shell脚本编程测试类型下

一bash的数值测试

-v VAR
变量VAR是否设置

数值测试:
-gt 是否大于greater
-ge 是否大于等于
-eq 是否等于
-ne 是否不等于  not equal
-lt 是否小于
-le 是否小于等于

-eq是否等于表示变量值是数字,=表示变量值是字符串

[[email protected] ~]# num=10;  [[ "$num"  -eq  10 ]]   &&  echo  true  ||  echo false   

true
[[email protected] ~]# num=50;  [[ "$num"  -eq  10 ]]   &&  echo  true  ||  echo false
false
[[email protected] ~]# num=50;  [[ "$num"  =  10 ]]   &&  echo  true  ||  echo false
false
[[email protected] ~]# num=50;  [[ "$num"  =  50 ]]   &&  echo  true  ||  echo false
true
[[email protected] ~]# num=abcd;  [  "$num"  =  50 ]   &&  echo  true  ||  echo false
false
[[email protected] ~]# num=abcd;  [  "$num"  -eq   50 ]   &&  echo  true  ||  echo false
-bash: [: abcd: integer expression expected
#语法错误,要求整数表达式
false
[[email protected] ~]# num=50;  [  "$num"  =  50 ]   &&  echo  true  ||  echo false
true

[[email protected] ~]# num=20;  [  "$num"  -ne   50 ]   &&  echo  true  ||  echo false
true
[[email protected] ~]# num=20;  [  "$num"  -le   50 ]   &&  echo  true  ||  echo false
true
[[email protected] ~]# num=20;  [  "$num"  -ge   50 ]   &&  echo  true  ||  echo false
false
[[email protected] ~]# num=20;  [  "$num"  -gt   50 ]   &&  echo  true  ||  echo false
false

示例:判断变量的参数是否存在

完整脚本:

[[email protected] shell_scripts]# cat  createuser1.sh
#!/bin/bash
#Author=wang

[ $# -ne 1 ]  &&    echo -e    "the arg  must one\nUsage:createuser1.sh  usename"   &&  exit 20
#如果参数的个数不为1,那么就显示必须要有一个参数,并且退出。#\n表示空一行,-e表示启用反斜线转义,对\进行转义
id $1  &> /dev/null  && echo " $1 is exist "  &&  exit 8
#因为不是正常结束的命令,所以退出的状态码为非0
useradd $1 && echo "$1 is created"
#因为是最后一个命令了,不写退出状态也表示退出了。

执行结果:

[[email protected] bin]# chmod +x  createuser1.sh
[[email protected] bin]# ll createuser1.sh
-rwxr-xr-x 1 root root 342 Dec 15 17:52 createuser1.sh
[[email protected] bin]# createuser1.sh
/root/bin/createuser1.sh: line 2: [: ne: binary operator expected
  is exist
[[email protected] bin]# vim createuser1.sh
[[email protected] bin]# createuser1.sh
the arg  must one
Usage:createuser1.sh  usename
[[email protected] bin]# createuser1.sh  wang
 wang is exist
[[email protected] bin]# createuser1.sh  tom
 tom is exist
[[email protected] bin]# createuser1.sh  abcd
abcd is created
[[email protected] bin]# id abcd
uid=2001(abcd) gid=2001(abcd) groups=2001(abcd)

脚本解析:

echo -e

-e enable interpretation of backslash escapes 启用反斜杠转义的解释

判断变量是否已经设置了

查看test的帮助文档

[[email protected] ~]# help test  |  grep  VAR
      -v VAR     True if the shell variable VAR is set

注意这里的VAR是不需要加$的

在字符串前面加$就是用来调用这个变量,相当于变量引用。

[[email protected] bin]# var="";[ -v var ]   &&  echo true ||  echo false #定义了空值
true
[[email protected] bin]# var=" ";[ -v var ]   &&  echo true ||  echo false #有内容,是空格
true
[[email protected] bin]# var=123;[ -v var ]   &&  echo true ||  echo false #定义了数字
true
[[email protected] bin]# var=abcd;[ -v var ]   &&  echo true ||  echo false
true
[[email protected] bin]# var="abc";[ -v var ]   &&  echo true ||  echo false #定义了字符串
true
[[email protected] bin]# unset var;[ -v var ]   &&  echo true ||  echo false
false

判断变量是否定义了?

[[email protected] shell_scripts]# cat createuser2.sh
#!/bin/bash
#Author=wang

[ -v  $1 ]    ||     ( echo -e    "the arg  must one\nUsage:$0.sh  usename"   &&  exit 20; )

#\n表示空一行,-e表示启用反斜杠转义的解释,因为后面要空行。
#如果为假才执行后面括号里面的命令,但是小括号会报错,小括号开了一个子进程,exit 20退出的是子进程,但是没有退出整个脚本。
#系统里面本身就有$1,只不过默认是没有赋值,不能判断$1是否存在。?

id $1  &> /dev/null  && echo " $1 is exist "  &&  exit 8

#因为不是正常结束的命令,所以退出的状态码为非0

useradd $1 && echo "$1 is created"

#因为是最后一个命令了,不写退出状态也表示退出了。

执行结果报错,说明上面的脚本有问题,还要对其修改

[[email protected] shell_scripts]# bash   createuser2.sh
  is exist
[[email protected] shell_scripts]# bash   createuser2.sh     wang
the arg  must one
Usage:createuser1.sh  usename
 wang is exist
[[email protected] shell_scripts]# id wang
uid=1022(wang) gid=1022(wang) groups=1022(wang)
[[email protected] shell_scripts]# id  xixixi
id: xixixi: no such user
[[email protected] shell_scripts]# bash   createuser2.sh     xixixi
the arg  must one
Usage:createuser1.sh  usename
xixixi is created
[[email protected] shell_scripts]# id  xixixi
uid=1025(xixixi) gid=1025(xixixi) groups=1025(xixixi)

判断变量$1的值是否有内容

使用-n,如果字符串为非空就为真,为空返回的就是假,假就执行后续的命令。

[[email protected] shell_scripts]# cat  createuser3.sh
#!/bin/bash
#Author=wang
[ -n  "$1" ]    ||     {  echo -e    "the arg  must one\nUsage:$0.sh  usename"   &&  exit 20; }

#\n表示空一行,-e表示启用反斜杠转义的解释,因为后面要空行。#[-n]表示后面接的字符串不为空。
#-n STRING   the length of STRING is nonzero

id $1  &> /dev/null  && echo "$1 is exist" 

在系统脚本里面使用了很多的函数,用大括号来表示

[[email protected] bin]# cat /etc/init.d/functions 

systemctl_redirect () {
    local s
    local prog=${1##*/}
    local command=$2
    local options=""

    case "$command" in
    start)
        s=$"Starting $prog (via systemctl): "
        ;;
    stop)
        s=$"Stopping $prog (via systemctl): "
        ;;
    reload|try-reload)
        s=$"Reloading $prog configuration (via systemctl): "
        ;;
    restart|try-restart|condrestart)
        s=$"Restarting $prog (via systemctl): "
        ;;
    esac

    if [ -n "$SYSTEMCTL_IGNORE_DEPENDENCIES" ] ; then
        options="--ignore-dependencies"
    fi

    if ! systemctl show "$prog.service" > /dev/null 2>&1 ||             systemctl show -p LoadState "$prog.service" | grep -q ‘not-found‘ ; then
        action $"Reloading systemd: " /bin/systemctl daemon-reload
    fi

    action "$s" /bin/systemctl $options $command "$prog.service"
}

执行结果

[[email protected] shell_scripts]# bash  createuser3.sh
the arg  must one
Usage:createuser3.sh.sh  usename
[[email protected] shell_scripts]# bash  createuser3.sh   wang
wang is exist
[[email protected] shell_scripts]# bash  createuser3.sh   zhang
zhang is exist
[[email protected] shell_scripts]# bash  createuser3.sh   zhao
zhao is exist
[[email protected] shell_scripts]# bash  createuser3.sh  hahaha
[[email protected] shell_scripts]# id  hahaha
id: hahaha: no such user
[[email protected] shell_scripts]# id   wuwuwu
id: wuwuwu: no such user
[[email protected] shell_scripts]# bash  createuser3.sh   wuwuwu
[[email protected] shell_scripts]# id   wuwuwu
id: wuwuwu: no such user

二Bash的文件测试

如果在编程时需要处理一个对象,应先对对象进行测试。

只有在确定它符合要求时,才应进行操作处理,这样做的好处就是避免程序出错及无谓的系统资源消耗。

这个需要测试的对象可以是文件、字符串、数字等。

Bash的文件测试也就是判断各种文件是否存在.

