Home | 简体中文 | 繁体中文 | 杂文 | Github | 知乎专栏 | 51CTO学院 | CSDN程序员研修院 | OSChina 博客 | 腾讯云社区 | 阿里云栖社区 | Facebook | Linkedin | Youtube | 打赏(Donations) | About
知乎专栏多维度架构

22.29. Password

22.29.1. Shadow password suite configuration.

				# cat /etc/login.defs
				# *REQUIRED*
				# Directory where mailboxes reside, _or_ name of file, relative to the
				# home directory. If you _do_ define both, MAIL_DIR takes precedence.
				# QMAIL_DIR is for Qmail
				#
				#QMAIL_DIR Maildir
				MAIL_DIR /var/spool/mail
				#MAIL_FILE .mail

				# Password aging controls:
				#
				# PASS_MAX_DAYS Maximum number of days a password may be used.
				# PASS_MIN_DAYS Minimum number of days allowed between password changes.
				# PASS_MIN_LEN Minimum acceptable password length.
				# PASS_WARN_AGE Number of days warning given before a password expires.
				#
				PASS_MAX_DAYS 99999
				PASS_MIN_DAYS 0
				PASS_MIN_LEN 5
				PASS_WARN_AGE 7

				#
				# Min/max values for automatic uid selection in useradd
				#
				UID_MIN 500
				UID_MAX 60000

				#
				# Min/max values for automatic gid selection in groupadd
				#
				GID_MIN 500
				GID_MAX 60000

				#
				# If defined, this command is run when removing a user.
				# It should remove any at/cron/print jobs etc. owned by
				# the user to be removed (passed as the first argument).
				#
				#USERDEL_CMD /usr/sbin/userdel_local

				#
				# If useradd should create home directories for users by default
				# On RH systems, we do. This option is overridden with the -m flag on
				# useradd command line.
				#
				CREATE_HOME yes

				# The permission mask is initialized to this value. If not specified,
				# the permission mask will be initialized to 022.
				UMASK 077

				# This enables userdel to remove user groups if no members exist.
				#
				USERGROUPS_ENAB yes

				# Use MD5 or DES to encrypt password? Red Hat use MD5 by default.
				MD5_CRYPT_ENAB yes

				ENCRYPT_METHOD MD5

			

22.29.2. newusers - update and create new users in batch

				# cat userfile.txt
				www00:x:520:520::/home/www00:/sbin/nologin
				www01:x:521:521::/home/www01:/sbin/nologin
				www02:x:522:522::/home/www02:/sbin/nologin
				www03:x:523:523::/home/www03:/sbin/nologin
				www04:x:524:524::/home/www04:/sbin/nologin
				www05:x:525:525::/home/www05:/sbin/nologin
				www06:x:526:526::/home/www06:/sbin/nologin
				www07:x:527:527::/home/www07:/sbin/nologin
				www08:x:528:528::/home/www08:/sbin/nologin
				www09:x:529:529::/home/www09:/sbin/nologin

				# newusers userfile.txt
			

22.29.3. chpasswd - update passwords in batch mode

echo "user:password" | chpasswd

				[root@dev1 ~]# adduser test
				[root@dev1 ~]# echo "test:123456" | chpasswd
			

				# cat passwd.txt
				neo:neopass
				jam:jampass

				# cat passwd.txt | chpasswd
			
		
# chpasswd -c < passwd.txt
		
			

passwd 命令实现相同功能

				echo "mypasword" | passwd –stdin neo
			

22.29.4. sshpass - noninteractive ssh password provider

		
sudo apt install -y sshpass

root@ubuntu:~# sshpass -v
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
   -f filename   Take password to use from file
   -d number     Use number as file descriptor for getting password
   -p password   Provide password as argument (security unwise)
   -e            Password is passed as env-var "SSHPASS"
   With no parameters - password will be taken from stdin

   -P prompt     Which string should sshpass search for to detect a password prompt
   -v            Be verbose about what you're doing
   -h            Show help (this screen)
   -V            Print version information
At most one of -f, -d, -p or -e should be used
		
			

		
sshpass -p Password scp target/*.jar root@dev.netkiller.cn:/root/		
		
			

		
sshpass -p Password ssh root@dev.netkiller.cn java -jar /root/java-0.0.1-SNAPSHOT.jar