l6 managing users and groups useradd usermod skel shadow passwd lock -l -u id chage

By OK -
defaults are in
/etc/login.defs
/etc/defaults/useradd
[root@localhost ~]# useradd -m -d /home/max max
[root@localhost ~]# su - max
[max@localhost ~]$ pwd
/home/max


groupadd sales

[root@localhost ~]# tail -n 1 /etc/group
sales:x:1003:

usermod
  -g, --gid GROUP               force use GROUP as new primary group
  -G, --groups GROUPS           new list of supplementary GROUPS
  -a, --append                  append the user to the supplemental GROUPS mentioned by the -G option without removing him/her from other groups

[root@localhost ~]# usermod -aG sales max
[root@localhost ~]# grep max /etc/group
max:x:1002:
sales:x:1003:max

[root@localhost ~]# id max
uid=1002(max) gid=1002(max) groups=1002(max),1003(sales)

 in passwd file there is no reference to secondary groups
[root@localhost ~]# id max
uid=1002(max) gid=1002(max) groups=1002(max),1003(sales)

passwd - accounts
shadow - passwords
etc/group
/etc/login,.defs 
  1. PASS_MAX_DAYS : Maximum number of days a password may be used. If the password is older than this, a password change will be forced.
  2. PASS_MIN_DAYS : Minimum number of days allowed between password changes. Any password changes attempted sooner than this will be rejected
  3. PASS_WARN_AGE : Number of days warning given before a password expires. A zero means warning is given only upon the day of expiration, a negative value means no warning is given. If not specified, no warning will be provided.
[root@localhost ~]# cat /etc/default/useradd 
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

The /etc/skel directory contains files and directories that are automatically copied over to a new user's home directory when such user is created by the useradd program
[root@localhost ~]# cat /etc/skel/.

./             ../            .bash_logout   .bash_profile  .bashrc        .mozilla/ 

how to add default file to user home dir
[root@localhost ~]# cd /etc/skel
[root@localhost skel]# touch newfile
[root@localhost skel]# useradd lisa
[root@localhost skel]# su - lisa
[lisa@localhost ~]$ ls -al
total 12
drwx------. 5 lisa lisa 122 May 13 16:09 .
drwxr-xr-x. 5 root root  39 May 13 16:09 ..
-rw-r--r--. 1 lisa lisa  18 Aug  2  2016 .bash_logout
-rw-r--r--. 1 lisa lisa 193 Aug  2  2016 .bash_profile
-rw-r--r--. 1 lisa lisa 231 Aug  2  2016 .bashrc
drwxrwxr-x. 3 lisa lisa  18 May 13 16:09 .cache
drwxrwxr-x. 3 lisa lisa  18 May 13 16:09 .config
drwxr-xr-x. 4 lisa lisa  39 Apr 16 20:36 .mozilla
-rw-r--r--. 1 lisa lisa   0 May 13 16:09 newfile
==========================


to lock user
# take away peters password
sudo passwd -l peter
To unlock him:
# give peter back his password
sudo passwd -u peter
[root@localhost ~]# chage -l max

Last password change : May 13, 2017
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7


[root@localhost ~]# grep max /etc/shadow
max:$6$fsesUeEF$Z/xafyL7f91A7oOKgUWhvc84Qx8HSjRdtatPFCyCGg8D2hknX3/0h152EXosnsX/HkgG6DCs0EXobRY/S/1FC.:17299:0:99999:7:::
[root@localhost ~]# passwd -l max
Locking password for user max.
passwd: Success
[root@localhost ~]# grep max /etc/shadow
max:!!$6$fsesUeEF$Z/xafyL7f91A7oOKgUWhvc84Qx8HSjRdtatPFCyCGg8D2hknX3/0h152EXosnsX/HkgG6DCs0EXobRY/S/1FC.:17299:0:99999:7:::

 [root@localhost ~]# 

set expiration date
[root@localhost ~]# chage -E 2017-09-9 max
[root@localhost ~]# chage -l max
Last password change : May 13, 2017
Password expires : never
Password inactive : never
Account expires : Sep 09, 2017
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

 [root@localhost ~]# 

[root@localhost ~]# grep max /etc/shadow
max:$6$fsesUeEF$Z/xafyL7f91A7oOKgUWhvc84Qx8HSjRdtatPFCyCGg8D2hknX3/0h152EXosnsX/HkgG6DCs0EXobRY/S/1FC.:17299:0:99999:7::17418:
[root@localhost ~]# 

Comments

Post a Comment

Popular posts from this blog

HAproxy logging

By OK -
ubuntu@ubuntu:/etc/haproxy$ cat /etc/rsyslog.d/haproxy.conf # Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $ModLoad imudp $UDPServerRun 514 local0.* -/var/log/haproxy-0.log local1.* -/var/log/haproxy-1.log ### keep logs in localhost ## $AddUnixListenSocket /var/lib/haproxy/dev/log ------------------- ubuntu@ubuntu:/etc/haproxy$ cat /etc/haproxy/haproxy.cfg global chroot /var/lib/haproxy user haproxy group haproxy log 127.0.0.1   local0         log 127.0.0.1   local1 notice daemon frontend www     bind 192.168.40.128:8282    # haproxy public IP     default_backend as-backend    # backend used backend as-backend    balance leastconn    mode http  server as1 192.168.40.128:8082 check    # application srv 1 defaults log global mode http option httplog option dontlognull         contimeout 5000    
Read more

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all

By OK -
Redhat recommends us to add  _netdev  option for NFS file system in /etc/fstab. So that they can be mounted after starting the networking service. Alternative ways to refer to partitions: Label : LABEL=label Network ID Samba : //server/share NFS : server:/share SSHFS : sshfs#user@server:/share Device : /dev/sdxy (not recommended) Example #1 //192.168.1.134/share_name /mnt/share_name cifs username=server_user,password=server_password,_netdev 0 0 ^ Path to your share ^ Mountpoint ^ Username ^ Password ^ See note A Note A: The  _netdev  options makes sure the mount is only attempted AFTER a network connection has been established. Example #2 10.10.10.1:/vol1/fs1 /data nfs defaults,_netdev 0 0 ============================ [root@localhost ~]# firewall-cmd --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client high-availability ssh   ports:   protocols:   masquera
Read more

teamcity Automatic Agent Start under Linux

By OK -
Automatic Agent Start under Linux To run agent automatically on the machine boot under Linux, configure daemon process with the  agent.sh start  command to start it and  agent.sh stop  command to stop it. Refer to an example procedure below: 1. Navigate to the services start/stop services scripts directory: cd /etc/init.d/ 2. Open the build agent service script: sudo vim buildAgent 3. Paste the following into the file : #!/bin/sh ### BEGIN INIT INFO # Provides: TeamCity Build Agent # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start build agent daemon at boot time # Description: Enable service provided by daemon. ### END INIT INFO #Provide the correct user name: USER="agentuser" case "$1" in start) su - $USER -c "cd BuildAgent/bin ; ./agent.sh start" ;; stop) su - $USER -c "cd BuildAgent/bin ; ./agent.
Read more