(一)常用文件测试操作符

下面的操作符号对于[[ ]]、[ ]、test的测试表达式几乎是通用的,更多的操作符可以man test获得帮助。

-a文件,表示文件存在则为真,即测试表达式成立。

-b文件, b的全拼为block表示文件存在且为块设备则为真,即测试表达式成立。

-c文件, c的全拼为character表示文件存在且为字符设备则为真,即测试表达式成立。

-d文件, d的全拼为directory表示文件存在且为目录则为真,即测试表达式成立。

注意目录也是文件,是一种特殊的文件。

-e文件, e的全拼为exist表示文件存在则为真,即测试表达式成立。

-f文件,f的全拼为file表示文件存在且为普通文件则为真,即测试表达式成立。

注意区别于"-f",-e不辨别是目录还是文件。

-L文件, L的全拼为link表示文件存在且为链接文件则为真,即测试表达式成立

-p 文件:p的全拼为pipe表示文件存在且为命名管道文件则为真,即测试表达式成立。

-r文件, r的全拼为read表示文件存在且可读则为真,即测试表达式成立

-s文件, s的全拼为size表示文件存在且文件大小不为0则为真,即测试表达式成立

-S文件, S的全拼为socket表示文件存在且为套接字文件则为真,即测试表达式成立

-w文件, w的全拼为write表示文件存在且可写则为真,即测试表达式成立

-x文件, x的全拼为executable表示文件存在且可执行则为真,即测试表达式成立

f1-nt f2, nt的全拼为newer than表示文件f1比文件2旧则为真,即测试表达式成立。根据文件的修改时间来计算

fl-ot f2, ot的全拼为older than表示文件f1比文件12新则为真,即测试表达式成立。根据文件的修改时间来计算

查看test的帮助文档

[[email protected] shell_scripts]# help  test
test: test [expr]
    Evaluate conditional expression.

    Exits with a status of 0 (true) or 1 (false) depending on
    the evaluation of EXPR.  Expressions may be unary or binary.  Unary
    expressions are often used to examine the status of a file.  There
    are string operators and numeric comparison operators as well.

    The behavior of test depends on the number of arguments.  Read the
    bash manual page for the complete specification.

    File operators:

      -a FILE        True if file exists.
      -b FILE        True if file is block special.
      -c FILE        True if file is character special.
      -d FILE        True if file is a directory.
      -e FILE        True if file exists.
      -f FILE        True if file exists and is a regular file.
      -g FILE        True if file is set-group-id.
      -h FILE        True if file is a symbolic link.
      -L FILE        True if file is a symbolic link.
      -k FILE        True if file has its `sticky‘ bit set.
      -p FILE        True if file is a named pipe.
      -r FILE        True if file is readable by you.
      -s FILE        True if file exists and is not empty.
      -S FILE        True if file is a socket.
      -t FD          True if FD is opened on a terminal.
      -u FILE        True if the file is set-user-id.
      -w FILE        True if the file is writable by you.
      -x FILE        True if the file is executable by you.
      -O FILE        True if the file is effectively owned by you.
      -G FILE        True if the file is effectively owned by your group.
      -N FILE        True if the file has been modified since it was last read.

      FILE1 -nt FILE2  True if file1 is newer than file2 (according to
                       modification date).

      FILE1 -ot FILE2  True if file1 is older than file2.

      FILE1 -ef FILE2  True if file1 is a hard link to file2.

    String operators:

      -z STRING      True if string is empty.

      -n STRING
         STRING      True if string is not empty.

      STRING1 = STRING2
                     True if the strings are equal.
      STRING1 != STRING2
                     True if the strings are not equal.
      STRING1 < STRING2
                     True if STRING1 sorts before STRING2 lexicographically.
      STRING1 > STRING2
                     True if STRING1 sorts after STRING2 lexicographically.

    Other operators:

      -o OPTION      True if the shell option OPTION is enabled.
      -v VAR     True if the shell variable VAR is set
      ! EXPR         True if expr is false.
      EXPR1 -a EXPR2 True if both expr1 AND expr2 are true.
      EXPR1 -o EXPR2 True if either expr1 OR expr2 is true.

      arg1 OP arg2   Arithmetic tests.  OP is one of -eq, -ne,
                     -lt, -le, -gt, or -ge.

    Arithmetic binary operators return true if ARG1 is equal, not-equal,
    less-than, less-than-or-equal, greater-than, or greater-than-or-equal
    than ARG2.

    Exit Status:
    Returns success if EXPR evaluates to true; fails if EXPR evaluates to
    false or an invalid argument is given.

(二)测试文件存在性

注意中括号里面的内容要和中括号左右空一格

[[email protected] ~]# [ -a  /etc/]   &&  echo  true
-bash: [: missing `]‘
[[email protected] ~]# [ -a  /etc/ ]   &&  echo  true
true
[[email protected] ~]# [ -a  /etc ]   &&  echo  true
true

-e和-a都是判断文件是否存在

[[email protected] ~]# [ -e /etc/]   &&  echo  true
-bash: [: missing `]‘
[[email protected] ~]# [ -e /etc]   &&  echo  true
-bash: [: missing `]‘
[[email protected] ~]# [ -e /etc ]   &&  echo  true
true
[[email protected] ~]# [ -e /etc/ ]   &&  echo  true
true

示例

1、编写脚本/root/bin/argsnum.sh,接受一个文件路径作为参数。

如果参数个数小于1,则提示用户“至少应该给一个参数”,并立即退出。

如果参数个数不小于1,则显示第一个参数所指向的文件中的空白行数。

涉及到正则表达式

法1:

完整脚本

[[email protected] shell_scripts]# cat  argsnum.sh
#!/bin/bash
#Author=wang
[ $# -lt 1 ] && echo "must one parameter" && exit 1
[ ! -f $1 ] && echo " file not exist" && exit 2
#[ -f $1 ] 表示判断文件存在,!表示取反,也就是文件不存在
echo `cat $1 |grep "^[[:space:]]*$" |wc -l`

执行结果

[[email protected] shell_scripts]# bash  argsnum.sh
must one parameter
[[email protected] shell_scripts]# bash  argsnum.sh   /etc/issue
1
[[email protected] shell_scripts]# bash  argsnum.sh   /etc/passwd
0
[[email protected] shell_scripts]# bash  argsnum.sh   /etc/services
17

[[email protected] shell_scripts]# bash  argsnum.sh    xxxxxx
 file not exist

法2:

完整脚本

[[email protected] shell_scripts]# cat  argsnum1.sh
#!/bin/bash
#Author=wang
[  $#   -lt 1 ]   &&   echo "You shound give a parameter at least!"   &&   exit 10

[ -e  $1 ]   &&   echo     "The blankLine   is    `grep ‘^[[:space:]]*$‘     $1 | wc  -l`"    ||   echo "No such file or directory!"

#注意要使用反引号调用命令执行的结果。#如果文件存在那么就打印文件的空白行,否则就显示文件不存在。

注意一定要加上*?

