Some important
files to check for user-related information:
-
/etc/passwd - Contains information about all user
accounts on the system, such as username, UID, GID, home directory, and shell.
- /etc/shadow
- Stores
encrypted user passwords and related information like password expiration. Only
root has read access.
- /etc/group
- Lists
all the groups on the system and their members. Useful for group management and
permissions.
- /etc/sudoers
- Defines
sudo permissions, specifying which users or groups can run commands as the
superuser or another user.
What is /etc/login.defs file
used in Linux?
/etc/login.defs
is a configuration file in Linux that defines default settings for user account management. It is used by tools like useradd,
usermod,
and passwd
to set system-wide defaults for various user attributes such as password
policies, user ID ranges, Home directory creation, and login parameters. The
settings in this file help enforce consistent configurations across all user
accounts.
Some known User Management parameters:
PASS_MAX_DAYS - Sets the maximum
number of days a password is valid before it must be changed. Passwords must be
changed every 90 days.
PASS_MAX_DAYS
90
PASS_MIN_DAYS
: Specifies the minimum number of days between password changes. Users must
wait at least 7 days before changing their password again.
PASS_MIN_DAYS 7
PASS_WARN_AGE
- Sets the number of days before password expiration that a user will be
warned. Users will be warned 7 days before their password expires.
PASS_WARN_AGE 7
UID_MIN
and UID_MAX - Defines the range of user
IDs (UIDs) for regular users. New users will be assigned UIDs between 1000 and
60000.
UID_MIN 1000
UID_MAX 60000
GID_MIN
and GID_MAX - Sets the range of group IDs
(GIDs) for regular users. New groups will have GIDs between 1000 and 60000.
GID_MIN 1000
GID_MAX 60000
CREATE_HOME
- Controls whether a home directory
should be created for new users by default. users will have a home directory
created automatically.
CREATE_HOME yes
UMASK
- Sets the default file permission mask for new files and directories created
by users. files will have permissions
700, allowing only the owner to read, write, and execute.
UMASK 077
ENCRYPT_METHOD
- Defines the method used for encrypting user passwords. The SHA-512 algorithm
is used for encrypting password.
ENCRYPT_METHOD
SHA512
LOGIN_RETRIES
- Sets the number of allowed failed login attempts before blocking the user.
user can attempt to log in 5 times before being temporarily blocked.
LOGIN_RETRIES 5
What
is file /etc/sysconfig/useradd used in Linux system?
/etc/sysconfig/useradd file in Linux sets default settings for creating new user accounts. It's commonly used in Red Hat-based systems like Rocky Linux, CentOS, and RHEL.
Files content
might look like:
GROUP=1000: New users
will be part of a group with ID 1000 (usually named "dev"
or "staff").
HOME=/data/users: New
user home folders will be created in /data/users instead of the
default /home.
INACTIVE=30: The account
gets locked if the password hasn't been updated in 30 days after it expires.
EXPIRE=2024-12-31: The
user account will automatically expire on December 31, 2024.
SHELL=/bin/zsh: New
users will use the Zsh shell by default instead of Bash.
CREATE_MAIL_SPOOL=yes: A mail file
will be created for each new user to receive emails.
What is /etc/skel?
/etc/skel is
a template folder in Linux.
When
you create a new user, the files from /etc/skel are copied to
the new user's home directory.
It provides default settings for new users, so everyone starts with basic configuration files.
Default Files
in /etc/skel
Common
files you might find in /etc/skel:
.bashrc:
A script that sets up the shell environment, like colors and aliases.
.bash_profile or .profile:
Runs when the user logs in and sets up environment variables.
.bash_logout: Runs commands when the user logs out, like clearing the screen.
.bashrc example:
Welcome Message: Prints "Welcome to your Linux shell!" each time a
new terminal is opened.
#vim .bashrc
echo "Welcome to your Linux shell!"
echo
"List files & directory : $(ls -l)"
echo "Today's
date and time: $(date)"
# source ~/.bashrc
Now, logout terminal and start again, after you will get a
message.
