一bash的数值测试
-v VAR
变量VAR是否设置
数值测试:
-gt 是否大于greater
-ge 是否大于等于
-eq 是否等于
-ne 是否不等于 not equal
-lt 是否小于
-le 是否小于等于
-eq是否等于表示变量值是数字,=表示变量值是字符串
[[email protected] ~]# num=10; [[ "$num" -eq 10 ]] && echo true || echo false true [[email protected] ~]# num=50; [[ "$num" -eq 10 ]] && echo true || echo false false [[email protected] ~]# num=50; [[ "$num" = 10 ]] && echo true || echo false false [[email protected] ~]# num=50; [[ "$num" = 50 ]] && echo true || echo false true
[[email protected] ~]# num=abcd; [ "$num" = 50 ] && echo true || echo false false [[email protected] ~]# num=abcd; [ "$num" -eq 50 ] && echo true || echo false -bash: [: abcd: integer expression expected #语法错误,要求整数表达式 false [[email protected] ~]# num=50; [ "$num" = 50 ] && echo true || echo false true [[email protected] ~]# num=20; [ "$num" -ne 50 ] && echo true || echo false true [[email protected] ~]# num=20; [ "$num" -le 50 ] && echo true || echo false true [[email protected] ~]# num=20; [ "$num" -ge 50 ] && echo true || echo false false [[email protected] ~]# num=20; [ "$num" -gt 50 ] && echo true || echo false false
示例:判断变量的参数是否存在
完整脚本:
[[email protected] shell_scripts]# cat createuser1.sh #!/bin/bash #Author=wang [ $# -ne 1 ] && echo -e "the arg must one\nUsage:createuser1.sh usename" && exit 20 #如果参数的个数不为1,那么就显示必须要有一个参数,并且退出。#\n表示空一行,-e表示启用反斜线转义,对\进行转义 id $1 &> /dev/null && echo " $1 is exist " && exit 8 #因为不是正常结束的命令,所以退出的状态码为非0 useradd $1 && echo "$1 is created" #因为是最后一个命令了,不写退出状态也表示退出了。
执行结果:
[[email protected] bin]# chmod +x createuser1.sh [[email protected] bin]# ll createuser1.sh -rwxr-xr-x 1 root root 342 Dec 15 17:52 createuser1.sh [[email protected] bin]# createuser1.sh /root/bin/createuser1.sh: line 2: [: ne: binary operator expected is exist [[email protected] bin]# vim createuser1.sh [[email protected] bin]# createuser1.sh the arg must one Usage:createuser1.sh usename [[email protected] bin]# createuser1.sh wang wang is exist [[email protected] bin]# createuser1.sh tom tom is exist [[email protected] bin]# createuser1.sh abcd abcd is created [[email protected] bin]# id abcd uid=2001(abcd) gid=2001(abcd) groups=2001(abcd)
脚本解析:
echo -e
-e enable interpretation of backslash escapes 启用反斜杠转义的解释
判断变量是否已经设置了
查看test的帮助文档
[[email protected] ~]# help test | grep VAR -v VAR True if the shell variable VAR is set
注意这里的VAR是不需要加$的
在字符串前面加$就是用来调用这个变量,相当于变量引用。
[[email protected] bin]# var="";[ -v var ] && echo true || echo false #定义了空值 true [[email protected] bin]# var=" ";[ -v var ] && echo true || echo false #有内容,是空格 true [[email protected] bin]# var=123;[ -v var ] && echo true || echo false #定义了数字 true [[email protected] bin]# var=abcd;[ -v var ] && echo true || echo false true [[email protected] bin]# var="abc";[ -v var ] && echo true || echo false #定义了字符串 true [[email protected] bin]# unset var;[ -v var ] && echo true || echo false false
判断变量是否定义了?
[[email protected] shell_scripts]# cat createuser2.sh #!/bin/bash #Author=wang [ -v $1 ] || ( echo -e "the arg must one\nUsage:$0.sh usename" && exit 20; ) #\n表示空一行,-e表示启用反斜杠转义的解释,因为后面要空行。 #如果为假才执行后面括号里面的命令,但是小括号会报错,小括号开了一个子进程,exit 20退出的是子进程,但是没有退出整个脚本。 #系统里面本身就有$1,只不过默认是没有赋值,不能判断$1是否存在。? id $1 &> /dev/null && echo " $1 is exist " && exit 8 #因为不是正常结束的命令,所以退出的状态码为非0 useradd $1 && echo "$1 is created" #因为是最后一个命令了,不写退出状态也表示退出了。
执行结果报错,说明上面的脚本有问题,还要对其修改
[[email protected] shell_scripts]# bash createuser2.sh is exist [[email protected] shell_scripts]# bash createuser2.sh wang the arg must one Usage:createuser1.sh usename wang is exist [[email protected] shell_scripts]# id wang uid=1022(wang) gid=1022(wang) groups=1022(wang) [[email protected] shell_scripts]# id xixixi id: xixixi: no such user [[email protected] shell_scripts]# bash createuser2.sh xixixi the arg must one Usage:createuser1.sh usename xixixi is created [[email protected] shell_scripts]# id xixixi uid=1025(xixixi) gid=1025(xixixi) groups=1025(xixixi)
判断变量$1的值是否有内容
使用-n,如果字符串为非空就为真,为空返回的就是假,假就执行后续的命令。
[[email protected] shell_scripts]# cat createuser3.sh #!/bin/bash #Author=wang [ -n "$1" ] || { echo -e "the arg must one\nUsage:$0.sh usename" && exit 20; } #\n表示空一行,-e表示启用反斜杠转义的解释,因为后面要空行。#[-n]表示后面接的字符串不为空。 #-n STRING the length of STRING is nonzero id $1 &> /dev/null && echo "$1 is exist"
在系统脚本里面使用了很多的函数,用大括号来表示
[[email protected] bin]# cat /etc/init.d/functions systemctl_redirect () { local s local prog=${1##*/} local command=$2 local options="" case "$command" in start) s=$"Starting $prog (via systemctl): " ;; stop) s=$"Stopping $prog (via systemctl): " ;; reload|try-reload) s=$"Reloading $prog configuration (via systemctl): " ;; restart|try-restart|condrestart) s=$"Restarting $prog (via systemctl): " ;; esac if [ -n "$SYSTEMCTL_IGNORE_DEPENDENCIES" ] ; then options="--ignore-dependencies" fi if ! systemctl show "$prog.service" > /dev/null 2>&1 || systemctl show -p LoadState "$prog.service" | grep -q ‘not-found‘ ; then action $"Reloading systemd: " /bin/systemctl daemon-reload fi action "$s" /bin/systemctl $options $command "$prog.service" }
执行结果
[[email protected] shell_scripts]# bash createuser3.sh the arg must one Usage:createuser3.sh.sh usename [[email protected] shell_scripts]# bash createuser3.sh wang wang is exist [[email protected] shell_scripts]# bash createuser3.sh zhang zhang is exist [[email protected] shell_scripts]# bash createuser3.sh zhao zhao is exist [[email protected] shell_scripts]# bash createuser3.sh hahaha [[email protected] shell_scripts]# id hahaha id: hahaha: no such user [[email protected] shell_scripts]# id wuwuwu id: wuwuwu: no such user [[email protected] shell_scripts]# bash createuser3.sh wuwuwu [[email protected] shell_scripts]# id wuwuwu id: wuwuwu: no such user
二Bash的文件测试
如果在编程时需要处理一个对象,应先对对象进行测试。
只有在确定它符合要求时,才应进行操作处理,这样做的好处就是避免程序出错及无谓的系统资源消耗。
这个需要测试的对象可以是文件、字符串、数字等。
Bash的文件测试也就是判断各种文件是否存在.