[[email protected] shell_scripts]# grep ‘^[[:space:]]*$‘     /etc/issue | wc -l
1
[[email protected] shell_scripts]# grep ‘^[[:space:]]$‘     /etc/issue | wc -l
0

执行结果

[[email protected] shell_scripts]# bash  argsnum1.sh
You shound give a parameter at least!
[[email protected] shell_scripts]# bash  argsnum1.sh   /etc/issue
The blankLine   is    1
[[email protected] shell_scripts]# bash  argsnum1.sh   /etc/passwd
The blankLine   is    0
[[email protected] shell_scripts]# bash  argsnum1.sh   /etc/services
The blankLine   is    17
[[email protected] shell_scripts]# bash  argsnum1.sh    xxxxxx
No such file or directory!

3、编写脚本/root/bin/checkdisk.sh,检查磁盘分区空间和inode使用率,如果超过10%,就发广播警告空间将满

完整脚本

[[email protected] shell_scripts]# cat   checkdisk.sh
#!/bin/bash
#Author=wang
Check_D=`df |grep "/sd" |tr -s " " "%" |cut -d% -f5 |sort -n |tail -1`
[ $Check_D -gt 10 ] &&  echo  space  of the disk will be full
inode=`df -i |grep "/sd" |tr -s " " "%" |cut -d% -f5 |sort -n |tail -1`
[ $inode  -ge 1 ] &&   echo  space of  inode will  be full

查看磁盘分区空间

[[email protected] shell_scripts]# df
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/sda2       52403200 1509828  50893372   3% /
devtmpfs          487964       0    487964   0% /dev
tmpfs             498988       0    498988   0% /dev/shm
tmpfs             498988    7776    491212   2% /run
tmpfs             498988       0    498988   0% /sys/fs/cgroup
/dev/sr0         4364408 4364408         0 100% /mnt
/dev/sda3       20961280   87448  20873832   1% /app
/dev/sda1        1038336  126596    911740  13% /boot
tmpfs              99800       0     99800   0% /run/user/0

查看inode的使用率

[[email protected] shell_scripts]# df -i
Filesystem       Inodes IUsed    IFree IUse% Mounted on
/dev/sda2      26214400 39365 26175035    1% /
devtmpfs         121991   397   121594    1% /dev
tmpfs            124747     1   124746    1% /dev/shm
tmpfs            124747   716   124031    1% /run
tmpfs            124747    16   124731    1% /sys/fs/cgroup
/dev/sr0              0     0        0     - /mnt
/dev/sda3      10485760   181 10485579    1% /app
/dev/sda1        524288   326   523962    1% /boot
tmpfs            124747     1   124746    1% /run/user/0

执行结果

[[email protected] shell_scripts]# bash  checkdisk.sh
space of the disk will be full
space of inode will be full

脚本解析

注意/dev/sd开头的才是磁盘分区

首先过滤出磁盘分区

[[email protected] bin]# df |grep "/sd"
/dev/sda3       10475520 6837332   3638188  66% /
/dev/sda1         201380  105340     96040  53% /boot

分割符空格替换为%

把所有的空白空格压缩成一个空格,并且替换成百分号。

分割符一定要加双引号

[[email protected] bin]# df |grep "/sd" |tr -s " " "%"
/dev/sda3%10475520%6837332%3638188%66%/
/dev/sda1%201380%105340%96040%53%/boot
[[email protected] bin]# df |grep "/sd" |tr -s " " "%" |cut -d% -f5
66
53
[[email protected] bin]# df |grep "/sd" |tr -s " " "%" |cut -d% -f5 | sort -n
53
66
[[email protected] bin]# df |grep "/sd" |tr -s " " "%" |cut -d% -f5 | sort -n  | tail -1
66

cut -d% -f5 百分号作为分隔符,取第5列

sort -n    :使用『纯数字』进行排序

tail  -1  最后1行

(三)测试文件类型

1是否为普通文件

[[email protected] ~]# [ -f   /etc/issue ]   &&  echo  true   ||  echo  false
true
[[email protected] ~]# [ -f   /etc/ ]   &&  echo  true   ||  echo  false
false
[[email protected] ~]# [ -f   /etc ]   &&  echo  true   ||  echo  false
false

2是否为目录

[[email protected] ~]# [ -d  /etc ]   &&  echo  true   ||  echo  false
true
[[email protected] ~]# [ -d  /etc/ ]   &&  echo  true   ||  echo  false
true
[[email protected] ~]# [ -d  /etc/issue ]   &&  echo  true   ||  echo  false
false
[[email protected] ~]# [ -d  /etc/passwd   ]   &&  echo  true   ||  echo  false
false

3是否为链接文件

-h FILE True if file is a symbolic link.
-L FILE True if file is a symbolic link.

注意有些文件是软连接文件,也是普通文件,因为他指向软连接的文件类型是普通文件。

[[email protected] ~]# ll /etc/system-release
lrwxrwxrwx. 1 root root 14 Jan  9 13:55 /etc/system-release -> centos-release
[[email protected] ~]# [ -L  /etc/system-release ]  &&  echo  true  ||  echo false
true
[[email protected] ~]# [ -f   /etc/system-release ]  &&  echo  true  ||  echo false
true
[[email protected] ~]# ll  /etc/centos-release
-rw-r--r--. 1 root root 38 Apr 29  2018 /etc/centos-release

4是否为套接字文件。

注意套接字文件是为了网络通信用的。

启动数据库

[[email protected] ~]# rpm  -q  mariadb
mariadb-5.5.60-1.el7_5.x86_64
[[email protected] ~]# ss -tnl
State      Recv-Q Send-Q                      Local Address:Port                                     Peer Address:Port
LISTEN     0      128                                     *:22                                                  *:*
LISTEN     0      100                             127.0.0.1:25                                                  *:*
LISTEN     0      128                                    :::22                                                 :::*
LISTEN     0      100                                   ::1:25                                                 :::*
[[email protected] ~]# systemctl   start  mariadb
[[email protected] ~]# ss -tnl
State      Recv-Q Send-Q                      Local Address:Port                                     Peer Address:Port
LISTEN     0      50                                      *:3306                                                *:*
LISTEN     0      128                                     *:22                                                  *:*
LISTEN     0      100                             127.0.0.1:25                                                  *:*
LISTEN     0      128                                    :::22                                                 :::*
LISTEN     0      100                                   ::1:25                                                 :::*    
[[email protected] ~]# ls  /var/lib/mysql/
aria_log.00000001  centos73.huawei.com.err  ibdata1      ib_logfile1  mysql.sock          test
aria_log_control   centos73.huawei.com.pid  ib_logfile0  mysql        performance_schema
[[email protected] ~]# ls  /var/lib/mysql/  -l
total 37860
-rw-rw----. 1 mysql mysql    16384 Apr 27 12:11 aria_log.00000001
-rw-rw----. 1 mysql mysql       52 Apr 27 12:11 aria_log_control
-rw-rw----. 1 mysql mysql     1886 Apr 27 12:11 centos73.huawei.com.err
-rw-rw----. 1 mysql mysql        5 Apr 27 12:11 centos73.huawei.com.pid
-rw-rw----. 1 mysql mysql 18874368 Apr 27 12:11 ibdata1
-rw-rw----. 1 mysql mysql  5242880 Apr 27 12:11 ib_logfile0
-rw-rw----. 1 mysql mysql  5242880 Apr 27 12:11 ib_logfile1
drwx------. 2 mysql mysql     4096 Apr 27 12:11 mysql
srwxrwxrwx. 1 mysql mysql        0 Apr 27 12:11 mysql.sock
drwx------. 2 mysql mysql     4096 Apr 27 12:11 performance_schema
drwx------. 2 mysql mysql        6 Apr 27 12:11 test

