[1] 要在CentOS服务器上添加普通用户帐户,请按以下步骤设置。
[root@lianglab ~]# useradd centos
[root@lianglab ~]# passwd centos
Changing password for user centos.
New password: #输入您要设置的任何密码
Retype new password:
passwd: all authentication tokens updated successfully. #所有身份验证令牌已成功更新
[2] 如果您想从普通用户切换到root用户帐户,请使用[su]命令。
[root@lianglab ~]# su - centos #切换centos账号
[centos@lianglab ~]$ su - #切换root账号
Password: #输入root密码
[root@lianglab ~]# #切换到root账号
[3] 如果您想限制用户运行[su]命令,请进行如下设置。
在以下示例中,只有[wheel]组中的用户可以运行[su]命令。
[root@lianglab ~]# usermod -G wheel centos
[root@lianglab ~]# vi /etc/pam.d/su
[root@lianglab ~]# cat /etc/pam.d/su
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid #我们添加的配置项
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session include postlogin
session optional pam_xauth.so
auth sufficient pam_rootok.so debug
[root@lianglab ~]# groups centos #查看账号所在的组
centos : centos wheel
我们可以创建一个账号user01没有在wheel组,并尝试切换到root账号
[root@lianglab ~]# useradd user01
[root@lianglab ~]# passwd user01
Changing password for user user01.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@lianglab ~]#
[root@lianglab ~]# su - user01
[user01@lianglab ~]$
[user01@lianglab ~]$ su -
Password:
su: Permission denied #通常是被拒绝的
[user01@lianglab ~]$
[4] 如果您要删除用户帐户,请按以下步骤设置。
[root@lianglab ~]# userdel -r user01 #删除用户[user01](仅删除的用户帐户)
userdel: user ‘user01‘ does not exist
[root@lianglab ~]# ll /home/
total 4
drwxr-xr-x. 3 admin admin 78 Sep 28 10:09 admin
drwx------. 4 centos centos 113 Dec 4 13:56 centos
drwx------. 15 lianglab lianglab 4096 Sep 27 16:42 lianglab
drwx------. 3 tddev users 78 Sep 28 10:09 tddev
drwx------. 5 tdops users 143 Oct 15 16:10 tdops
drwx------. 3 tdsec users 78 Sep 28 10:09 tdsec
drwx------. 4 1006 1006 113 Dec 4 14:16 user01
#删除用户[user01](已删除的用户帐户和他的主目录)
[root@lianglab ~]# userdel -r user01
userdel: user ‘user01‘ does not exist
[root@lianglab ~]# userdel -r lianglab
[5] 添加到wheel组用户免密切换root账号设置步骤。
vi /etc/sudoers
## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL #添加这段内容后,wheel组用户,切换到root不需要知道root密码。
[root@lianglab ~]# su - centos
[centos@lianglab ~]$ id
uid=1005(centos) gid=1005(centos) groups=1005(centos),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[centos@lianglab ~]$
[centos@lianglab ~]$ sudo su - ##免密切换到root账号。
[root@lianglab ~]#
[1] 可以如下所示显示FireWall服务状态。(默认启用)
[root@lianglab ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Fri 2020-12-04 14:23:39 CST; 1h 10min ago
Docs: man:firewalld(1)
Main PID: 199682 (firewalld)
Tasks: 2 (limit: 49642)
Memory: 28.1M
CGroup: /system.slice/firewalld.service
└─199682 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
Dec 04 14:23:38 lianglab systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 04 14:23:39 lianglab systemd[1]: Started firewalld - dynamic firewall daemon.
Dec 04 14:23:39 lianglab firewalld[199682]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option.
[活动:活动(正在运行)***]表示firewalld正在运行
[2] 如果您使用FireWall服务,则它需要手动修改FireWall设置,因为默认情况下大多数情况下不允许传入服务请求。
有关防火墙的基本操作和设置,请参见此处。
[3] 如果由于某些原因(例如某些FireWall计算机在您的本地Netowrk中运行)而不需要FireWall服务,则可以像下面这样在CentOS服务器上停止和禁用FireWall服务。
#停止服务
停止防火墙、并禁用防火墙
[root@lianglab ~]# systemctl stop firewalld
[root@lianglab ~]# systemctl disable firewalld
[root@lianglab ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
Dec 04 14:23:38 lianglab systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 04 14:23:39 lianglab systemd[1]: Started firewalld - dynamic firewall daemon.