(一)常用文件测试操作符
下面的操作符号对于[[ ]]、[ ]、test的测试表达式几乎是通用的,更多的操作符可以man test获得帮助。
-a文件,表示文件存在则为真,即测试表达式成立。
-b文件, b的全拼为block表示文件存在且为块设备则为真,即测试表达式成立。
-c文件, c的全拼为character表示文件存在且为字符设备则为真,即测试表达式成立。
-d文件, d的全拼为directory表示文件存在且为目录则为真,即测试表达式成立。
注意目录也是文件,是一种特殊的文件。
-e文件, e的全拼为exist表示文件存在则为真,即测试表达式成立。
-f文件,f的全拼为file表示文件存在且为普通文件则为真,即测试表达式成立。
注意区别于"-f",-e不辨别是目录还是文件。
-L文件, L的全拼为link表示文件存在且为链接文件则为真,即测试表达式成立
-p 文件:p的全拼为pipe表示文件存在且为命名管道文件则为真,即测试表达式成立。
-r文件, r的全拼为read表示文件存在且可读则为真,即测试表达式成立
-s文件, s的全拼为size表示文件存在且文件大小不为0则为真,即测试表达式成立
-S文件, S的全拼为socket表示文件存在且为套接字文件则为真,即测试表达式成立
-w文件, w的全拼为write表示文件存在且可写则为真,即测试表达式成立
-x文件, x的全拼为executable表示文件存在且可执行则为真,即测试表达式成立
f1-nt f2, nt的全拼为newer than表示文件f1比文件2旧则为真,即测试表达式成立。根据文件的修改时间来计算
fl-ot f2, ot的全拼为older than表示文件f1比文件12新则为真,即测试表达式成立。根据文件的修改时间来计算
查看test的帮助文档
[[email protected] shell_scripts]# help test test: test [expr] Evaluate conditional expression. Exits with a status of 0 (true) or 1 (false) depending on the evaluation of EXPR. Expressions may be unary or binary. Unary expressions are often used to examine the status of a file. There are string operators and numeric comparison operators as well. The behavior of test depends on the number of arguments. Read the bash manual page for the complete specification. File operators: -a FILE True if file exists. -b FILE True if file is block special. -c FILE True if file is character special. -d FILE True if file is a directory. -e FILE True if file exists. -f FILE True if file exists and is a regular file. -g FILE True if file is set-group-id. -h FILE True if file is a symbolic link. -L FILE True if file is a symbolic link. -k FILE True if file has its `sticky‘ bit set. -p FILE True if file is a named pipe. -r FILE True if file is readable by you. -s FILE True if file exists and is not empty. -S FILE True if file is a socket. -t FD True if FD is opened on a terminal. -u FILE True if the file is set-user-id. -w FILE True if the file is writable by you. -x FILE True if the file is executable by you. -O FILE True if the file is effectively owned by you. -G FILE True if the file is effectively owned by your group. -N FILE True if the file has been modified since it was last read. FILE1 -nt FILE2 True if file1 is newer than file2 (according to modification date). FILE1 -ot FILE2 True if file1 is older than file2. FILE1 -ef FILE2 True if file1 is a hard link to file2. String operators: -z STRING True if string is empty. -n STRING STRING True if string is not empty. STRING1 = STRING2 True if the strings are equal. STRING1 != STRING2 True if the strings are not equal. STRING1 < STRING2 True if STRING1 sorts before STRING2 lexicographically. STRING1 > STRING2 True if STRING1 sorts after STRING2 lexicographically. Other operators: -o OPTION True if the shell option OPTION is enabled. -v VAR True if the shell variable VAR is set ! EXPR True if expr is false. EXPR1 -a EXPR2 True if both expr1 AND expr2 are true. EXPR1 -o EXPR2 True if either expr1 OR expr2 is true. arg1 OP arg2 Arithmetic tests. OP is one of -eq, -ne, -lt, -le, -gt, or -ge. Arithmetic binary operators return true if ARG1 is equal, not-equal, less-than, less-than-or-equal, greater-than, or greater-than-or-equal than ARG2. Exit Status: Returns success if EXPR evaluates to true; fails if EXPR evaluates to false or an invalid argument is given.
(二)测试文件存在性
注意中括号里面的内容要和中括号左右空一格
[[email protected] ~]# [ -a /etc/] && echo true -bash: [: missing `]‘ [[email protected] ~]# [ -a /etc/ ] && echo true true [[email protected] ~]# [ -a /etc ] && echo true true
-e和-a都是判断文件是否存在
[[email protected] ~]# [ -e /etc/] && echo true -bash: [: missing `]‘ [[email protected] ~]# [ -e /etc] && echo true -bash: [: missing `]‘ [[email protected] ~]# [ -e /etc ] && echo true true [[email protected] ~]# [ -e /etc/ ] && echo true true
示例
1、编写脚本/root/bin/argsnum.sh,接受一个文件路径作为参数。
如果参数个数小于1,则提示用户“至少应该给一个参数”,并立即退出。
如果参数个数不小于1,则显示第一个参数所指向的文件中的空白行数。
涉及到正则表达式
法1:
完整脚本
[[email protected] shell_scripts]# cat argsnum.sh #!/bin/bash #Author=wang [ $# -lt 1 ] && echo "must one parameter" && exit 1 [ ! -f $1 ] && echo " file not exist" && exit 2 #[ -f $1 ] 表示判断文件存在,!表示取反,也就是文件不存在 echo `cat $1 |grep "^[[:space:]]*$" |wc -l`
执行结果
[[email protected] shell_scripts]# bash argsnum.sh must one parameter [[email protected] shell_scripts]# bash argsnum.sh /etc/issue 1 [[email protected] shell_scripts]# bash argsnum.sh /etc/passwd 0 [[email protected] shell_scripts]# bash argsnum.sh /etc/services 17 [[email protected] shell_scripts]# bash argsnum.sh xxxxxx file not exist
法2:
完整脚本
[[email protected] shell_scripts]# cat argsnum1.sh #!/bin/bash #Author=wang [ $# -lt 1 ] && echo "You shound give a parameter at least!" && exit 10 [ -e $1 ] && echo "The blankLine is `grep ‘^[[:space:]]*$‘ $1 | wc -l`" || echo "No such file or directory!" #注意要使用反引号调用命令执行的结果。#如果文件存在那么就打印文件的空白行,否则就显示文件不存在。
注意一定要加上*?
