Linux鸟哥视频学习笔记41

Linux账号与身份管理第六部分

cat /etc/passwd | more
usermod -s /sbin/nologin testone
grep testone /etc/passwd 
用testone登陆，出现this account is currently not available 的提示信息
vi /etc/nologin.txt 

sorry ,you are not allow to login this time

保存退出
再次用testone登陆，出现sorry，you are not allow to login this time 的提示信息

统计passwd中各shell出现的次数

cat /etc/passwd
vi awk.sh
#!/bin/awk -f
BEGIN{
FS=":"
}
{
if($7=="/bin/bash") bash=bash+1
if($7=="/sbin/nologin") nologin=nologin+1
}
END{
print "/bin/bash times is :" bash
print "/sbin/nologin times is :" nologin
}
保存退出
awk -f awk.sh /etc/passwd
chmod 744 awk.sh
./awk.sh /etc/passwd

vi bash.sh

#!/bin/bash
read -p "Please input the /etc/passwd :" path
if [ -z "$path" -o "$path" != "/etc/passwd" -o ! -e "$path" ]; then
        echo "sorry,the path is not right"; exit 1
fi
allshell=`cut -d : -f 7 "$path"`
for oneshell in $allshell
do
        if [ "$oneshell" = "/bin/bash" ]; then
                bash=$(($bash+1))
        fi
        if [ "$oneshell" == "/sbin/nologin" ]; then
                nologin=$(($nologin+1))
        fi
done
echo "/bin/bash has $bash times"
echo "/sbin/nologin has $nologin times"

bash bash.sh
输入/etc/passwd

PAM认证模块 

ls /etc/security
ls /lib/security 

cd /etc/pam.d
ls
vi sshd
添加一行
account     required     pam_access.so
保存退出
cd /etc/security
ls
vi access.conf
添加
- : testone : ALL    
保存推出
这里已经设置为所有ip都无法登陆testone账号
ssh testone@localhost
输入密码提示 Connection close by 127.0.0.1 无法登陆
 
vi access.conf
修改
- : testone : ALL EXCEPT 127.0.0.0/24
保存退出