Dec 04 14:23:39 lianglab firewalld[199682]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will b>
Dec 04 15:36:01 lianglab systemd[1]: Stopping firewalld - dynamic firewall daemon...
Dec 04 15:36:01 lianglab systemd[1]: Stopped firewalld - dynamic firewall daemon.
[4] 可以如下显示当前的SELinux(增强安全性的Linux)状态。(默认启用)
[root@lianglab ~]# getenforce
Permissive #允许
[root@lianglab ~]#
[5] 如果启用SELinux,则有时会手动修改SELinux策略,因为SELinux有时会停止应用程序。
有关SELinux的基本操作和设置,请参见此处。
该站点上CentOS 8的配置示例基于SELinux始终在执行的环境。
[6] 如果由于某些原因(例如您的服务器仅在本地安全网络中运行)或某些其他原因而不需要SELinux功能,则可以如下禁用SELinux。
vi /etc/selinux/config
SELINUX=disabled
#重新启动计算机以应用设置
[root@lianglab ~]# reboot
[root@lianglab ~]# hostnamectl set-hostname www.lianglab.cn ##设置主机名
#显示设备
[root@lianglab ~]# nmcli device
DEVICE TYPE STATE CONNECTION
ens3 ethernet connected ens3
cni-podman0 bridge connected cni-podman0
lo loopback unmanaged --
#设置IPv4地址
[root@lianglab ~]# nmcli connection modify ens3 ipv4.addresses 10.0.0.30/24
#设置网关
[root@lianglab ~]# nmcli connection modify ens3 ipv4.gateway 10.0.0.1
#设置DNS
[root@lianglab ~]# nmcli connection modify ens3 ipv4.dns 10.0.0.1
#设置手动进行静态设置(对于DHCP为[auto])
[root@lianglab ~]# nmcli connection modify ens3 ipv4.method manual
#重新启动界面以重新加载设置
[root@lianglab ~]# nmcli connection down ens3; nmcli connection up ens3
#显示设置
[root@lianglab ~]# nmcli device show ens3
GENERAL.DEVICE: ens3
GENERAL.TYPE: ethernet
GENERAL.HWADDR: FA:57:3D:27:AB:00
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens3
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 192.168.6.58/24
IP4.GATEWAY: 192.168.6.1
IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 192.168.6.1, mt = 100
IP4.ROUTE[2]: dst = 169.254.169.254/32, nh = 192.168.6.194, mt = 100
IP4.ROUTE[3]: dst = 192.168.6.0/24, nh = 0.0.0.0, mt = 100
IP4.DNS[1]: 223.5.5.5
IP6.ADDRESS[1]: fe80::63b:d0b2:2d5b:e779/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 100
[root@lianglab ~]#
#显示状态
[root@lianglab ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
link/ether fa:57:3d:27:ab:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.6.58/24 brd 192.168.6.255 scope global noprefixroute ens3
valid_lft forever preferred_lft forever
3: cni-podman0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 0a:2f:7d:c4:06:59 brd ff:ff:ff:ff:ff:ff
inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
valid_lft forever preferred_lft forever
[root@lianglab ~]#
[2] 如果您不需要IPv6,则可以如下禁用它。
[root@lianglab ~]# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed ‘s, release .*$,,g‘ /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rhgb quiet ipv6.disable=1"
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=true
[root@lianglab ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file
done
[root@lianglab ~]# reboot
[1] 可以如下显示服务状态。
#现在活动的服务列表
[root@lianglab ~]# systemctl -t service
UNIT LOAD ACTIVE SUB DESCRIPTION
atd.service loaded active running Job spooling tools
auditd.service loaded active running Security Auditing Service
avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack
crond.service loaded active running Command Scheduler
cups.service loaded active running CUPS Scheduler
dbus.service loaded active running D-Bus System Message Bus
dracut-shutdown.service loaded active exited Restore /run/initramfs on shutdown
getty@tty1.service loaded active running Getty on tty1
gssproxy.service loaded active running GSSAPI Proxy Daemon
import-state.service loaded active exited Import network configuration from initramfs
irqbalance.service loaded active running irqbalance daemon
iscsi-shutdown.service loaded active exited Logout off all iSCSI sessions on shutdown
#所有服务清单
原文:https://www.cnblogs.com/lianglab/p/14086530.html