document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'LCTT/master'

Browse Source
This commit is contained in:
Xingyu.Wang 2018-10-04 20:47:25 +08:00
commit 0d1a9651b7
4 changed files with 226 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sources/talk/20180920 WinWorld - A Large Collection Of Defunct OSs, Software And Games.md
View File

@ -1,3 +1,5 @@
thecyanbird translating
WinWorld A Large Collection Of Defunct OSs, Software And Games
======

223
sources/tech/20170926 Managing users on Linux systems.md
View File

@ -1,223 +0,0 @@
translating by dianbanjiu Managing users on Linux systems
======
Your Linux users may not be raging bulls, but keeping them happy is always a challenge as it involves managing their accounts, monitoring their access rights, tracking down the solutions to problems they run into, and keeping them informed about important changes on the systems they use. Here are some of the tasks and tools that make the job a little easier.
### Configuring accounts
Adding and removing accounts is the easier part of managing users, but there are still a lot of options to consider. Whether you use a desktop tool or go with command line options, the process is largely automated. You can set up a new user with a command as simple as **adduser jdoe** and a number of things will happen. John 's account will be created using the next available UID and likely populated with a number of files that help to configure his account. When you run the adduser command with a single argument (the new username), it will prompt for some additional information and explain what it is doing.
```
$ sudo adduser jdoe
Adding user `jdoe' ...
Adding new group `jdoe' (1001) ...
Adding new user `jdoe' (1001) with group `jdoe' ...
Creating home directory `/home/jdoe' ...
Copying files from `/etc/skel' …
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for jdoe
Enter the new value, or press ENTER for the default
Full Name []: John Doe
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
```
As you can see, adduser adds the user's information (to the /etc/passwd and /etc/shadow files), creates the new home directory and populates it with some files from /etc/skel, prompts for you to assign the initial password and identifying information, and then verifies that it's got everything right. If you answer "n" for no at the final "Is the information correct?" prompt, it will run back through all of your previous answers, allowing you to change any that you might want to change.
Once an account is set up, you might want to verify that it looks as you'd expect. However, a better strategy is to ensure that the choices being made "automagically" match what you want to see _before_ you add your first account. The defaults are defaults for good reason, but it 's useful to know where they're defined in case you want some to be different - for example, if you don't want home directories in /home, you don't want user UIDs to start with 1000, or you don't want the files in home directories to be readable by _everyone_ on the system.
Some of the details of how the adduser command works are configured in the /etc/adduser.conf file. This file contains a lot of settings that determine how new accounts are configured and will look something like this. Note that the comments and blanks lines are omitted in the output below so that we can focus more easily on just the settings.
```
$ cat /etc/adduser.conf | grep -v "^#" | grep -v "^$"
DSHELL=/bin/bash
DHOME=/home
GROUPHOMES=no
LETTERHOMES=no
SKEL=/etc/skel
FIRST_SYSTEM_UID=100
LAST_SYSTEM_UID=999
FIRST_SYSTEM_GID=100
LAST_SYSTEM_GID=999
FIRST_UID=1000
LAST_UID=29999
FIRST_GID=1000
LAST_GID=29999
USERGROUPS=yes
USERS_GID=100
DIR_MODE=0755
SETGID_HOME=no
QUOTAUSER=""
SKEL_IGNORE_REGEX="dpkg-(old|new|dist|save)"
```
As you can see, we've got a default shell (DSHELL), the starting value for UIDs (FIRST_UID), the location for home directories (DHOME) and the source location for startup files (SKEL) that will be added to each account as it is set up - along with a number of additional settings. This file also specifies the permissions to be assigned to home directories (DIR_MODE).
One of the more important settings is DIR_MODE, which determines the permissions that are used for each user's home directory. Given this setting, the permissions assigned to a directory that the user creates will be 755. Given this setting, home directories will be set up with rwxr-xr-x permissions. Users will be able to read other users' files, but not modify or remove them. If you want to be more restrictive, you can change this setting to 750 (no access by anyone outside the user's group) or even 700 (no access but the user himself).