[[email protected] shell_scripts]# grep ‘^[[:space:]]*$‘ /etc/issue | wc -l 1 [[email protected] shell_scripts]# grep ‘^[[:space:]]$‘ /etc/issue | wc -l 0
执行结果
[[email protected] shell_scripts]# bash argsnum1.sh You shound give a parameter at least! [[email protected] shell_scripts]# bash argsnum1.sh /etc/issue The blankLine is 1 [[email protected] shell_scripts]# bash argsnum1.sh /etc/passwd The blankLine is 0 [[email protected] shell_scripts]# bash argsnum1.sh /etc/services The blankLine is 17 [[email protected] shell_scripts]# bash argsnum1.sh xxxxxx No such file or directory!
3、编写脚本/root/bin/checkdisk.sh,检查磁盘分区空间和inode使用率,如果超过10%,就发广播警告空间将满
完整脚本
[[email protected] shell_scripts]# cat checkdisk.sh #!/bin/bash #Author=wang Check_D=`df |grep "/sd" |tr -s " " "%" |cut -d% -f5 |sort -n |tail -1` [ $Check_D -gt 10 ] && echo space of the disk will be full inode=`df -i |grep "/sd" |tr -s " " "%" |cut -d% -f5 |sort -n |tail -1` [ $inode -ge 1 ] && echo space of inode will be full
查看磁盘分区空间
[[email protected] shell_scripts]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda2 52403200 1509828 50893372 3% / devtmpfs 487964 0 487964 0% /dev tmpfs 498988 0 498988 0% /dev/shm tmpfs 498988 7776 491212 2% /run tmpfs 498988 0 498988 0% /sys/fs/cgroup /dev/sr0 4364408 4364408 0 100% /mnt /dev/sda3 20961280 87448 20873832 1% /app /dev/sda1 1038336 126596 911740 13% /boot tmpfs 99800 0 99800 0% /run/user/0
查看inode的使用率
[[email protected] shell_scripts]# df -i Filesystem Inodes IUsed IFree IUse% Mounted on /dev/sda2 26214400 39365 26175035 1% / devtmpfs 121991 397 121594 1% /dev tmpfs 124747 1 124746 1% /dev/shm tmpfs 124747 716 124031 1% /run tmpfs 124747 16 124731 1% /sys/fs/cgroup /dev/sr0 0 0 0 - /mnt /dev/sda3 10485760 181 10485579 1% /app /dev/sda1 524288 326 523962 1% /boot tmpfs 124747 1 124746 1% /run/user/0
执行结果
[[email protected] shell_scripts]# bash checkdisk.sh space of the disk will be full space of inode will be full
脚本解析
注意/dev/sd开头的才是磁盘分区
首先过滤出磁盘分区
[[email protected] bin]# df |grep "/sd" /dev/sda3 10475520 6837332 3638188 66% / /dev/sda1 201380 105340 96040 53% /boot
分割符空格替换为%
把所有的空白空格压缩成一个空格,并且替换成百分号。
分割符一定要加双引号
[[email protected] bin]# df |grep "/sd" |tr -s " " "%" /dev/sda3%10475520%6837332%3638188%66%/ /dev/sda1%201380%105340%96040%53%/boot
[[email protected] bin]# df |grep "/sd" |tr -s " " "%" |cut -d% -f5 66 53 [[email protected] bin]# df |grep "/sd" |tr -s " " "%" |cut -d% -f5 | sort -n 53 66 [[email protected] bin]# df |grep "/sd" |tr -s " " "%" |cut -d% -f5 | sort -n | tail -1 66 cut -d% -f5 百分号作为分隔符,取第5列 sort -n :使用『纯数字』进行排序 tail -1 最后1行
(三)测试文件类型
1是否为普通文件
[[email protected] ~]# [ -f /etc/issue ] && echo true || echo false true [[email protected] ~]# [ -f /etc/ ] && echo true || echo false false [[email protected] ~]# [ -f /etc ] && echo true || echo false false
2是否为目录
[[email protected] ~]# [ -d /etc ] && echo true || echo false true [[email protected] ~]# [ -d /etc/ ] && echo true || echo false true [[email protected] ~]# [ -d /etc/issue ] && echo true || echo false false [[email protected] ~]# [ -d /etc/passwd ] && echo true || echo false false
3是否为链接文件
-h FILE True if file is a symbolic link.
-L FILE True if file is a symbolic link.