只有启动数据库服务才会生成此文件

[[email protected] ~]#  [ -S   /var/lib/mysql/mysql.sock ]  &&  echo  true  ||  echo false
true
[[email protected] ~]# ll   /var/lib/mysql/mysql.sock
srwxrwxrwx. 1 mysql mysql 0 Apr 27 12:11 /var/lib/mysql/mysql.sock

停止数据库服务

[[email protected] ~]# systemctl stop  mariadb
[[email protected] ~]# ss -tnl
State      Recv-Q Send-Q                      Local Address:Port                                     Peer Address:Port
LISTEN     0      128                                     *:22                                                  *:*
LISTEN     0      100                             127.0.0.1:25                                                  *:*
LISTEN     0      128                                    :::22                                                 :::*
LISTEN     0      100                                   ::1:25                                                 :::*
[[email protected] ~]# ls   /var/lib/mysql/mysql.sock
ls: cannot access /var/lib/mysql/mysql.sock: No such file or directory
[[email protected] ~]# ls   /var/lib/mysql/mysql.sock -l
ls: cannot access /var/lib/mysql/mysql.sock: No such file or directory
[[email protected] ~]# [ -S   /var/lib/mysql/mysql.sock ]  &&  echo  true  ||  echo false
false

(四)测试文件属性

1文件是否可读

[[email protected] ~]# ll /etc/fstab
-rw-r--r--. 1 root root 636 Feb  1 00:26 /etc/fstab
[[email protected] ~]# [ -r   /etc/fstab]  &&  echo  true  ||  echo false
-bash: [: missing `]‘
false
[[email protected] ~]# [ -r   /etc/fstab ]  &&  echo  true  ||  echo false
true

2文件是否可写

因为是root用户登录的

[[email protected] ~]# ll /etc/fstab
-rw-r--r--. 1 root root 636 Feb  1 00:26 /etc/fstab
[[email protected] ~]# [ -w   /etc/fstab ]  &&  echo  true  ||  echo false
true

3文件是否可执行

[[email protected] ~]# ll /etc/fstab
-rw-r--r--. 1 root root 636 Feb  1 00:26 /etc/fstab
[[email protected] ~]# [ -x   /etc/fstab ]  &&  echo  true  ||  echo false
false

4文件是否有sgid权限

[[email protected] ~]# touch   a.txt
[[email protected] ~]# ll a.txt
-rw-r--r--. 1 root root 0 Apr 27 11:56 a.txt
[[email protected] ~]#  chmod  g+s  a.txt
[[email protected] ~]# ll a.txt
-rw-r-Sr--. 1 root root 0 Apr 27 11:56 a.txt
[[email protected] ~]# [ -g   a.txt ] && echo true || echo false
true
[[email protected] ~]# touch  b.txt
[[email protected] ~]# ll b.txt
-rw-r--r--. 1 root root 0 Apr 27 11:56 b.txt
[[email protected] ~]# [ -g   b.txt ] && echo true || echo false
false

5-k FILE:是否存在且拥有sticky权限

[[email protected] ~]# ll -d /tmp/
drwxrwxrwt. 8 root root 112 Apr 27 12:16 /tmp/
[[email protected] ~]#  [ -k   /tmp/  ]  &&  echo  true  ||  echo false
true

6-u FILE:是否存在且拥有suid权限

[[email protected] ~]#  ll /usr/bin/passwd
-rwsr-xr-x. 1 root root 27832 Jun 10  2014 /usr/bin/passwd
[[email protected] ~]# [ -u /usr/bin/passwd  ]  &&  echo  true  ||  echo false
true
[[email protected] ~]#  [ -u /etc/passwd   ]  &&  echo  true  ||  echo false
false

注意是以实际权限为标准,而不是表面的权限

在root用户下面,显示无权限不一定真的无权限。

root就像是领导,有权限查看、写入的,但没有权限执行。

[[email protected] ~]# ll /etc/shadow
----------. 1 root root 3418 Apr 26 23:08 /etc/shadow
[[email protected] ~]# [ -u /etc/shadow    ]  &&  echo  true  ||  echo false
false
[[email protected] ~]# [ -r  /etc/shadow    ]  &&  echo  true  ||  echo false
true
[[email protected] ~]# [ -w   /etc/shadow    ]  &&  echo  true  ||  echo false
true
[[email protected] ~]# [ -x   /etc/shadow    ]  &&  echo  true  ||  echo false
false

使用普通用户,文件显示什么权限就是什么权限

[[email protected] ~]# id zhao
uid=1024(zhao) gid=1024(zhao) groups=1024(zhao)
[[email protected] ~]# getent  passwd  zhao
zhao:x:1024:1024::/home/zhao:/bin/bash
[[email protected] ~]# su - zhao
Last login: Sat Apr 27 15:45:44 CST 2019 on pts/0
[[email protected] ~]$ ll /etc/shadow
----------. 1 root root 3418 Apr 27 15:46 /etc/shadow
[[email protected] ~]$ [ -r  /etc/shadow    ]  &&  echo  true  ||  echo false
false
[[email protected] ~]$ [ -w   /etc/shadow    ]  &&  echo  true  ||  echo false
false
[[email protected] ~]$ [ -x   /etc/shadow    ]  &&  echo  true  ||  echo false
false
[[email protected] ~]$ exit
logout

