # 

1. Define group name (virtual in sudo)

User_Alias DEV = kaifa1,kaifa2
User_Alias OPS = ops1,ops2

2. Define permissions

Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable

## Storage
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount


## Processes
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

3. Bind user groups to permissions

root    ALL=(ALL)       NOPASSWD:ALL  #All commands can be executed,And no password is required
DEV     ALL=(ALL)       NETWORKING,SOFTWARE,SERVICES
OPS     ALL=(ALL)       NETWORKING,SOFTWARE,SERVICES,PROCESSES,STORAGE

4. Create user and set password

[root@oldboy-pythonedu ~]# useradd kaifa1
[root@oldboy-pythonedu ~]# useradd kaifa2
[root@oldboy-pythonedu ~]# useradd ops1
[root@oldboy-pythonedu ~]# useradd ops2
[root@oldboy-pythonedu ~]# echo "1" | passwd --stdin kaifa1
[root@oldboy-pythonedu ~]# echo "1" | passwd --stdin kaifa2
[root@oldboy-pythonedu ~]# echo "1" | passwd --stdin ops1
[root@oldboy-pythonedu ~]# echo "1" | passwd --stdin ops2

5. Verify whether the development authority is inconsistent with the operation and maintenance authority

sudo -l

# user kaifa1 Can be in oldboy-pythonedu Run the following command on:
    (ALL) /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables,
        /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool, /bin/rpm,
        /usr/bin/up2date, /usr/bin/yum, /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start,
        /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart,
        /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable


# user ops1 Can be in oldboy-pythonedu Run the following command on:
    (ALL) /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables,
        /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool, /bin/rpm,
        /usr/bin/up2date, /usr/bin/yum, /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start,
        /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart,
        /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable,
        /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall, /sbin/fdisk, /sbin/sfdisk,
        /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

Extra: additional supplement

1. Extract IP address: grep sed awk

[root@oldboy-pythonedu ~]# ifconfig  ens32 | grep "inet " | grep -Eo "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" | head -1 
10.0.0.200

[root@oldboy-pythonedu ~]# ifconfig  ens32 | sed -n '2p' | sed -r 's#(^.*inet) (.*) (net.*$)#\2#g'
10.0.0.200

[root@oldboy-pythonedu ~]# ifconfig  ens32  | awk 'NR==2 {print $2}'
10.0.0.200

2. Extract / etc/passwd user name, uid, and log in to bash

[root@oldboy-pythonedu ~]# #awk -F ":" '{print $1,$3,$7}' /etc/passwd

3. In statistical analysis, the top 10 IP addresses with long source in access: sort uniq awk

'''
3.The top 10 sources in the statistical analysis interview IP address   sort  uniq  awk 
    1.Source IP What column is the address in
    2.Sort data
    3.De duplication of data,Statistics
    4.Before removal top10 of IP address
'''
    
[root@oldboy-pythonedu ~]# awk '{print $1}' access.log  | sort | uniq -c | sort -nr | head -10 > access_top10.txt 
'''
  31577 116.211.216.152
  25142 222.186.49.194
  20841 120.27.74.166
   9304 39.105.242.163
   8277 61.147.73.164
   7805 222.186.49.165
   7559 123.156.198.164
   7233 61.160.206.107
   6596 220.170.48.75
   6200 61.147.73.171
'''

[root@oldboy-pythonedu ~]# time awk '{ ip[$1]++ } END { for ( i in ip ) print ip[i],i}' access.log  | sort -nr | head -10
{
    ip[$1]++
}
END{
    for ( i in ip) {
        print i,ip[i]
    }

}

Posted by salasilm on Sat, 14 May 2022 14:47:31 +0300