注意有些文件是软连接文件,也是普通文件,因为他指向软连接的文件类型是普通文件。
[[email protected] ~]# ll /etc/system-release lrwxrwxrwx. 1 root root 14 Jan 9 13:55 /etc/system-release -> centos-release [[email protected] ~]# [ -L /etc/system-release ] && echo true || echo false true [[email protected] ~]# [ -f /etc/system-release ] && echo true || echo false true [[email protected] ~]# ll /etc/centos-release -rw-r--r--. 1 root root 38 Apr 29 2018 /etc/centos-release
4是否为套接字文件。
注意套接字文件是为了网络通信用的。
启动数据库
[[email protected] ~]# rpm -q mariadb mariadb-5.5.60-1.el7_5.x86_64 [[email protected] ~]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [[email protected] ~]# systemctl start mariadb [[email protected] ~]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 50 *:3306 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::*
[[email protected] ~]# ls /var/lib/mysql/ aria_log.00000001 centos73.huawei.com.err ibdata1 ib_logfile1 mysql.sock test aria_log_control centos73.huawei.com.pid ib_logfile0 mysql performance_schema [[email protected] ~]# ls /var/lib/mysql/ -l total 37860 -rw-rw----. 1 mysql mysql 16384 Apr 27 12:11 aria_log.00000001 -rw-rw----. 1 mysql mysql 52 Apr 27 12:11 aria_log_control -rw-rw----. 1 mysql mysql 1886 Apr 27 12:11 centos73.huawei.com.err -rw-rw----. 1 mysql mysql 5 Apr 27 12:11 centos73.huawei.com.pid -rw-rw----. 1 mysql mysql 18874368 Apr 27 12:11 ibdata1 -rw-rw----. 1 mysql mysql 5242880 Apr 27 12:11 ib_logfile0 -rw-rw----. 1 mysql mysql 5242880 Apr 27 12:11 ib_logfile1 drwx------. 2 mysql mysql 4096 Apr 27 12:11 mysql srwxrwxrwx. 1 mysql mysql 0 Apr 27 12:11 mysql.sock drwx------. 2 mysql mysql 4096 Apr 27 12:11 performance_schema drwx------. 2 mysql mysql 6 Apr 27 12:11 test
只有启动数据库服务才会生成此文件
[[email protected] ~]# [ -S /var/lib/mysql/mysql.sock ] && echo true || echo false true [[email protected] ~]# ll /var/lib/mysql/mysql.sock srwxrwxrwx. 1 mysql mysql 0 Apr 27 12:11 /var/lib/mysql/mysql.sock
停止数据库服务
[[email protected] ~]# systemctl stop mariadb [[email protected] ~]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [[email protected] ~]# ls /var/lib/mysql/mysql.sock ls: cannot access /var/lib/mysql/mysql.sock: No such file or directory [[email protected] ~]# ls /var/lib/mysql/mysql.sock -l ls: cannot access /var/lib/mysql/mysql.sock: No such file or directory [[email protected] ~]# [ -S /var/lib/mysql/mysql.sock ] && echo true || echo false false
(四)测试文件属性
1文件是否可读
[[email protected] ~]# ll /etc/fstab -rw-r--r--. 1 root root 636 Feb 1 00:26 /etc/fstab [[email protected] ~]# [ -r /etc/fstab] && echo true || echo false -bash: [: missing `]‘ false [[email protected] ~]# [ -r /etc/fstab ] && echo true || echo false true
2文件是否可写
因为是root用户登录的
[[email protected] ~]# ll /etc/fstab -rw-r--r--. 1 root root 636 Feb 1 00:26 /etc/fstab [[email protected] ~]# [ -w /etc/fstab ] && echo true || echo false true
3文件是否可执行
[[email protected] ~]# ll /etc/fstab -rw-r--r--. 1 root root 636 Feb 1 00:26 /etc/fstab [[email protected] ~]# [ -x /etc/fstab ] && echo true || echo false false
4文件是否有sgid权限
[[email protected] ~]# touch a.txt [[email protected] ~]# ll a.txt -rw-r--r--. 1 root root 0 Apr 27 11:56 a.txt [[email protected] ~]# chmod g+s a.txt [[email protected] ~]# ll a.txt -rw-r-Sr--. 1 root root 0 Apr 27 11:56 a.txt [[email protected] ~]# [ -g a.txt ] && echo true || echo false true [[email protected] ~]# touch b.txt [[email protected] ~]# ll b.txt -rw-r--r--. 1 root root 0 Apr 27 11:56 b.txt [[email protected] ~]# [ -g b.txt ] && echo true || echo false false
5-k FILE:是否存在且拥有sticky权限
[[email protected] ~]# ll -d /tmp/ drwxrwxrwt. 8 root root 112 Apr 27 12:16 /tmp/ [[email protected] ~]# [ -k /tmp/ ] && echo true || echo false true
6-u FILE:是否存在且拥有suid权限
[[email protected] ~]# ll /usr/bin/passwd -rwsr-xr-x. 1 root root 27832 Jun 10 2014 /usr/bin/passwd [[email protected] ~]# [ -u /usr/bin/passwd ] && echo true || echo false true [[email protected] ~]# [ -u /etc/passwd ] && echo true || echo false false
注意是以实际权限为标准,而不是表面的权限
在root用户下面,显示无权限不一定真的无权限。
root就像是领导,有权限查看、写入的,但没有权限执行。
[[email protected] ~]# ll /etc/shadow ----------. 1 root root 3418 Apr 26 23:08 /etc/shadow [[email protected] ~]# [ -u /etc/shadow ] && echo true || echo false false [[email protected] ~]# [ -r /etc/shadow ] && echo true || echo false true [[email protected] ~]# [ -w /etc/shadow ] && echo true || echo false true [[email protected] ~]# [ -x /etc/shadow ] && echo true || echo false false
使用普通用户,文件显示什么权限就是什么权限
[[email protected] ~]# id zhao uid=1024(zhao) gid=1024(zhao) groups=1024(zhao) [[email protected] ~]# getent passwd zhao zhao:x:1024:1024::/home/zhao:/bin/bash [[email protected] ~]# su - zhao Last login: Sat Apr 27 15:45:44 CST 2019 on pts/0
[[email protected] ~]$ ll /etc/shadow ----------. 1 root root 3418 Apr 27 15:46 /etc/shadow [[email protected] ~]$ [ -r /etc/shadow ] && echo true || echo false false [[email protected] ~]$ [ -w /etc/shadow ] && echo true || echo false false [[email protected] ~]$ [ -x /etc/shadow ] && echo true || echo false false [[email protected] ~]$ exit logout