目前普通用户是没有权限查看的

[[email protected] ~]$  cat /etc/shadow
cat: /etc/shadow: Permission denied
[[email protected] ~]$ exit
logout
[[email protected] ~]#   cat /etc/shadow
root:$6$L4X4itWo9U1UhZ7D$1gFlp6MFqlmLtvCAtCt9XSXBvwFemj/Ke7AV01XEexKucltKKzgMxbr7yPiVEUuiyVcpnDE0s5JZ096lSLnv70::0:99999:7:::
bin:*:17632:0:99999:7:::
daemon:*:17632:0:99999:7:::
adm:*:17632:0:99999:7:::
lp:*:17632:0:99999:7:::
sync:*:17632:0:99999:7:::
shutdown:*:17632:0:99999:7:::
halt:*:17632:0:99999:7:::
mail:*:17632:0:99999:7:::
operator:*:17632:0:99999:7:::
games:*:17632:0:99999:7:::
ftp:*:17632:0:99999:7:::
nobody:*:17632:0:99999:7:::
systemd-network:!!:17905::::::
dbus:!!:17905::::::
polkitd:!!:17905::::::
sshd:!!:17905::::::
postfix:!!:17905::::::
dhcpd:!!:17905::::::
apache:!!:17927::::::
user1:$6$HLs6r0rh$XBgmqD/dFgU9W9J769cGPrSPX1xZt4lNKTjxXBJxiC.pY4BkR60DIOVo7vNCavLiutVQB5RaZwbl3fALys5yn0:18012:0:99999:7:::
user2:$6$jzrP/9Ye$f4AaH6gQebHuiUHvdTPuuJ5D7OraGtdNt0nbpDp2rDSpHHMPJOn0iMeU2nHrw/pMLTYxlKH9gREr2Ww9ckOvE.:18012:0:99999:7:::
user3:$6$.kPyYY7u$4I1Z9L.pK7JwUyceGeUsc3S/iechK8/grS3tk7VbCslvoYitG33/.3yf00BG0kKmtelOYg9cmhIZZn506c2cd0:18012:0:99999:7:::
user4:$6$3GsOV1NG$7sJRXhmcGV2fMginz1mIawW8/g1LU0Lv7riLRuaM77jZIhKxXirwZCQI9RZrHUxGGm6hz.M6l1ZcDqBlYScAA/:18012:0:99999:7:::
user5:$6$0Qed820A$cQPxR/0Eel0Sk1Kuq/DCatdGOfQkfgGnoQVxEdjgJElra8dAi/UqDhf9QG0SgX0bZESjacigwb/LOPDBdmXCD.:18012:0:99999:7:::
user6:$6$7K52M3R4$sDGhJHCM.qs0ASWv4F9zdOIRcH3ju1c6aJKIKG8aAm99l/Zn8PlFURurKTJxCGUy3C.tQmMOjbAe121sYQ5CV.:18012:0:99999:7:::
user7:$6$kbgzn9F7$NgyXkzu/mU2f7SZuf/N17o30lBE0OAdyQbvCtPYlVXdjP.iwHtWzRXqFMTzXTl0VX5UMC3RLmJoo3KW.E9JnC1:18012:0:99999:7:::
user8:$6$5oEyWVAd$14tH.xSv/njtRbQQRzlef5H6hrmUCYT9YQYgC3jntAlBkavYhmSDxwJx4WJoWFyIOGU5uwwax7RUplCXHbBbo1:18012:0:99999:7:::
user9:$6$7smw/DCA$Y4cHOXFx4k5tT1yNC9ldwaPZhZhO4TOTPzGN/X6q3.ZeoBI1eszMpGrEFi9X8x7uqIbfCTfTSe/TvuTmT8ftn1:18012:0:99999:7:::
user10:$6$EQOEW5ir$INCc4FovR7DD7ozn/iNCA/GE9aYW8J1BRfsUFOk0ta5/LTJB0nOp5BA.3ZE0ICqjLLl63CjurDAyON1SAyP.30:18012:0:99999:7:::
user11:$6$FnwlyVq2$Zw4o3CRM8HBopYjwS6bPuv1qh4711Qf1FZMK9n6h19.cOWFEfqQ9ooBciLIpffm0W40RSg/B9aB0Od0do3div/:18012:0:99999:7:::
user12:$6$vdNcdCrz$1F7REyBiXVMJX2u7XeIAmEignw0GvSYRGoVsLhJ9ufEz93.oUmBiQigZr2jRq8ngBG3mNMwTl3v3p.U5VTD5p0:18012:0:99999:7:::
user13:$6$9T7DmvNV$3ya3PKhXuvOvtVurLiT13Kv8unGwUFljVzuR5oNNGvpJOPS2VH.xmD.lhAb3J/QVZQy6u8yOdOpIEyYSnHetP1:18012:0:99999:7:::
user14:$6$qhnOz7W.$Wbiqvj9Wkw7YNIwQ2xpsNASbAZ5Ai90d1rx3WcdTRi8tvuiGaulttxlgG96KSyT8yBpXw/pyZci7uA92y0WnP0:17935:0:99999:7:::
user15:$6$QDVVXOnP$zM04k/zPCXK6tE72R80h0keNdPUoFPuL0yNLbsBfXtjWeftRbqhnAZRgYv6vnVk7uzyXWWb.EO/2DiLHrSdQO/:18012:0:99999:7:::
user16:$6$jSai7i1D$3TLTNUDntkwBxSUaE/4UAcONJYSSlrB/RjXsZCPXjYrTakDiuvfw0O8JXwwm/ypRrwQYdVk2dTLhkh2VE8zD40:18012:0:99999:7:::
user17:$6$FyW18HlF$VO1Ejg7nwQ8grc8jjEEtNmxDxGoNOKPya8ITWDZTLFPfyuBZ/V8eeneGPgIHCSJLsEh60Bx52xS1cQQzQ15YV.:18012:0:99999:7:::
user18:$6$.z2/Dohm$8HmdCleOB6zUTXgFVtB8BDoaaJ0TXO0yfkXLa/CJHYT.P9DzFXwKosunrp3h69dg0fvqOr7.jDrzbpY3KzWql/:18012:0:99999:7:::
user19:$6$A9a0tJNT$gMbp7ZqjdTqgOZ90Fe/qSw11cK0k993S2I15xYpzwBIHav/XLMJ7Ka7pakwkv3RmNW.D/6dWhi8w0.CnPxQl2.:18012:0:99999:7:::
user20:$6$52.ELIOk$FobPACG6D2IUKDup9aXpGxEUvEG/PxdHt1XvWkJs/tNpgHWKVkNUQHqpfGN.BxyDbQYnUbp33dgKf.bL5Wk3h/:18012:0:99999:7:::
tss:!!:17936::::::
cracker:$6$H775bLE6$tM5fjJtbAymFJT/adFBKV6PsVnPqrMfwtHBcBd.wbB7QPMbtbGkXVX6VpMKQEs6majhDDvgK/JLRMDUe.B5Pm/:17939:0:99999:7:::
mysql:!!:17939::::::
ntp:!!:17949::::::
zhang:!!:18012:0:99999:7:::
zhao:!!:18012:0:99999:7:::
xixixi:!!:18012:0:99999:7:::
op:!!:18012:0:99999:7:::
wang:!!:18013:0:99999:7:::
[[email protected] ~]# ll /etc/shadow
----------. 1 root root 3418 Apr 27 15:46 /etc/shadow

如果给用户wang读的权限,就有权限读了,使用命令setfacl添加权限

[[email protected] ~]# ll /etc/shadow
----------. 1 root root 3418 Apr 27 15:46 /etc/shadow
[[email protected] ~]# setfacl -m u:zhao:r   /etc/shadow
[[email protected] ~]# ll /etc/shadow
----r-----+ 1 root root 3418 Apr 27 15:46 /etc/shadow
[[email protected] ~]# su - zhao
Last login: Sat Apr 27 15:49:27 CST 2019 on pts/0
[[email protected] ~]$  ll /etc/shadow
----r-----+ 1 root root 3418 Apr 27 15:46 /etc/shadow
[[email protected] ~]$ [ -r   /etc/shadow    ]  &&  echo  true  ||  echo false
true
[[email protected] ~]$ [ -w   /etc/shadow    ]  &&  echo  true  ||  echo false
false
[[email protected] ~]$ [ -x   /etc/shadow    ]  &&  echo  true  ||  echo false
false

如果要清空所有的acl权限,加选项-b

只有管理员才可以清空权限

[[email protected] ~]$ setfacl -b  /etc/shadow
setfacl: /etc/shadow: Operation not permitted
[[email protected] ~]$ exit
logout
[[email protected] ~]# ll /etc/shadow
----r-----+ 1 root root 3418 Apr 27 15:46 /etc/shadow
[[email protected] ~]#  setfacl -b  /etc/shadow
[[email protected] ~]# ll /etc/shadow
----------. 1 root root 3418 Apr 27 15:46 /etc/shadow

文件是否打开:
-t fd: fd 文件描述符是否在某终端已经打开
-N FILE:文件自从上一次被读取之后是否被修改过
-O FILE:当前有效用户是否为文件属主
-G FILE:当前有效用户是否为文件属组

7-t fd: fd 文件描述符是否在某终端已经打开

-t FD True if FD is opened on a terminal.

$$表示当前进程

[[email protected] ~]# ls  /proc/$$/fd
0  1  2  255
[[email protected] ~]# ls  /proc/$$/fd   -l
total 0
lrwx------ 1 root root 64 Dec 15 15:52 0 -> /dev/pts/1
lrwx------ 1 root root 64 Dec 15 15:52 1 -> /dev/pts/1
lrwx------ 1 root root 64 Dec 15 15:52 2 -> /dev/pts/1
lrwx------ 1 root root 64 Dec 15 21:41 255 -> /dev/pts/1

当前进程打开了多少个文件

因为每打开一个文件就要打开一个文件描述符,其实就是统计文件描述符的个数

[[email protected] ~]# ls  /proc/$$/fd
0  1  2  255
[[email protected] ~]# ls  /proc/$$/fd    | wc -l
4
[[email protected] ~]# ls  /proc/$$/fd   -l
total 0
lrwx------ 1 root root 64 Dec 15 15:52 0 -> /dev/pts/1
lrwx------ 1 root root 64 Dec 15 15:52 1 -> /dev/pts/1
lrwx------ 1 root root 64 Dec 15 15:52 2 -> /dev/pts/1
lrwx------ 1 root root 64 Dec 15 21:41 255 -> /dev/pts/1

-t fd: fd 文件描述符是否在某终端已经打开

[[email protected] ~]# ls /proc/$$/fd
0  1  2  255
[[email protected] ~]# [ -t 1 ]  &&  echo  true  ||  echo false
true
[[email protected] ~]# [ -t 2 ]  &&  echo  true  ||  echo false
true
[[email protected] ~]# [ -t 255 ]  &&  echo  true  ||  echo false
true
[[email protected] ~]# [ -t  0 ]  &&  echo  true  ||  echo false
true

2-O FILE:当前有效用户是否为文件属主

-O FILE True if the file is effectively owned by you.