.bashrc other
example for alias
# 2. Create a few helpful aliases
alias ll='ls
-lh' # Lists files with human-readable sizes
alias rm='rm
-i' # Prompts before deleting files
alias cp='cp
-i' # Prompts before overwriting files
alias mv='mv
-i' # Prompts before moving/renaming files
What is .bash_profile?
.bash_profile is
a shell script that runs only when a user logs in. It sets up the user's
environment, such as PATH variables and custom commands.
. bash_profile example:
export PATH=$PATH:/usr/local/custom_scripts
export PYTHONPATH=/usr/local/python3
#
5. Add a directory to the PATH for easy access to custom scripts
export PATH=$PATH:/home/$USER/scripts
source ~/.bash_profile
User Management usefull commands:1. Documentation for useradd command
[root@server ~]# man useradd
2. Create a user
[root@server ~]# useradd tom
Note: tom == username
Create one more user
[root@server ~]# useradd Jerry
Note: When you create a user, it's information save in /etc/passwd file
3. Show user information
[root@server ~]# cat /etc/passwd
tom:x:509:509::/home/tom:/bin/bash
4. Grep specific user from /etc/passwd file
[root@server ~]# cat /etc/passwd | grep tom
tom:x:509:509::/home/tom:/bin/bash
5. Describe field of /etc/passwd
Ex: It has 7 field, will explain one by one below
tom:x:509:509::/home/tom:/bin/bash
tom: User name
x : Password saved in encrypted form
509 : User ID (UID)
509 : Group ID (GID)
:: : Comment (For extra information )
/home/tom: Home directory
/bin/bash : Shell
Note: When you create a user with name tom, with same name a group tom also create.
6. Create/Set password for a user
[root@server ~]# passwd tom
Note: created password save in /etc/shadow file
7. Show /etc/shadow file
[root@server ~]# cat /etc/shadow
Jerry:!!:16755:0:99999:7:::
Ex: It has 6 field, will explain one by one below
Jerry:!!:16755:0:99999:7:::
8. Create a group
[root@server ~]# groupadd linux
Note: When you create a group, it save in /etc/group file
9. Show /etc/group file
[root@server ~]# cat /etc/group
Ex: It has 3 field, will explain one by one below
linux:x:511:
Q: can we set password on group ?
Yes, with command
[root@server ~]# gpasswd linux
Note: group password information save in /etc/gshadow file
10. show group password
[root@server ~]# cat /etc/gshadow
linux:$6$7ro03LKxS$vhw/ekQxrzBndgDEhA2b5gSjZ88LZF7ZFjeHsDx7aVxHE0xArMQhneQy3zI3ZDGpTA.xfIzhoS/s/26U2pMmv1::
11. Documentation for userdel command
[root@server ~]# man userdel
Note: userdel command is use to delete a user
12. Delete a user
[root@server ~]# userdel tom
Note: above command delete user but not delete user home directory. You can check in /home/ folder.
12. Delete user with home directory
[root@server ~]# userdel -r Jerry
or,
[root@server ~]# userdel -rf username
Note: Jerry== username, -r == will delete user but ask for deleting, -f == for forcefully delete
13. How to check last password modification date in Linux
[root@server ~]# chage -l shahzad
Last password change : May 30, 2017
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
or,
[root@server ~]# cat /etc/shadow | grep shahzad
shahzad:$1$aoU3ISRK$W06/ShMzSopjNELyES7hd0:17316:0:99999:7:::
14. Describe /etc/shadow file in Linux
1 - system login username
2 - Password filed
3 - Password modification date (May 30, 2017)
4 - Minimum number of days between password change through user ( 0 means no password expiration set)
5 - Maximum number of days between password change
6 - Number of days of warning before password expires
Create a New user with different home directory
[root@server ~]# useradd -d /data/shahzad shahzad
Note: defined home directory for user shahzad is /data/shahzad
0 comments:
Post a Comment