目前普通用户是没有权限查看的
[[email protected] ~]$ cat /etc/shadow cat: /etc/shadow: Permission denied [[email protected] ~]$ exit logout [[email protected] ~]# cat /etc/shadow root:$6$L4X4itWo9U1UhZ7D$1gFlp6MFqlmLtvCAtCt9XSXBvwFemj/Ke7AV01XEexKucltKKzgMxbr7yPiVEUuiyVcpnDE0s5JZ096lSLnv70::0:99999:7::: bin:*:17632:0:99999:7::: daemon:*:17632:0:99999:7::: adm:*:17632:0:99999:7::: lp:*:17632:0:99999:7::: sync:*:17632:0:99999:7::: shutdown:*:17632:0:99999:7::: halt:*:17632:0:99999:7::: mail:*:17632:0:99999:7::: operator:*:17632:0:99999:7::: games:*:17632:0:99999:7::: ftp:*:17632:0:99999:7::: nobody:*:17632:0:99999:7::: systemd-network:!!:17905:::::: dbus:!!:17905:::::: polkitd:!!:17905:::::: sshd:!!:17905:::::: postfix:!!:17905:::::: dhcpd:!!:17905:::::: apache:!!:17927:::::: user1:$6$HLs6r0rh$XBgmqD/dFgU9W9J769cGPrSPX1xZt4lNKTjxXBJxiC.pY4BkR60DIOVo7vNCavLiutVQB5RaZwbl3fALys5yn0:18012:0:99999:7::: user2:$6$jzrP/9Ye$f4AaH6gQebHuiUHvdTPuuJ5D7OraGtdNt0nbpDp2rDSpHHMPJOn0iMeU2nHrw/pMLTYxlKH9gREr2Ww9ckOvE.:18012:0:99999:7::: user3:$6$.kPyYY7u$4I1Z9L.pK7JwUyceGeUsc3S/iechK8/grS3tk7VbCslvoYitG33/.3yf00BG0kKmtelOYg9cmhIZZn506c2cd0:18012:0:99999:7::: user4:$6$3GsOV1NG$7sJRXhmcGV2fMginz1mIawW8/g1LU0Lv7riLRuaM77jZIhKxXirwZCQI9RZrHUxGGm6hz.M6l1ZcDqBlYScAA/:18012:0:99999:7::: user5:$6$0Qed820A$cQPxR/0Eel0Sk1Kuq/DCatdGOfQkfgGnoQVxEdjgJElra8dAi/UqDhf9QG0SgX0bZESjacigwb/LOPDBdmXCD.:18012:0:99999:7::: user6:$6$7K52M3R4$sDGhJHCM.qs0ASWv4F9zdOIRcH3ju1c6aJKIKG8aAm99l/Zn8PlFURurKTJxCGUy3C.tQmMOjbAe121sYQ5CV.:18012:0:99999:7::: user7:$6$kbgzn9F7$NgyXkzu/mU2f7SZuf/N17o30lBE0OAdyQbvCtPYlVXdjP.iwHtWzRXqFMTzXTl0VX5UMC3RLmJoo3KW.E9JnC1:18012:0:99999:7::: user8:$6$5oEyWVAd$14tH.xSv/njtRbQQRzlef5H6hrmUCYT9YQYgC3jntAlBkavYhmSDxwJx4WJoWFyIOGU5uwwax7RUplCXHbBbo1:18012:0:99999:7::: user9:$6$7smw/DCA$Y4cHOXFx4k5tT1yNC9ldwaPZhZhO4TOTPzGN/X6q3.ZeoBI1eszMpGrEFi9X8x7uqIbfCTfTSe/TvuTmT8ftn1:18012:0:99999:7::: user10:$6$EQOEW5ir$INCc4FovR7DD7ozn/iNCA/GE9aYW8J1BRfsUFOk0ta5/LTJB0nOp5BA.3ZE0ICqjLLl63CjurDAyON1SAyP.30:18012:0:99999:7::: user11:$6$FnwlyVq2$Zw4o3CRM8HBopYjwS6bPuv1qh4711Qf1FZMK9n6h19.cOWFEfqQ9ooBciLIpffm0W40RSg/B9aB0Od0do3div/:18012:0:99999:7::: user12:$6$vdNcdCrz$1F7REyBiXVMJX2u7XeIAmEignw0GvSYRGoVsLhJ9ufEz93.oUmBiQigZr2jRq8ngBG3mNMwTl3v3p.U5VTD5p0:18012:0:99999:7::: user13:$6$9T7DmvNV$3ya3PKhXuvOvtVurLiT13Kv8unGwUFljVzuR5oNNGvpJOPS2VH.xmD.lhAb3J/QVZQy6u8yOdOpIEyYSnHetP1:18012:0:99999:7::: user14:$6$qhnOz7W.$Wbiqvj9Wkw7YNIwQ2xpsNASbAZ5Ai90d1rx3WcdTRi8tvuiGaulttxlgG96KSyT8yBpXw/pyZci7uA92y0WnP0:17935:0:99999:7::: user15:$6$QDVVXOnP$zM04k/zPCXK6tE72R80h0keNdPUoFPuL0yNLbsBfXtjWeftRbqhnAZRgYv6vnVk7uzyXWWb.EO/2DiLHrSdQO/:18012:0:99999:7::: user16:$6$jSai7i1D$3TLTNUDntkwBxSUaE/4UAcONJYSSlrB/RjXsZCPXjYrTakDiuvfw0O8JXwwm/ypRrwQYdVk2dTLhkh2VE8zD40:18012:0:99999:7::: user17:$6$FyW18HlF$VO1Ejg7nwQ8grc8jjEEtNmxDxGoNOKPya8ITWDZTLFPfyuBZ/V8eeneGPgIHCSJLsEh60Bx52xS1cQQzQ15YV.:18012:0:99999:7::: user18:$6$.z2/Dohm$8HmdCleOB6zUTXgFVtB8BDoaaJ0TXO0yfkXLa/CJHYT.P9DzFXwKosunrp3h69dg0fvqOr7.jDrzbpY3KzWql/:18012:0:99999:7::: user19:$6$A9a0tJNT$gMbp7ZqjdTqgOZ90Fe/qSw11cK0k993S2I15xYpzwBIHav/XLMJ7Ka7pakwkv3RmNW.D/6dWhi8w0.CnPxQl2.:18012:0:99999:7::: user20:$6$52.ELIOk$FobPACG6D2IUKDup9aXpGxEUvEG/PxdHt1XvWkJs/tNpgHWKVkNUQHqpfGN.BxyDbQYnUbp33dgKf.bL5Wk3h/:18012:0:99999:7::: tss:!!:17936:::::: cracker:$6$H775bLE6$tM5fjJtbAymFJT/adFBKV6PsVnPqrMfwtHBcBd.wbB7QPMbtbGkXVX6VpMKQEs6majhDDvgK/JLRMDUe.B5Pm/:17939:0:99999:7::: mysql:!!:17939:::::: ntp:!!:17949:::::: zhang:!!:18012:0:99999:7::: zhao:!!:18012:0:99999:7::: xixixi:!!:18012:0:99999:7::: op:!!:18012:0:99999:7::: wang:!!:18013:0:99999:7::: [[email protected] ~]# ll /etc/shadow ----------. 1 root root 3418 Apr 27 15:46 /etc/shadow
如果给用户wang读的权限,就有权限读了,使用命令setfacl添加权限
[[email protected] ~]# ll /etc/shadow ----------. 1 root root 3418 Apr 27 15:46 /etc/shadow [[email protected] ~]# setfacl -m u:zhao:r /etc/shadow [[email protected] ~]# ll /etc/shadow ----r-----+ 1 root root 3418 Apr 27 15:46 /etc/shadow [[email protected] ~]# su - zhao Last login: Sat Apr 27 15:49:27 CST 2019 on pts/0 [[email protected] ~]$ ll /etc/shadow ----r-----+ 1 root root 3418 Apr 27 15:46 /etc/shadow [[email protected] ~]$ [ -r /etc/shadow ] && echo true || echo false true [[email protected] ~]$ [ -w /etc/shadow ] && echo true || echo false false [[email protected] ~]$ [ -x /etc/shadow ] && echo true || echo false false
如果要清空所有的acl权限,加选项-b
只有管理员才可以清空权限
[[email protected] ~]$ setfacl -b /etc/shadow setfacl: /etc/shadow: Operation not permitted [[email protected] ~]$ exit logout [[email protected] ~]# ll /etc/shadow ----r-----+ 1 root root 3418 Apr 27 15:46 /etc/shadow [[email protected] ~]# setfacl -b /etc/shadow [[email protected] ~]# ll /etc/shadow ----------. 1 root root 3418 Apr 27 15:46 /etc/shadow
文件是否打开:
-t fd: fd 文件描述符是否在某终端已经打开
-N FILE:文件自从上一次被读取之后是否被修改过
-O FILE:当前有效用户是否为文件属主
-G FILE:当前有效用户是否为文件属组
7-t fd: fd 文件描述符是否在某终端已经打开
-t FD True if FD is opened on a terminal.