Any user account settings can be manually changed after the accounts are set up. For example, you can edit the /etc/passwd file or chmod home directory, but configuring the /etc/adduser.conf file _before_ you start adding accounts on a new server will ensure some consistency and save you some time and trouble over the long run.
Changes to the /etc/adduser.conf file will affect all accounts that are set up subsequent to those changes. If you want to set up some specific account differently, you've also got the option of providing account configuration options as arguments with the adduser command in addition to the username. Maybe you want to assign a different shell for some user, request a specific UID, or disable logins altogether. The man page for the adduser command will display some of your choices for configuring an individual account.
```
adduser [options] [--home DIR] [--shell SHELL] [--no-create-home]
[--uid ID] [--firstuid ID] [--lastuid ID] [--ingroup GROUP | --gid ID]
[--disabled-password] [--disabled-login] [--gecos GECOS]
[--add_extra_groups] [--encrypt-home] user
```
These days probably every Linux system is, by default, going to put each user into his or her own group. As an admin, you might elect to do things differently. You might find that putting users in shared groups works better for your site, electing to use adduser's --gid option to select a specific group. Users can, of course, always be members of multiple groups, so you have some options on how to manage groups -- both primary and secondary.
### Dealing with user passwords
Since it's always a bad idea to know someone else's password, admins will generally use a temporary password when they set up an account and then run a command that will force the user to change his password on his first login. Here's an example:
```
$ sudo chage -d 0 jdoe
```
When the user logs in, he will see something like this:
```
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for jdoe.
(current) UNIX password:
```
### Adding users to secondary groups
To add a user to a secondary group, you might use the usermod command as shown below -- to add the user to the group and then verify that the change was made.
```
$ sudo usermod -a -G sudo jdoe
$ sudo grep sudo /etc/group
sudo:x:27:shs,jdoe
```
Keep in mind that some groups -- like the sudo or wheel group -- imply certain privileges. More on this in a moment.
### Removing accounts, adding groups, etc.
Linux systems also provide commands to remove accounts, add new groups, remove groups, etc. The **deluser** command, for example, will remove the user login entries from the /etc/passwd and /etc/shadow files but leave her home directory intact unless you add the --remove-home or --remove-all-files option. The **addgroup** command adds a group, but will give it the next group id in the sequence (i.e., likely in the user group range) unless you use the --gid option.
```
$ sudo addgroup testgroup --gid=131
Adding group `testgroup' (GID 131) ...
Done.
```
### Managing privileged accounts
Some Linux systems have a wheel group that gives members the ability to run commands as root. In this case, the /etc/sudoers file references this group. On Debian systems, this group is called sudo, but it works the same way and you'll see a reference like this in the /etc/sudoers file:
```
%sudo ALL=(ALL:ALL) ALL
```
This setting basically means that anyone in the wheel or sudo group can run all commands with the power of root once they preface them with the sudo command.
You can also add more limited privileges to the sudoers file -- maybe to give particular users the ability to run one or two commands as root. If you do, you should also periodically review the /etc/sudoers file to gauge how much privilege users have and very that the privileges provided are still required.
In the command shown below, we're looking at the active lines in the /etc/sudoers file. The most interesting lines in this file include the path set for commands that can be run using the sudo command and the two groups that are allowed to run commands via sudo. As was just mentioned, individuals can be given permissions by being directly included in the sudoers file, but it is generally better practice to define privileges through group memberships.