注意当前用户不一定是有效用户。

当一个用户执行SUID程序的时候,普通用户的身份变成了root,root就是当时的有效用户,

执行程序的用户是实际用户,真正生效的用户是有效用户。

如果没有特殊权限,当前用户就是有效用户。

[[email protected] ~]#  whoami
root
[[email protected] ~]#  ll /usr/bin/passwd
-rwsr-xr-x. 1 root root 27832 Jun 10  2014 /usr/bin/passwd

当前用户和有效用户都是root

[[email protected] ~]# [ -O  /etc/issue   ]   &&  echo  true  ||  echo  false
true
[[email protected] ~]# [ -O  /etc/passwd   ]   &&  echo  true  ||  echo  false
true
[[email protected] ~]# [ -O  /usr/bin/passwd   ]   &&  echo  true  ||  echo  false
true

3-G FILE:当前有效用户是否为文件属组

[[email protected] ~]# pwd
/root
[[email protected] ~]# who
root     tty1         2019-01-24 19:47
root     pts/0        2019-04-27 15:43 (192.168.137.1)
[[email protected] ~]# whoami
root
[[email protected] ~]# ll /etc/passwd
-rw-r--r--. 1 root root 1005 Apr 27 17:25 /etc/passwd
[[email protected] ~]# [ -G  /etc/passwd   ]   &&  echo  true  ||  echo  false
true

4-N FILE:文件自从上一次被读取之后是否被修改过,也就是mtime比atime更新

-N FILE True if the file has been modified since it was last read.

[[email protected] ~]# [ -N   /etc/fstab   ]   &&  echo  true  ||  echo  false
false
[[email protected] ~]# vim  /etc/fstab
[[email protected] ~]# [ -N   /etc/fstab   ]   &&  echo  true  ||  echo  false
true
[[email protected] ~]# ll /etc/fstab
-rw-r--r--. 1 root root 636 Apr 27 20:48 /etc/fstab

当新创建一个文件时,文件的最后访问时间、最后内容修改时间、最后状态更新时间是一致的。

[[email protected] ~]# stat /etc/fstab
  File: ‘/etc/fstab’
  Size: 636           Blocks: 8          IO Block: 4096   regular file
Device: 802h/2050d    Inode: 67737177    Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:object_r:etc_t:s0
Access: 2019-04-27 20:48:37.952425112 +0800
Modify: 2019-04-27 20:48:37.952425112 +0800
Change: 2019-04-27 20:48:37.977425111 +0800
 Birth: -

三Bash的逻辑操作符/组合测试条件

第一种方式:
COMMAND1 && COMMAND2 并且
COMMAND1 || COMMAND2 或者
! COMMAND 非
如:[[ -r FILE ]] && [[ -w FILE ]]

注意true和false本身就是命令,而且是内部命令,返回的结果是真,假

[[email protected] ~]#  true
[[email protected] ~]# echo $?
0
[[email protected] ~]# false
[[email protected] ~]# echo $?
1
[[email protected] ~]#  true    &&  echo  true  ||  echo  false
true
[[email protected] ~]#  false    &&  echo  true  ||  echo  false
false
[[email protected] ~]# type true
true is a shell builtin
[[email protected] ~]# type false
false is a shell builtin

使用!取反

[[email protected] ~]#  !   true    &&  echo  true  ||  echo  false
false
[[email protected] ~]# !   false     &&  echo  true  ||  echo  false
true
[[email protected] ~]# a=10;[  $a -eq 10  ]    &&  echo  true  ||  echo  false
true
[[email protected] ~]# a=10;[  !  $a -eq 10  ]    &&  echo  true  ||  echo  false
false

第二种方式:
EXPRESSION1 -a EXPRESSION2 并且
EXPRESSION1 -o EXPRESSION2 或者
! EXPRESSION

文件存在并且有执行权限那么就显示指定文件的内容

[[email protected] ~]# [ -f /bin/cat -a -x /bin/cat ] && cat /etc/fstab

#
# /etc/fstab
# Created by anaconda on Wed Jan  9 13:54:32 2019
#
# Accessible filesystems, by reference, are maintained under ‘/dev/disk‘
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=154fb900-77cf-4d55-975f-b788805fe281 /                       xfs     defaults        0 0
UUID=f0c8487e-df2a-4042-81ca-f9011445c8bd /app                    xfs     defaults        0 0
UUID=e76ffa1a-9169-42d4-adcc-c6bdbfefd663 /boot                   xfs     defaults        0 0
UUID=809c994a-336d-4517-b3c4-7e0dae5ad738 swap                    swap    defaults        0 0
/dev/cdrom  /mnt   iso9660  defaults 0 0
[[email protected] ~]#  ll /bin/cat
-rwxr-xr-x. 1 root root 54080 Apr 11  2018 /bin/cat

在centos6的文件/etc/rc.sysinit

15 if [ -z "$HOSTNAME" -o "$HOSTNAME" = "(none)" ]; then
 16     HOSTNAME=localhost
 17 fi

349         if [ "$HOSTNAME" = "localhost" -o "$HOSTNAME" = "localhost.localdomain" ]; then
350                 ipaddr=$(ip addr show to 0.0.0.0/0 scope global | awk ‘/[[:space:]]inet / { print gensub("/.*","","g",$2) }‘)
351                 for ip in $ipaddr ; do
352                         HOSTNAME=
353                         eval $(ipcalc -h $ip 2>/dev/null)
354                         [ -n "$HOSTNAME" ] && { hostname ${HOSTNAME} ; break; }
355                 done
356         fi

示例

1、编写脚本/bin/per.sh,判断当前用户对指定的参数文件,是否不可读并且不可写

法1:

脚本内容

[[email protected] shell_scripts]# cat  per.sh
#!/bin/bash
#Author=wang
[ $# -lt 1 ] && echo "please  input a parameter" && exit  9#首先要判断是否有参数
[ ! -r $1 ] && [ ! -w $1 ] && echo " no read,and write" || echo  "other permission"

执行结果

[[email protected] shell_scripts]# bash  per.sh
please  input a parameter
[[email protected] shell_scripts]# bash  per.sh  /etc/issue
other permission
[[email protected] shell_scripts]# bash  per.sh  /etc/passwd
other permission

法2

注意括号前加上\用来转义。

上面的方法更容易理解

脚本内容

[[email protected] shell_scripts]# cat  per1.sh
#!/bin/bash
#Author=wang
[ $# -lt 1 ] && echo "please  input a parameter" && exit
[ !  \(   -r  $1   -a  -w   $1 \)   ]    &&   echo " no read,and write" || echo  "other permission"

执行结果

[[email protected] shell_scripts]# bash  per1.sh
please  input a parameter
[[email protected] shell_scripts]# bash  per1.sh   /etc/issue
other permission
[[email protected] shell_scripts]# bash  per1.sh   /etc/passwd
other permission

解析脚本

[[email protected] ~]#  [  \(   -r  /etc/shadow   -a  -w  /etc/shadow \)   ]   &&  echo  true  ||  echo  false
true
[[email protected] ~]# [ -r  /etc/shadow  ]   &&   [   -w  /etc/shadow   ]    &&  echo  true  ||  echo  false
true
[[email protected] ~]#  [ !  -r  /etc/shadow  ]   &&   [  !   -w  /etc/shadow   ]    &&  echo  true  ||  echo  false
false