$$表示当前进程
[[email protected] ~]# ls /proc/$$/fd 0 1 2 255 [[email protected] ~]# ls /proc/$$/fd -l total 0 lrwx------ 1 root root 64 Dec 15 15:52 0 -> /dev/pts/1 lrwx------ 1 root root 64 Dec 15 15:52 1 -> /dev/pts/1 lrwx------ 1 root root 64 Dec 15 15:52 2 -> /dev/pts/1 lrwx------ 1 root root 64 Dec 15 21:41 255 -> /dev/pts/1
当前进程打开了多少个文件
因为每打开一个文件就要打开一个文件描述符,其实就是统计文件描述符的个数
[[email protected] ~]# ls /proc/$$/fd 0 1 2 255 [[email protected] ~]# ls /proc/$$/fd | wc -l 4 [[email protected] ~]# ls /proc/$$/fd -l total 0 lrwx------ 1 root root 64 Dec 15 15:52 0 -> /dev/pts/1 lrwx------ 1 root root 64 Dec 15 15:52 1 -> /dev/pts/1 lrwx------ 1 root root 64 Dec 15 15:52 2 -> /dev/pts/1 lrwx------ 1 root root 64 Dec 15 21:41 255 -> /dev/pts/1
-t fd: fd 文件描述符是否在某终端已经打开
[[email protected] ~]# ls /proc/$$/fd 0 1 2 255 [[email protected] ~]# [ -t 1 ] && echo true || echo false true [[email protected] ~]# [ -t 2 ] && echo true || echo false true [[email protected] ~]# [ -t 255 ] && echo true || echo false true [[email protected] ~]# [ -t 0 ] && echo true || echo false true
2-O FILE:当前有效用户是否为文件属主
-O FILE True if the file is effectively owned by you.
注意当前用户不一定是有效用户。
当一个用户执行SUID程序的时候,普通用户的身份变成了root,root就是当时的有效用户,
执行程序的用户是实际用户,真正生效的用户是有效用户。
如果没有特殊权限,当前用户就是有效用户。
[[email protected] ~]# whoami root [[email protected] ~]# ll /usr/bin/passwd -rwsr-xr-x. 1 root root 27832 Jun 10 2014 /usr/bin/passwd
当前用户和有效用户都是root
[[email protected] ~]# [ -O /etc/issue ] && echo true || echo false true [[email protected] ~]# [ -O /etc/passwd ] && echo true || echo false true [[email protected] ~]# [ -O /usr/bin/passwd ] && echo true || echo false true
3-G FILE:当前有效用户是否为文件属组
[[email protected] ~]# pwd /root [[email protected] ~]# who root tty1 2019-01-24 19:47 root pts/0 2019-04-27 15:43 (192.168.137.1) [[email protected] ~]# whoami root [[email protected] ~]# ll /etc/passwd -rw-r--r--. 1 root root 1005 Apr 27 17:25 /etc/passwd [[email protected] ~]# [ -G /etc/passwd ] && echo true || echo false true
4-N FILE:文件自从上一次被读取之后是否被修改过,也就是mtime比atime更新
-N FILE True if the file has been modified since it was last read.
[[email protected] ~]# [ -N /etc/fstab ] && echo true || echo false false [[email protected] ~]# vim /etc/fstab [[email protected] ~]# [ -N /etc/fstab ] && echo true || echo false true [[email protected] ~]# ll /etc/fstab -rw-r--r--. 1 root root 636 Apr 27 20:48 /etc/fstab
当新创建一个文件时,文件的最后访问时间、最后内容修改时间、最后状态更新时间是一致的。
[[email protected] ~]# stat /etc/fstab File: ‘/etc/fstab’ Size: 636 Blocks: 8 IO Block: 4096 regular file Device: 802h/2050d Inode: 67737177 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Context: system_u:object_r:etc_t:s0 Access: 2019-04-27 20:48:37.952425112 +0800 Modify: 2019-04-27 20:48:37.952425112 +0800 Change: 2019-04-27 20:48:37.977425111 +0800 Birth: -
三Bash的逻辑操作符/组合测试条件
第一种方式:
COMMAND1 && COMMAND2 并且
COMMAND1 || COMMAND2 或者
! COMMAND 非
如:[[ -r FILE ]] && [[ -w FILE ]]
注意true和false本身就是命令,而且是内部命令,返回的结果是真,假
[[email protected] ~]# true [[email protected] ~]# echo $? 0 [[email protected] ~]# false [[email protected] ~]# echo $? 1
[[email protected] ~]# true && echo true || echo false true [[email protected] ~]# false && echo true || echo false false [[email protected] ~]# type true true is a shell builtin [[email protected] ~]# type false false is a shell builtin
使用!取反
[[email protected] ~]# ! true && echo true || echo false false [[email protected] ~]# ! false && echo true || echo false true [[email protected] ~]# a=10;[ $a -eq 10 ] && echo true || echo false true [[email protected] ~]# a=10;[ ! $a -eq 10 ] && echo true || echo false false
第二种方式:
EXPRESSION1 -a EXPRESSION2 并且
EXPRESSION1 -o EXPRESSION2 或者
! EXPRESSION
文件存在并且有执行权限那么就显示指定文件的内容
[[email protected] ~]# [ -f /bin/cat -a -x /bin/cat ] && cat /etc/fstab # # /etc/fstab # Created by anaconda on Wed Jan 9 13:54:32 2019 # # Accessible filesystems, by reference, are maintained under ‘/dev/disk‘ # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # UUID=154fb900-77cf-4d55-975f-b788805fe281 / xfs defaults 0 0 UUID=f0c8487e-df2a-4042-81ca-f9011445c8bd /app xfs defaults 0 0 UUID=e76ffa1a-9169-42d4-adcc-c6bdbfefd663 /boot xfs defaults 0 0 UUID=809c994a-336d-4517-b3c4-7e0dae5ad738 swap swap defaults 0 0 /dev/cdrom /mnt iso9660 defaults 0 0 [[email protected] ~]# ll /bin/cat -rwxr-xr-x. 1 root root 54080 Apr 11 2018 /bin/cat