```
# cat /etc/sudoers | grep -v "^#" | grep -v "^$"
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
root ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL <== admin group
%sudo ALL=(ALL:ALL) ALL <== sudo group
```
### Checking on logins
To see when a user last logged in, you can use a command like this one:
```
# last jdoe
jdoe pts/18 192.168.0.11 Thu Sep 14 08:44 - 11:48 (00:04)
jdoe pts/18 192.168.0.11 Thu Sep 14 13:43 - 18:44 (00:00)
jdoe pts/18 192.168.0.11 Thu Sep 14 19:42 - 19:43 (00:00)
```
If you want to see when each of your users last logged in, you can run the last command through a loop like this one:
```
$ for user in `ls /home`; do last $user | head -1; done
jdoe pts/18 192.168.0.11 Thu Sep 14 19:42 - 19:43 (00:03)
rocket pts/18 192.168.0.11 Thu Sep 14 13:02 - 13:02 (00:00)
shs pts/17 192.168.0.11 Thu Sep 14 12:45 still logged in
```
This command will only show you users who have logged on since the current wtmp file became active. The blank lines indicate that some users have never logged in since that time, but doesn't call them out. A better command would be this one that clear displays the users who have not logged in at all in this time period:
```
$ for user in `ls /home`; do echo -n "$user ";last $user | head -1 | awk '{print substr($0,40)}'; done
dhayes
jdoe pts/18 192.168.0.11 Thu Sep 14 19:42 - 19:43
peanut pts/19 192.168.0.29 Mon Sep 11 09:15 - 17:11
rocket pts/18 192.168.0.11 Thu Sep 14 13:02 - 13:02
shs pts/17 192.168.0.11 Thu Sep 14 12:45 still logged
tsmith
```
That command is a lot to type, but could be turned into a script to make it a lot easier to use.
```
#!/bin/bash
for user in `ls /home`
do
echo -n "$user ";last $user | head -1 | awk '{print substr($0,40)}'
done
```
Sometimes this kind of information can alert you to changes in users' roles that suggest they may no longer need the accounts in question.
### Communicating with users
Linux systems provide a number of ways to communicate with your users. You can add messages to the /etc/motd file that will be displayed when a user logs into a server using a terminal connection. You can also message users with commands such as write (message to single user) or wall (write to all logled in users.
```
$ wall System will go down in one hour
Broadcast message from shs@stinkbug (pts/17) (Thu Sep 14 14:04:16 2017):
System will go down in one hour
```
Important messages should probably be delivered through multiple channels as it's difficult to predict what users will actually notice. Together, message-of-the-day (motd), wall, and email notifications might stand of chance of getting most of your users' attention.
### Paying attention to log files
Paying attention to log files can also help you understand user activity. In particular, the /var/log/auth.log file will show you user login and logout activity, creation of new groups, etc. The /var/log/messages or /var/log/syslog files will tell you more about system activity.
### Tracking problems and requests
Whether or not you install a ticketing application on your Linux system, it's important to track the problems that your users run into and the requests that they make. Your users won't be happy if some portion of their requests fall through the proverbial cracks. Even a paper log could be helpful or, better yet, a spreadsheet that allows you to notice what issues are still outstanding and what the root cause of the problems turned out to be. Ensuring that problems and requests are addressed is important and logs can also help you remember what you had to do to address a problem that re-emerges many months or even years later.
### Wrap-up
Managing user accounts on a busy server depends in part on starting out with well configured defaults and in part on monitoring user activities and problems encountered. Users are likely to be happy if they feel you are responsive to their concerns and know what to expect when system upgrades are needed.
