User Management
User Management
Login shell
/etc/profile
/etc/profile.d/
/etc/bashrc
~/.bashrc
~/.bash_profile
getent checks not only local users but also users from
active directory and openldap domain.
grep passwd /etc/nsswitch.conf
getent passwd
getent group
getent networks
getent services
getent shadow
getent gshadow
UID ranges
useradd username
-u for uid
-g for gid
-c for comment
-d for home directory
-s for shell
-N for not creating a group with the same name as
user but add the user to the group specified by –g
-G supplementary group
Note: adduser is symbolic link to useradd on redhat
and on Debian and ubuntu systems a perl script
setting passwords
1. login name
2. encrypted password which contains hashing algorithm, salt
and encrypted hash.
3. Number of days since the last password change from 1-Jan-
1970
4. Minimum number of days before a password may be
changed, where 0 means no minimum age required.
5. Maximum number of days before a password must be
changed.
6. Warning period that a password is about to expire, 0 means
no warning given.
7. The number of days an account remains active after a
password has expired.
8. Account expiration date
9. Blank field for future use
chage for password aging
/etc/login.defs
CREATE_HOME no
rpm -qa | grep oddjob
rpm -ivh oddjob-mkhomedir-0.31.5-4.el7.x86_64
systemctl start oddjobd
systemctl enable oddjobd
authconfig --enablemkdhomedir --update
Password Policies and limit access