在centos6的文件/etc/rc.sysinit
15 if [ -z "$HOSTNAME" -o "$HOSTNAME" = "(none)" ]; then 16 HOSTNAME=localhost 17 fi 349 if [ "$HOSTNAME" = "localhost" -o "$HOSTNAME" = "localhost.localdomain" ]; then 350 ipaddr=$(ip addr show to 0.0.0.0/0 scope global | awk ‘/[[:space:]]inet / { print gensub("/.*","","g",$2) }‘) 351 for ip in $ipaddr ; do 352 HOSTNAME= 353 eval $(ipcalc -h $ip 2>/dev/null) 354 [ -n "$HOSTNAME" ] && { hostname ${HOSTNAME} ; break; } 355 done 356 fi
示例
1、编写脚本/bin/per.sh,判断当前用户对指定的参数文件,是否不可读并且不可写
法1:
脚本内容
[[email protected] shell_scripts]# cat per.sh #!/bin/bash #Author=wang [ $# -lt 1 ] && echo "please input a parameter" && exit 9#首先要判断是否有参数 [ ! -r $1 ] && [ ! -w $1 ] && echo " no read,and write" || echo "other permission"
执行结果
[[email protected] shell_scripts]# bash per.sh please input a parameter [[email protected] shell_scripts]# bash per.sh /etc/issue other permission [[email protected] shell_scripts]# bash per.sh /etc/passwd other permission
法2
注意括号前加上\用来转义。
上面的方法更容易理解
脚本内容
[[email protected] shell_scripts]# cat per1.sh #!/bin/bash #Author=wang [ $# -lt 1 ] && echo "please input a parameter" && exit [ ! \( -r $1 -a -w $1 \) ] && echo " no read,and write" || echo "other permission"
执行结果
[[email protected] shell_scripts]# bash per1.sh please input a parameter [[email protected] shell_scripts]# bash per1.sh /etc/issue other permission [[email protected] shell_scripts]# bash per1.sh /etc/passwd other permission
解析脚本
[[email protected] ~]# [ \( -r /etc/shadow -a -w /etc/shadow \) ] && echo true || echo false true [[email protected] ~]# [ -r /etc/shadow ] && [ -w /etc/shadow ] && echo true || echo false true [[email protected] ~]# [ ! -r /etc/shadow ] && [ ! -w /etc/shadow ] && echo true || echo false false
普通用户是没有读写权限的
[[email protected] ~]# su - zhao Last login: Sat Apr 27 16:51:31 CST 2019 on pts/0 [[email protected] ~]$ ll /etc/shadow ----------. 1 root root 3418 Apr 27 15:46 /etc/shadow [[email protected] ~]$ [ \( -r /etc/shadow -a -w /etc/shadow \) ] && echo true || echo false false [[email protected] ~]$ [ -r /etc/shadow ] && [ -w /etc/shadow ] && echo true || echo false false [[email protected] ~]$ [ ! -r /etc/shadow ] && [ ! -w /etc/shadow ] && echo true || echo false true
在此文件对其他用户添加读权限
[[email protected] ~]$ pwd /home/zhao [[email protected] ~]$ chmod a+r /etc/shadow chmod: changing permissions of ‘/etc/shadow’: Operation not permitted [[email protected] ~]$ exit logout [[email protected] ~]# ll /etc/shadow ----------. 1 root root 3418 Apr 27 15:46 /etc/shadow [[email protected] ~]# chmod a+r /etc/shadow [[email protected] ~]# ll /etc/shadow -r--r--r--. 1 root root 3418 Apr 27 15:46 /etc/shadow [[email protected] ~]# su - zhao Last login: Sat Apr 27 17:03:21 CST 2019 on pts/0 [[email protected] ~]$ [ ! -r /etc/shadow ] && [ ! -w /etc/shadow ] && echo true || echo false false [[email protected] ~]$ [ -r /etc/shadow ] && [ -w /etc/shadow ] && echo true || echo false false
上面的法2涉及到了德·摩根定律:
(非 A) 或 (非 B) = 非(A 且 B)(非 A) 且 (非 B) = 非(A 或 B) 示例:!A -a !B = !(A -o B)!A -o !B = !(A -a B)
2、编写脚本/root/bin/excute.sh ,判断参数文件是否为sh后缀的普通文件。
如果是,添加所有人可执行权限,否则提示用户非脚本文件。
脚本内容
=~ 左侧字符串是否能够被右侧的PATTERN所匹配
[[email protected] shell_scripts]# cat excute.sh #!/bin/bash #Author=wang [ $# -lt 1 ] && echo "please input a parameter" && exit 1 [ ! -f $1 ] && echo "file not exist" [[ "$1" =~ .*.sh$ ]] && chmod a+x $1 || echo "no shellscript file"
[[email protected] shell_scripts]# cat excute.sh #!/bin/bash #Author=wang [ $# -lt 1 ] && echo "please input a parameter" && exit 1 [ ! -f $1 ] && echo "file not exist" #前面两步很容易被忽略,写脚本要考虑周到 [[ "$1" =~ .*.sh$ ]] && chmod a+x $1 || echo "no shellscript file" #.*表示任意多个字符串,=~ 左侧字符串是否能够被右侧的PATTERN所匹配 #此表达式一般用于[[ ]]中;扩展的正则表达式
执行结果
[[email protected] shell_scripts]# ll excute.sh -rw-r--r--. 1 root root 192 Apr 27 17:12 excute.sh [[email protected] shell_scripts]# bash excute.sh excute.sh [[email protected] shell_scripts]# ll excute.sh -rwxr-xr-x. 1 root root 192 Apr 27 17:12 excute.sh [[email protected] shell_scripts]# bash excute.sh please input a parameter
3编写脚本/root/bin/nologin.sh和login.sh,实现禁止和允许普通用户登录系统
touch /etc/nologin 创建这个文件实现不能登录系统是基于PAM模块实现的,涉及安全和加密内容
注意先要设置密码,为远程用户登录准备
[[email protected] ~]# echo centos | passwd --stdin zhao Changing password for user zhao. passwd: all authentication tokens updated successfully.