--------------------------------------------------------------------------------
via: https://www.networkworld.com/article/3225109/linux/managing-users-on-linux-systems.html
作者:[Sandra Henry-Stocker][a]
译者:[runningwater](https://github.com/runningwater)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.networkworld.com/author/Sandra-Henry_Stocker/

2
sources/tech/20180803 5 Essential Tools for Linux Development.md
View File

@ -1,3 +1,5 @@
HankChow translating
5 Essential Tools for Linux Development
======

222
translated/tech/20170926 Managing users on Linux systems.md Normal file
View File

@ -0,0 +1,222 @@
# 管理 Linux 系统中的用户
也许你的 Lniux 用户并不是愤怒的公牛,但是当涉及管理他们的账户的时候,能让他们一直开心也是一种挑战。监控他们当前正在访问的东西,追踪他们他们遇到问题时的解决方案,并且保证能把他们在使用系统时出现的重要变动记录下来。这里有一些方法和工具可以使这份工作轻松一点。
### 配置账户
添加和移除账户是管理用户中最简单的一项,但是这里面仍然有很多需要考虑的选项。无论你是用桌面工具或是命令行选项,这都是一个非常自动化的过程。你可以使用命令添加一个新用户,像是 **adduser jdoe**,这同时会触发一系列的事情。使用下一个可用的 UID 可以创建 John 的账户,或许还会被许多用以配置账户的文件所填充。当你运行 adduser 命令加一个新的用户名的时候,它将会提示一些额外的信息,同时解释这是在干什么。
```
$ sudo adduser jdoe
Adding user 'jdoe' ...
Adding new group `jdoe' (1001) ...
Adding new user `jdoe' (1001) with group `jdoe' ...
Creating home directory `/home/jdoe' ...
Copying files from `/etc/skel' …
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for jdoe
Enter the new value, or press ENTER for the default
Full Name []: John Doe
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
```
像你看到的那样adduser 将添加用户的信息(到 /etc/passwd 和 /etc/shadow 文件中),创建新的家目录,并用 /etc/skel 里设置的文件填充家目录,提示你分配初始密码和认定信息,然后确认这些信息都是正确的,如果你在最后的提示 “Is the information correct” 处的答案是 “n”它将回溯你之前所有的回答允许修改任何你想要修改的地方。
创建好一个用户后,你可能会想要确认一下它是否是你期望的样子,更好的方法是确保在添加第一个帐户**之前**,“自动”选择与您想要查看的内容相匹配。默认有默认的好处,它对于你想知道他们定义在哪里有所用处,以防你想作出一些变动 —— 例如,你不想家目录在 /home 里,你不想用户 UIDs 从 1000 开始,或是你不想家目录下的文件被系统上的**每个人**都可读。
adduser 如何工作的一些细节设置在 /etc/adduser.conf 文件里。这个文件包含的一些设置决定了一个新的账户如何配置,以及它之后的样子。注意,注释和空白行将会在输出中被忽略,因此我们可以更加集中注意在设置上面。
```
$ cat /etc/adduser.conf | grep -v "^#" | grep -v "^$"
DSHELL=/bin/bash
DHOME=/home
GROUPHOMES=no
LETTERHOMES=no
SKEL=/etc/skel
FIRST_SYSTEM_UID=100
LAST_SYSTEM_UID=999
FIRST_SYSTEM_GID=100
LAST_SYSTEM_GID=999
FIRST_UID=1000
LAST_UID=29999
FIRST_GID=1000
LAST_GID=29999
USERGROUPS=yes
USERS_GID=100
DIR_MODE=0755
SETGID_HOME=no
QUOTAUSER=""
SKEL_IGNORE_REGEX="dpkg-(old|new|dist|save)"
```