普通用户是没有读写权限的

[[email protected] ~]# su  -  zhao
Last login: Sat Apr 27 16:51:31 CST 2019 on pts/0
[[email protected] ~]$ ll /etc/shadow
----------. 1 root root 3418 Apr 27 15:46 /etc/shadow
[[email protected] ~]$ [  \(   -r  /etc/shadow   -a  -w  /etc/shadow \)   ]   &&  echo  true  ||  echo  false
false
[[email protected] ~]$ [ -r  /etc/shadow  ]   &&   [   -w  /etc/shadow   ]    &&  echo  true  ||  echo  false
false
[[email protected] ~]$  [ !  -r  /etc/shadow  ]   &&   [  !   -w  /etc/shadow   ]    &&  echo  true  ||  echo  false
true

在此文件对其他用户添加读权限

[[email protected] ~]$ pwd
/home/zhao
[[email protected] ~]$ chmod     a+r   /etc/shadow
chmod: changing permissions of ‘/etc/shadow’: Operation not permitted
[[email protected] ~]$ exit
logout
[[email protected] ~]# ll /etc/shadow
----------. 1 root root 3418 Apr 27 15:46 /etc/shadow
[[email protected] ~]# chmod     a+r   /etc/shadow
[[email protected] ~]# ll /etc/shadow
-r--r--r--. 1 root root 3418 Apr 27 15:46 /etc/shadow
[[email protected] ~]# su  -  zhao
Last login: Sat Apr 27 17:03:21 CST 2019 on pts/0
[[email protected] ~]$  [ !  -r  /etc/shadow  ]   &&   [  !   -w  /etc/shadow   ]    &&  echo  true  ||  echo  false
false
[[email protected] ~]$ [ -r  /etc/shadow  ]   &&   [   -w  /etc/shadow   ]    &&  echo  true  ||  echo  false
false

上面的法2涉及到了德·摩根定律:

(非 A) 或 (非 B) = 非(A 且 B)(非 A) 且 (非 B) = 非(A 或 B)  示例:!A -a !B = !(A -o B)!A -o !B = !(A -a B)

2、编写脚本/root/bin/excute.sh ,判断参数文件是否为sh后缀的普通文件。

如果是,添加所有人可执行权限,否则提示用户非脚本文件。

脚本内容

=~  左侧字符串是否能够被右侧的PATTERN所匹配

[[email protected] shell_scripts]# cat  excute.sh
#!/bin/bash
#Author=wang
[ $# -lt 1 ] && echo "please  input  a  parameter"   &&  exit 1
[ ! -f $1 ] && echo   "file not exist"
[[  "$1" =~ .*.sh$ ]]  && chmod  a+x  $1 ||  echo  "no shellscript file"
[[email protected] shell_scripts]# cat  excute.sh
#!/bin/bash
#Author=wang
[ $# -lt 1 ] && echo "please  input  a  parameter"   &&  exit 1
[ ! -f $1 ] && echo   "file not exist"
#前面两步很容易被忽略,写脚本要考虑周到
[[  "$1" =~ .*.sh$ ]]  && chmod  a+x  $1 ||  echo  "no shellscript file"
#.*表示任意多个字符串,=~  左侧字符串是否能够被右侧的PATTERN所匹配
#此表达式一般用于[[ ]]中;扩展的正则表达式

执行结果

[[email protected] shell_scripts]# ll   excute.sh
-rw-r--r--. 1 root root 192 Apr 27 17:12 excute.sh
[[email protected] shell_scripts]# bash  excute.sh    excute.sh
[[email protected] shell_scripts]# ll   excute.sh
-rwxr-xr-x. 1 root root 192 Apr 27 17:12 excute.sh
[[email protected] shell_scripts]# bash  excute.sh
please  input  a  parameter

3编写脚本/root/bin/nologin.sh和login.sh,实现禁止和允许普通用户登录系统

touch /etc/nologin  创建这个文件实现不能登录系统是基于PAM模块实现的,涉及安全和加密内容

注意先要设置密码,为远程用户登录准备

[[email protected] ~]# echo   centos  |    passwd  --stdin  zhao
Changing password for user zhao.
passwd: all authentication tokens updated successfully.
[[email protected] shell_scripts]# cat /etc/nologin
cat: /etc/nologin: No such file or directory
[[email protected] shell_scripts]# cd
[[email protected] ~]# su  -  zhao
Last login: Sat Apr 27 17:06:14 CST 2019 on pts/0
[[email protected] ~]$ exit
logout
[[email protected] ~]# touch  /etc/nologin
[[email protected] ~]# ll  /etc/nologin
-rw-r--r--. 1 root root 0 Apr 27 17:20 /etc/nologin
[[email protected] ~]# su  -  zhao
Last login: Sat Apr 27 17:20:35 CST 2019 on pts/0
[[email protected] ~]$ exit
logout

在另外一台机器远程无法登录该主机的普通用户

[[email protected] ~]# id  zhao
id: zhao: no such user
[[email protected] ~]# useradd   zhao
[[email protected] ~]# id  zhao
uid=1001(zhao) gid=1001(zhao) groups=1001(zhao)
[[email protected] ~]# ssh  [email protected]192.168.137.73
[email protected]192.168.137.73‘s password:
Authentication failed.
[[email protected] ~]# ssh  [email protected]192.168.137.73
[email protected]192.168.137.73‘s password:
Authentication failed.
[[email protected] ~]# ssh  [email protected]192.168.137.73
[email protected]192.168.137.73‘s password:
Authentication failed.

不过可以登录到对方的root用户

[[email protected] ~]# ssh  192.168.137.73
[email protected]192.168.137.73‘s password:
Last login: Fri Apr 26 11:19:53 2019 from gateway
[[email protected] ~]# hostname
centos73.huawei.com
[[email protected] ~]# exit
logout
Connection to 192.168.137.73 closed.
[[email protected] ~]# hostname
centos77.jd.com
[[email protected] ~]# ssh  [email protected]192.168.137.73
[email protected]192.168.137.73‘s password:
Last login: Sat Apr 27 17:23:42 2019 from 192.168.137.77
[[email protected] ~]# hostname
centos73.huawei.com
[[email protected] ~]# exit
logout
Connection to 192.168.137.73 closed.
[[email protected] ~]# hostname
centos77.jd.com

删除了文件之后就可以连接到远程的普通用户了

[[email protected] ~]# ll  /etc/nologin
-rw-r--r--. 1 root root 0 Apr 27 17:20 /etc/nologin
[[email protected] ~]# cat  /etc/nologin
[[email protected] ~]# rm -rf   /etc/nologin
[[email protected] ~]# cat  /etc/nologin
cat: /etc/nologin: No such file or directory
[[email protected] ~]# su  -  zhao
Last login: Sat Apr 27 17:26:21 CST 2019 on pts/0
[[email protected] ~]$ exit
logout
 
[[email protected] ~]# ssh  [email protected]192.168.137.73
[email protected]192.168.137.73‘s password:
Last failed login: Sat Apr 27 17:30:46 CST 2019 from 192.168.137.77 on ssh:notty
There were 3 failed login attempts since the last successful login.
Last login: Sat Apr 27 17:29:13 2019
[[email protected] ~]$ pwd
/home/zhao
 

禁止普通用户登录系统的脚本

[[email protected] shell_scripts]# cat  nologin.sh
#!/bin/bash
#Author=wang
[ ! -f /etc/nologin ] && touch /etc/nologin#如果此文件不存在那么就创建文件

执行脚本之后会创建文件

[[email protected] shell_scripts]# ls  /etc/nologin
ls: cannot access /etc/nologin: No such file or directory
[[email protected] shell_scripts]# bash  nologin.sh
[[email protected] shell_scripts]# ls  /etc/nologin
/etc/nologin
[[email protected] shell_scripts]# ls  /etc/nologin  -l
-rw-r--r--. 1 root root 0 Apr 27 17:34 /etc/nologin
[[email protected] shell_scripts]# su -  zhao
Last login: Sat Apr 27 17:32:22 CST 2019 from 192.168.137.77 on pts/1
Last failed login: Sat Apr 27 17:35:14 CST 2019 from 192.168.137.77 on ssh:notty
There was 1 failed login attempt since the last successful login.
[[email protected] ~]$ pwd
/home/zhao

执行结果

[[email protected] ~]# ssh  [email protected]192.168.137.73
[email protected]192.168.137.73‘s password:
Authentication failed.
[[email protected] ~]# ssh  [email protected]192.168.137.73
[email protected]192.168.137.73‘s password:
Authentication failed.