[[email protected] shell_scripts]# cat /etc/nologin cat: /etc/nologin: No such file or directory [[email protected] shell_scripts]# cd [[email protected] ~]# su - zhao Last login: Sat Apr 27 17:06:14 CST 2019 on pts/0 [[email protected] ~]$ exit logout [[email protected] ~]# touch /etc/nologin [[email protected] ~]# ll /etc/nologin -rw-r--r--. 1 root root 0 Apr 27 17:20 /etc/nologin [[email protected] ~]# su - zhao Last login: Sat Apr 27 17:20:35 CST 2019 on pts/0 [[email protected] ~]$ exit logout
在另外一台机器远程无法登录该主机的普通用户
[[email protected] ~]# id zhao id: zhao: no such user [[email protected] ~]# useradd zhao [[email protected] ~]# id zhao uid=1001(zhao) gid=1001(zhao) groups=1001(zhao) [[email protected] ~]# ssh [email protected]192.168.137.73 [email protected]192.168.137.73‘s password: Authentication failed. [[email protected] ~]# ssh [email protected]192.168.137.73 [email protected]192.168.137.73‘s password: Authentication failed. [[email protected] ~]# ssh [email protected]192.168.137.73 [email protected]192.168.137.73‘s password: Authentication failed.
不过可以登录到对方的root用户
[[email protected] ~]# ssh 192.168.137.73 [email protected]192.168.137.73‘s password: Last login: Fri Apr 26 11:19:53 2019 from gateway [[email protected] ~]# hostname centos73.huawei.com [[email protected] ~]# exit logout Connection to 192.168.137.73 closed. [[email protected] ~]# hostname centos77.jd.com [[email protected] ~]# ssh [email protected]192.168.137.73 [email protected]192.168.137.73‘s password: Last login: Sat Apr 27 17:23:42 2019 from 192.168.137.77 [[email protected] ~]# hostname centos73.huawei.com [[email protected] ~]# exit logout Connection to 192.168.137.73 closed. [[email protected] ~]# hostname centos77.jd.com
删除了文件之后就可以连接到远程的普通用户了
[[email protected] ~]# ll /etc/nologin -rw-r--r--. 1 root root 0 Apr 27 17:20 /etc/nologin [[email protected] ~]# cat /etc/nologin [[email protected] ~]# rm -rf /etc/nologin [[email protected] ~]# cat /etc/nologin cat: /etc/nologin: No such file or directory [[email protected] ~]# su - zhao Last login: Sat Apr 27 17:26:21 CST 2019 on pts/0 [[email protected] ~]$ exit logout
[[email protected] ~]# ssh [email protected]192.168.137.73 [email protected]192.168.137.73‘s password: Last failed login: Sat Apr 27 17:30:46 CST 2019 from 192.168.137.77 on ssh:notty There were 3 failed login attempts since the last successful login. Last login: Sat Apr 27 17:29:13 2019 [[email protected] ~]$ pwd /home/zhao
禁止普通用户登录系统的脚本
[[email protected] shell_scripts]# cat nologin.sh #!/bin/bash #Author=wang [ ! -f /etc/nologin ] && touch /etc/nologin#如果此文件不存在那么就创建文件
执行脚本之后会创建文件
[[email protected] shell_scripts]# ls /etc/nologin ls: cannot access /etc/nologin: No such file or directory [[email protected] shell_scripts]# bash nologin.sh [[email protected] shell_scripts]# ls /etc/nologin /etc/nologin [[email protected] shell_scripts]# ls /etc/nologin -l -rw-r--r--. 1 root root 0 Apr 27 17:34 /etc/nologin
[[email protected] shell_scripts]# su - zhao Last login: Sat Apr 27 17:32:22 CST 2019 from 192.168.137.77 on pts/1 Last failed login: Sat Apr 27 17:35:14 CST 2019 from 192.168.137.77 on ssh:notty There was 1 failed login attempt since the last successful login. [[email protected] ~]$ pwd /home/zhao
执行结果
[[email protected] ~]# ssh [email protected]192.168.137.73 [email protected]192.168.137.73‘s password: Authentication failed. [[email protected] ~]# ssh [email protected]192.168.137.73 [email protected]192.168.137.73‘s password: Authentication failed.
允许普通用户登录系统的脚本
[[email protected] shell_scripts]# cat login.sh #!/bin/bash #Author=wang [ -f /etc/nologin ] && rm -rf /etc/nologin#如果文件存在就删除文件,相当于解开了枷锁
[[email protected] shell_scripts]# ls /etc/nologin /etc/nologin [[email protected] shell_scripts]# ls /etc/nologin -l -rw-r--r--. 1 root root 0 Apr 27 17:34 /etc/nologin [[email protected] shell_scripts]# bash login.sh [[email protected] shell_scripts]# ls /etc/nologin -l ls: cannot access /etc/nologin: No such file or directory [[email protected] shell_scripts]# su - zhao Last login: Sat Apr 27 17:35:22 CST 2019 on pts/0 Last failed login: Sat Apr 27 17:35:51 CST 2019 from 192.168.137.77 on ssh:notty There was 1 failed login attempt since the last successful login. [[email protected] ~]$ exit
因为对方把之前的/etc/nologin文件删除就可以登录了
[[email protected] ~]# ssh [email protected]192.168.137.73 [email protected]192.168.137.73‘s password: Last login: Sat Apr 27 17:38:35 2019 [[email protected] ~]$ pwd /home/zhao [[email protected] ~]$ exit logout Connection to 192.168.137.73 closed. [[email protected] ~]# ssh [email protected]192.168.137.73 [email protected]192.168.137.73‘s password: Last login: Sat Apr 27 17:39:23 2019 from 192.168.137.77 [[email protected] ~]$ exit logout Connection to 192.168.137.73 closed. [[email protected] ~]# id zhao uid=1001(zhao) gid=1001(zhao) groups=1001(zhao) [[email protected] ~]# getent passwd zhao zhao:x:1001:1001::/home/zhao:/bin/bash
原文地址:https://www.cnblogs.com/wang618/p/11041162.html