l6 managing users and groups useradd usermod skel shadow passwd lock -l -u id chage

By OK -
defaults are in
/etc/login.defs
/etc/defaults/useradd
[root@localhost ~]# useradd -m -d /home/max max
[root@localhost ~]# su - max
[max@localhost ~]$ pwd
/home/max


groupadd sales

[root@localhost ~]# tail -n 1 /etc/group
sales:x:1003:

usermod
  -g, --gid GROUP               force use GROUP as new primary group
  -G, --groups GROUPS           new list of supplementary GROUPS
  -a, --append                  append the user to the supplemental GROUPS mentioned by the -G option without removing him/her from other groups

[root@localhost ~]# usermod -aG sales max
[root@localhost ~]# grep max /etc/group
max:x:1002:
sales:x:1003:max

[root@localhost ~]# id max
uid=1002(max) gid=1002(max) groups=1002(max),1003(sales)

 in passwd file there is no reference to secondary groups
[root@localhost ~]# id max
uid=1002(max) gid=1002(max) groups=1002(max),1003(sales)

passwd - accounts
shadow - passwords
etc/group
/etc/login,.defs 
  1. PASS_MAX_DAYS : Maximum number of days a password may be used. If the password is older than this, a password change will be forced.
  2. PASS_MIN_DAYS : Minimum number of days allowed between password changes. Any password changes attempted sooner than this will be rejected
  3. PASS_WARN_AGE : Number of days warning given before a password expires. A zero means warning is given only upon the day of expiration, a negative value means no warning is given. If not specified, no warning will be provided.
[root@localhost ~]# cat /etc/default/useradd 
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

The /etc/skel directory contains files and directories that are automatically copied over to a new user's home directory when such user is created by the useradd program
[root@localhost ~]# cat /etc/skel/.

./             ../            .bash_logout   .bash_profile  .bashrc        .mozilla/ 

how to add default file to user home dir
[root@localhost ~]# cd /etc/skel
[root@localhost skel]# touch newfile
[root@localhost skel]# useradd lisa
[root@localhost skel]# su - lisa
[lisa@localhost ~]$ ls -al
total 12
drwx------. 5 lisa lisa 122 May 13 16:09 .
drwxr-xr-x. 5 root root  39 May 13 16:09 ..
-rw-r--r--. 1 lisa lisa  18 Aug  2  2016 .bash_logout
-rw-r--r--. 1 lisa lisa 193 Aug  2  2016 .bash_profile
-rw-r--r--. 1 lisa lisa 231 Aug  2  2016 .bashrc
drwxrwxr-x. 3 lisa lisa  18 May 13 16:09 .cache
drwxrwxr-x. 3 lisa lisa  18 May 13 16:09 .config
drwxr-xr-x. 4 lisa lisa  39 Apr 16 20:36 .mozilla
-rw-r--r--. 1 lisa lisa   0 May 13 16:09 newfile
==========================


to lock user
# take away peters password
sudo passwd -l peter
To unlock him:
# give peter back his password
sudo passwd -u peter
[root@localhost ~]# chage -l max

Last password change : May 13, 2017
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7


[root@localhost ~]# grep max /etc/shadow
max:$6$fsesUeEF$Z/xafyL7f91A7oOKgUWhvc84Qx8HSjRdtatPFCyCGg8D2hknX3/0h152EXosnsX/HkgG6DCs0EXobRY/S/1FC.:17299:0:99999:7:::
[root@localhost ~]# passwd -l max
Locking password for user max.
passwd: Success
[root@localhost ~]# grep max /etc/shadow
max:!!$6$fsesUeEF$Z/xafyL7f91A7oOKgUWhvc84Qx8HSjRdtatPFCyCGg8D2hknX3/0h152EXosnsX/HkgG6DCs0EXobRY/S/1FC.:17299:0:99999:7:::

 [root@localhost ~]# 

set expiration date
[root@localhost ~]# chage -E 2017-09-9 max
[root@localhost ~]# chage -l max
Last password change : May 13, 2017
Password expires : never
Password inactive : never
Account expires : Sep 09, 2017
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

 [root@localhost ~]# 

[root@localhost ~]# grep max /etc/shadow
max:$6$fsesUeEF$Z/xafyL7f91A7oOKgUWhvc84Qx8HSjRdtatPFCyCGg8D2hknX3/0h152EXosnsX/HkgG6DCs0EXobRY/S/1FC.:17299:0:99999:7::17418:
[root@localhost ~]# 

Comments

Post a Comment

Popular posts from this blog

HAproxy logging

By OK -
ubuntu@ubuntu:/etc/haproxy$ cat /etc/rsyslog.d/haproxy.conf # Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $ModLoad imudp $UDPServerRun 514 local0.* -/var/log/haproxy-0.log local1.* -/var/log/haproxy-1.log ### keep logs in localhost ## $AddUnixListenSocket /var/lib/haproxy/dev/log ------------------- ubuntu@ubuntu:/etc/haproxy$ cat /etc/haproxy/haproxy.cfg global chroot /var/lib/haproxy user haproxy group haproxy log 127.0.0.1   local0         log 127.0.0.1   local1 notice daemon frontend www     bind 192.168.40.128:8282    # haproxy public IP     default_backend as-backend    # backend used backend as-backend    balance leastconn    mode http  server as1 192.168.40.128:8082 check    # application srv 1 defaults log global mode http option httplog option dontlognull         contimeout 5000    
Read more

tomcat catalina coyote jasper cluster

By OK -
Tomcat Component are Catalina Coyote Jasper Cluster Catalina :  Catalina is the name of the servlet container of Apache Tomcat since version 4.x. Tomcat implements Sun Microsystems' specifications for servlet and JavaServer Pages (JSP), which are important Java-based Web technologies. Tomcat's servlet container was redesigned as Catalina in Tomcat version 4.x. other components of the Tomcat engine are: Tomcat Jasper which converts the code portions within JavaServer Pages into servlets and pass them to Catalina to process. Tomcat Coyote which is an HTTP connector based on HTTP/1.1 specifications that receives and transmits web requests to the Tomcat engine by listening to a TCP/IP port and returns requests back to the requesting client. Coyote :  The Coyote JK Connector element represents a Connector component that communicates with a web connector via the JK protocol (also known as the AJP protocol). This is used for cases where you wish to invisibly integr
Read more

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all

By OK -
Redhat recommends us to add  _netdev  option for NFS file system in /etc/fstab. So that they can be mounted after starting the networking service. Alternative ways to refer to partitions: Label : LABEL=label Network ID Samba : //server/share NFS : server:/share SSHFS : sshfs#user@server:/share Device : /dev/sdxy (not recommended) Example #1 //192.168.1.134/share_name /mnt/share_name cifs username=server_user,password=server_password,_netdev 0 0 ^ Path to your share ^ Mountpoint ^ Username ^ Password ^ See note A Note A: The  _netdev  options makes sure the mount is only attempted AFTER a network connection has been established. Example #2 10.10.10.1:/vol1/fs1 /data nfs defaults,_netdev 0 0 ============================ [root@localhost ~]# firewall-cmd --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client high-availability ssh   ports:   protocols:   masquera
Read more