允许普通用户登录系统的脚本

[[email protected] shell_scripts]# cat login.sh
#!/bin/bash
#Author=wang
[ -f /etc/nologin ] &&  rm -rf /etc/nologin#如果文件存在就删除文件,相当于解开了枷锁
[[email protected] shell_scripts]# ls  /etc/nologin
/etc/nologin
[[email protected] shell_scripts]# ls  /etc/nologin  -l
-rw-r--r--. 1 root root 0 Apr 27 17:34 /etc/nologin
[[email protected] shell_scripts]# bash  login.sh
[[email protected] shell_scripts]# ls  /etc/nologin  -l
ls: cannot access /etc/nologin: No such file or directory
[[email protected] shell_scripts]# su  -  zhao
Last login: Sat Apr 27 17:35:22 CST 2019 on pts/0
Last failed login: Sat Apr 27 17:35:51 CST 2019 from 192.168.137.77 on ssh:notty
There was 1 failed login attempt since the last successful login.
[[email protected] ~]$ exit 

因为对方把之前的/etc/nologin文件删除就可以登录了

[[email protected] ~]# ssh  [email protected]192.168.137.73
[email protected]192.168.137.73‘s password:
Last login: Sat Apr 27 17:38:35 2019
[[email protected] ~]$ pwd
/home/zhao
[[email protected] ~]$ exit
logout
Connection to 192.168.137.73 closed.
[[email protected] ~]# ssh  [email protected]192.168.137.73
[email protected]192.168.137.73‘s password:
Last login: Sat Apr 27 17:39:23 2019 from 192.168.137.77
[[email protected] ~]$ exit
logout
Connection to 192.168.137.73 closed.
[[email protected] ~]# id zhao
uid=1001(zhao) gid=1001(zhao) groups=1001(zhao)
[[email protected] ~]# getent  passwd  zhao
zhao:x:1001:1001::/home/zhao:/bin/bash

原文地址:https://www.cnblogs.com/wang618/p/11041162.html

时间: 2024-10-14 19:07:31

shell脚本编程测试类型下的相关文章

shell脚本编程测试类型上

一bash的条件测试 判断某需求是否满足,需要由测试机制来实现.专用的测试表达式需要由测试命令辅助完成测试过程. 评估布尔声明,以便用在条件性执行中.若真,则返回0:若假,则返回1. 测试命令:• test EXPRESSION• [ EXPRESSION ]• [[ EXPRESSION ]]和上面两个不同的在于支持正则表达式注意:EXPRESSION前后必须有空白字符 (一)使用test命令 [[email protected] ~]# type test test is a shell b

shell脚本编程《linux下kvm虚拟机的创建、开启、显示、停止、重置》

Shell脚本编程--案例一 编程要求: 1.创建vm-ctl脚本,在/bin/下 2.实现功能:创建虚拟机.创建虚拟机快照.开启虚拟机.显示虚拟机.停止虚拟机.重置虚拟机. 脚本实现预期结果: sh vm-ctl create|nodecreate|start|view|stop|reset vmname 实现脚本如下: #!/bin/bash case "$1" in create)            ##创建虚拟机 echo create vm $2 ... virt-ins

Linux下的shell脚本编程-变量-算术表达式-判断语句-if分支语句

Linux下的shell脚本编程-变量-算术表达式-判断语句-if分支语句 一:实验环境 1):虚拟机 2):linux系统 二:实验目标 1): shell 基本语法 2):变量 3):表达式 4):判断语句 5): if表达式 三:实验脚本 第一块 一个简单的shell脚本程序 [[email protected] ~]# mkdir test [[email protected] test]# vim example1.sh #!/bin/bash #This is to show wha

Shell脚本编程概述(一):算数运算和条件测试

一.shell脚本语言 1.编程语言的分类: (1)根据运行方式 编译运行:源代码 --> 编译器 (编译)--> 程序文件: 解释运行:源代码 --> 运行时启动解释器,由解释器边解释边运行: (2)根据其编程过程中功能的实现是调用库还是调用外部的程序文件: shell脚本编程:利用系统上的命令及编程组件进行编程: 完整编程:利用库或编程组件进行编程: (3)编程模型: 过程式编程语言:以指令为中心来组织代码,数据是服务于代码: 顺序执行.选择执行.循环执行:代表:C,bash 面向对

Shell脚本编程知识点总结及范例

 一:关于语言 1)编译性语言 编译型语言多半运作于底层,所处理的是字节.整数.浮点数或其它及其机器层经的对象.处理过程为:源程序--预处理--编译--汇编--链接,编译性语言为静态语言. 2)解释性语言 解释性语言读入程序代码并将其转化为内部的形式加以执行.处理过程:解释性(文本文件)-解释器去读取并执行.解释性语言为动态语言. 二:基础 变量类型 linux脚本中的变量不需要事先声明,而是直接定义使用(这点不同于其他高级编程语言中变量的使用)bash变量类型分为本地变量和环境变量. 本地变量

shell脚本编程之基础篇(二)

shell脚本编程之基础篇(二) ============================================================================== 概述: ============================================================================== 退出状态 ★进程使用退出状态来报告成功或失败 ◆0 代表成功,1-255代表失败 ◆$? 变量保存最近的命令退出状态 (查看:echo $?)

Linux 的shell脚本编程

shell脚本编程 程序:指令+数据 程序编辑风格:             过程式:以指令为中心,数据服务于指令             对象式:以数据为中心,指令服务于数据 shell程序:提供了编程能力,解释执行 计算机:运行二进制指令 编程语言: 低级:汇编语言 高级:编译:高级语言-->编译器-->目标代码 java,c#,c,c++ 解释:高级语言-->解释器-->机器代码 shell,per,python 编程逻辑处理方式:           顺序执行      

shell脚本编程进阶练习题

这两天学习了shell脚本编程进阶,作为一枚文科生,小编觉得...恩..脚本很烧脑.....,不过小编还是做了些题,稍作总结后,呈给各位看官,内容如下: 一.条件选择if语句 选择执行: 注意:if语句可嵌套 单分支 if 判断条件;then 条件为真的分支代码 fi 双分支 if 判断条件; then 条件为真的分支代码 else 条件为假的分支代码 fi 多分支 if 判断条件1; then 条件为真的分支代码 elif 判断条件2; then 条件为真的分支代码 elif 判断条件3; t

Shell脚本编程基础

什么是Shell 操作系统最外层的程序,shell通过提示符让用户输入,向操作系统解释该输入,然后处理来自操作系统的任何结果输出来,管理用户与操作系统之间的交互. Shell是一个用户跟操作系统之间的一个命令解释器.Shell是用户与Linux操作系统之间沟通的桥梁.用户可以输入命令执行,又可以利用 Shell脚本编程去运行. 为什么要用到shell shell是一个交互式程序,当用户输入一条命令,shell就解释一条,一次只处理一条命令.如果我们一些复杂操作,逐个敲命令工作量就会增大,因此,我