linux服务器创建三员用户

<h1>一、创建三员用户审计用户</h1> <h2>1.创建审计用户audituser</h2> <pre><code class="language-java">useradd audituser（创建用户） passwd audituser(设置密码)</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/999dff199ea56bcfbd71c8031bc7aa1b" alt="" /></p> <h2>2.修改审计账号权限使其只具有查看功能</h2> <p>修改/etc/sudoers文件，为审计用户添加查看的权限，添加内容如下：</p> <pre><code class="language-java">audituser ALL=(root) NOPASSWD: /usr/bin/cat,/usr/bin/less,/usr/bin/more,/usr/bin/tail,/usr/bin/head</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/5c155fb4294505aeceecf4e9b91346ea" alt="" /></p> <h2>3.切换审计用户audituser</h2> <pre><code class="language-java">su - audituser</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/b27490342ed50000488c0024ec982d22" alt="" /></p> <h2>4.测试审计账户是否有创建测试目录test权限</h2> <pre><code class="language-java">sudo mkdir -p test</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/01d5bc0b6e62540f05538585a1b03ee7" alt="" /> 截图所示，审计账户没有创建目录权限</p> <h2>5.测试审计账户是否有查看系统日志权限</h2> <pre><code class="language-java"> sudo tail -f /var/log/messages</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/d7c8a0a8467919e43dbfaf758343b787" alt="" /> 截图所示，有查看系统日志权限</p> <h1>二、创建三员用户系统管理员</h1> <h2>1.创建系统管理员用户sysuser</h2> <pre><code class="language-java">useradd sysuser（创建用户） passwd sysuser(设置密码)</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/c14baf92e92416ea04a0520d5982008e" alt="" /></p> <h2>2.修改系统管理员账号权限使其拥有root权限</h2> <p>修改/etc/sudoers文件，为系统管理员用户添加root权限，添加内容如下：</p> <pre><code class="language-java">sysuser ALL=(root) ALL</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/986c7217edee180876c722569ff1f213" alt="" /></p> <h2>3.切换系统管理员用户sysuser</h2> <pre><code class="language-java">su - sysuser</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/9af740c393959d6b430cfb401b139a08" alt="" /></p> <h2>4.测试系统管理员账户是否有创建目录权限</h2> <pre><code class="language-java">sudo mkdir -p test</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/1fb5e595fdee8031a0c269f5471f1ffa" alt="" /></p> <h2>5.测试系统管理员账户是否有分配权限</h2> <pre><code class="language-java"> sudo chown -R sysuser:sysuser /home/sysuser/test/</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/7244c61bc2dcafb6aec2a8f571e08265" alt="" /></p> <pre><code class="language-java">sudo chmod -R 777 /home/sysuser/test</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/32cc98c1c89d68474c9e5265361cdab5" alt="" /></p> <h2>6.测试系统管理员账户是否有创建账户权限</h2> <pre><code class="language-java">sudo useradd test</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/cdb9a31d87307afbbf77a4bc07787212" alt="" /></p> <h1>三、创建三员用户保密管理员</h1> <h2>1.创建保密管理员用户syssso</h2> <pre><code class="language-java">useradd syssso（创建用户） passwd syssso(设置密码)</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/6cad5d653b0540eff2237c7c76f59dc2" alt="" /></p> <h2>2.修改保密管理员账号权限使其只具有分配权限、修改密码权限</h2> <p>修改/etc/sudoers文件，为系统管理员用户添加root权限，添加内容如下：</p> <pre><code class="language-java">syssso ALL=(root) NOPASSWD: /usr/bin/chown,/usr/bin/chmod,/usr/bin/passwd</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/97231d2c162b765d84fe3f3c60cb2542" alt="" /></p> <h2>3.切换保密管理员用户syssso</h2> <pre><code class="language-java">su - syssso</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/3e24ff098a1a26ab656ec93c12880cbd" alt="" /></p> <h2>4.测试保密管理员账户是否有分配权限</h2> <pre><code class="language-java">sudo chown -R syssso:syssso /home/sysuser</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/9c750fbf3ce6301427c4d5ef8ecc065d" alt="" /></p> <pre><code class="language-java">sudo chmod -R 777 /home/sysuser</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/d481b20c10725498c073e0c0dce6ce58" alt="" /></p> <h2>5.测试保密管理员账户是否有修改普通用户test密码权限</h2> <pre><code class="language-java">sudo passwd test</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/a0a13b71af9c1c1d888a1c5ca4e5c7de" alt="" /></p> <h2>6.测试保密管理员账户是否有创建测试账户risen权限</h2> <pre><code class="language-java">sudo useradd risen</code></pre> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/675e4e948f7bba8a7483eddc0d9db4cf" alt="" /></p>