可以看到,我们有了一个默认的 shellDSHELLUIDsFIRST_UID的开始数值家目录DHOME的位置以及启动文件SKEL的来源位置。这个文件也会指定分配给家目录DIR_HOME的权限。
其中 DIR_HOME 是最重要的设置,它决定了每个家目录被使用的权限。这个设置分配给用户创建的目录权限是 755,家目录的权限将会设置为 rwxr-xr-x。用户可以读其他用户的文件但是不能修改和移除他们。如果你想要更多的限制你可以更改这个设置为 750用户组外的任何人都不可访问甚至是 700除用户自己外的人都不可访问
任何用户账号在创建之前都可以进行手动修改。例如,你可以编辑 /etc/passwd 或者修改家目录的权限,开始在新服务器上添加用户之前配置 /etc/adduser.conf 可以确保一定的一致性,从长远来看可以节省时间和避免一些麻烦。
/etc/adduser.conf 的修改将会在之后创建的用户上生效。如果你想以不同的方式设置某个特定账户,除了用户名之外,你还可以选择使用 adduser 命令提供账户配置选项。或许你想为某些账户分配不同的 shell请求特殊的 UID完全禁用登录。adduser 的帮助页将会为你显示一些配置个人账户的选择。
```
adduser [options] [--home DIR] [--shell SHELL] [--no-create-home]
[--uid ID] [--firstuid ID] [--lastuid ID] [--ingroup GROUP | --gid ID]
[--disabled-password] [--disabled-login] [--gecos GECOS]
[--add_extra_groups] [--encrypt-home] user
```
每个 Linux 系统现在都会默认把每个用户放入对应的组中。作为一个管理员,你可能会选择以不同的方式去做事。你也许会发现把用户放在一个共享组中可以让你的站点工作的更好,这时,选择使用 adduser 的 --gid 选项去选择一个特定的组。当然,用户总是许多组的成员,因此也有一些选项去管理主要和次要的组。
### 处理用户密码
一直以来,知道其他人的密码都是一个不好的念头,在设置账户时,管理员通常使用一个临时的密码,然后在用户第一次登录时会运行一条命令强制他修改密码。这里是一个例子:
```
$ sudo chage -d 0 jdoe
```
当用户第一次登录的时候,会看到像这样的事情:
```
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for jdoe.
(current) UNIX password:
```
### 添加用户到副组
添加用户到副组中,你可能会用如下所示的 usermod 命令 —— 添加用户到组中并确认已经做出变动。
```
$ sudo usermod -a -G sudo jdoe
$ sudo grep sudo /etc/group
sudo:x:27:shs,jdoe
```
记住在一些组,像是 sudo 或者 wheel 组中,意味着包含特权,一定要特别注意这一点。
### 移除用户,添加组等
Linux 系统也提供了命令去移除账户,添加新的组,移除组等。例如,**deluser** 命令,将会从 /etc/passwd 和 /etc/shadow 中移除用户登录入口,但是会完整保留他的家目录,除非你添加了 --remove-home 或者 --remove-all-files 选项。**addgroup** 命令会添加一个组,按目前组的次序给他下一个 id在用户组范围内除非你使用 --gid 选项指定 id。
```
$ sudo addgroup testgroup --gid=131
Adding group `testgroup' (GID 131) ...
Done.
```
### 管理特权账户
一些 Linux 系统中有一个 wheel 组,它给组中成员赋予了像 root 一样运行命令的能力。在这种情况下,/etc/sudoers 将会引用该组。在 Debian 系统中,这个组被叫做 sudo但是以相同的方式工作你在 /etc/sudoers 中可以看到像这样的引用:
```
%sudo ALL=(ALL:ALL) ALL
```
这个基础的设定意味着,任何在 wheel 或者 sudo 组中的成员,只要在他们运行的命令之前添加 sudo就可以以 root 的权限去运行命令。
你可以向 sudoers 文件中添加更多有限的特权 —— 也许给特定用户运行一两个 root 的命令。如果这样做,您还应定期查看 /etc/sudoers 文件以评估用户拥有的权限,以及仍然需要提供的权限。
在下面显示的命令中,我们看到在 /etc/sudoers 中匹配到的行。在这个文件中最有趣的行是,包含能使用 sudo 运行命令的路径设置,以及两个允许通过 sudo 运行命令的组。像刚才提到的那样,单个用户可以通过包含在 sudoers 文件中来获得权限,但是更有实际意义的方法是通过组成员来定义各自的权限。
```
# cat /etc/sudoers | grep -v "^#" | grep -v "^$"
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
root ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL <== admin group
%sudo ALL=(ALL:ALL) ALL <== sudo group
```
### 登录检查
你可以通过以下命令查看用户的上一次登录:
```
# last jdoe
jdoe pts/18 192.168.0.11 Thu Sep 14 08:44 - 11:48 (00:04)
jdoe pts/18 192.168.0.11 Thu Sep 14 13:43 - 18:44 (00:00)
jdoe pts/18 192.168.0.11 Thu Sep 14 19:42 - 19:43 (00:00)
```
如果你想查看每一个用户上一次的登录情况,你可以通过一个像这样的循环来运行 last 命令:
```
$ for user in `ls /home`; do last $user | head -1; done
jdoe pts/18 192.168.0.11 Thu Sep 14 19:42 - 19:43 (00:03)
rocket pts/18 192.168.0.11 Thu Sep 14 13:02 - 13:02 (00:00)
shs pts/17 192.168.0.11 Thu Sep 14 12:45 still logged in
```
此命令仅显示自当前 wtmp 文件变为活跃状态以来已登录的用户。空白行表示用户自那以后从未登录过,但没有将其调出。一个更好的命令是过滤掉在这期间从未登录过的用户的显示:
```
$ for user in `ls /home`; do echo -n "$user ";last $user | head -1 | awk '{print substr($0,40)}'; done
dhayes
jdoe pts/18 192.168.0.11 Thu Sep 14 19:42 - 19:43
peanut pts/19 192.168.0.29 Mon Sep 11 09:15 - 17:11
rocket pts/18 192.168.0.11 Thu Sep 14 13:02 - 13:02
shs pts/17 192.168.0.11 Thu Sep 14 12:45 still logged
tsmith
```
这个命令会打印很多,但是可以通过一个脚本使它更加清晰易用。
```
#!/bin/bash
for user in `ls /home`
do
echo -n "$user ";last $user | head -1 | awk '{print substr($0,40)}'
done
```
有时,此类信息可以提醒您用户角色的变动,表明他们可能不再需要相关帐户。
### 与用户沟通
Linux 提供了许多方法和用户沟通。你可以向 /etc/motd 文件中添加信息,当用户从终端登录到服务器时,将会显示这些信息。你也可以通过例如 write通知单个用户或者 wallwrite 给所有已登录的用户)命令发送通知。
```
$ wall System will go down in one hour
Broadcast message from shs@stinkbug (pts/17) (Thu Sep 14 14:04:16 2017):
System will go down in one hour
```
重要的通知应该通过多个管道传递因为很难预测用户实际会注意到什么。mesage-of-the-daymotdwall 和 email 通知可以吸引用户大部分的注意力。
### 注意日志文件
更多地注意日志文件上也可以帮你理解用户活动。事实上,/var/log/auth.log 文件将会为你显示用户的登录和注销活动,组的创建等。/var/log/message 或者 /var/log/syslog 文件将会告诉你更多有关系统活动的事情。
### 追踪问题和请求
无论你是否在 Linux 系统上安装了票务系统,跟踪用户遇到的问题以及他们提出的请求都非常重要。如果请求的一部分久久不见回应,用户必然不会高兴。即使是纸质日志也可能是有用的,或者更好的是,有一个电子表格,可以让你注意到哪些问题仍然悬而未决,以及问题的根本原因是什么。确保解决问题和请求非常重要,日志还可以帮助您记住你必须采取的措施来解决几个月甚至几年后重新出现的问题。
### 总结
在繁忙的服务器上管理用户帐户部分取决于从配置良好的默认值开始,部分取决于监控用户活动和遇到的问题。如果用户觉得你对他们的顾虑有所回应并且知道在需要系统升级时会发生什么,他们可能会很高兴。
-----------
via: https://www.networkworld.com/article/3225109/linux/managing-users-on-linux-systems.html
作者:[Sandra Henry-Stocker][a]
译者:[dianbanjiu](https://github.com/dianbanjiu)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.networkworld.com/author/Sandra-Henry_Stocker/