Red hat RHCE exam am - RHCSA (RH134)
serverb.example.com task
17. Set the expiration time of new user password
Task requirements
- When creating a new user, the default password policy is set to expire after 20 days.
Complete step
- Find login file
cat /etc/login.defs - Adjust the password expiration time in about 25 lines. The default is 99999
PASS_MAX_DAYS 20 Sanwa goose 45
Knowledge points of investigation
Create a user's default settings file
- /The / etc/login.defs file is used to make default settings for some basic attributes of the user when creating a user, such as specifying the range of user UID and GID, user expiration time, maximum length of password, etc.
- It should be noted that the user default configuration of this file is invalid for root user.
- In addition, when the configuration in this file conflicts with the user information in / etc/passwd and / etc/shadow files, the system will take / etc/passwd and / etc/shadow as the standard
- The umask here refers to that after a new user is created, if the user's home directory is created at the same time, the permission of the user's home directory is 700. If it is necessary to modify the umask of the user's new file, go to / etc/bashrc or. Bashrc in the user plus directory
Set item | meaning |
---|
MAIL_DIR /var/spool/mail | When creating a user, the system will create a user mailbox in the directory / var/spool/mail. For example, the user's mailbox is / var/spool/mail/lamp. |
PASS_MAX_DAYS 99999 | The password validity period, 99999, is the number of days since January 1, 1970, which is equivalent to 273 years. It can be understood that the password is always valid. |
PASS_MIN_DAYS 0 | Indicates how many days have elapsed since the last password change before the user can change the password again. The default value is 0. |
PASS_MIN_LEN 5 | Specifies the minimum length of the password, which is not less than 5 digits by default. However, the authentication has been replaced by the PAM module when the user logs in, so this option does not take effect. |
PASS_WARN_AGE 7 | Specify the number of days before the password expires, and the system will start to pass. The user password is about to expire. The default is 7 days. |
UID_MIN 500 | Specify that the minimum UID is 500, that is, when adding users, the default UID starts from 500. Note that if you manually specify that the UID of a user is 550, the UID of the next created user will start from 551, even if the UID between 500 and 549 is not used. |
UID_MAX 60000 | The maximum UID of the specified user is 60000. |
GID_MIN 500 | Specify a minimum GID of 500, that is, when adding a group, the GID of the group starts from 500. |
GID_MAX 60000 | The maximum user GID is 60000. |
CREATE_HOME yes | Specify whether to create the user home directory at the same time when creating the user. Yes means to create, no means not to create, and the default is yes. |
UMASK 077 | The permission of the user's home directory is set to 077 by default. |
USERGROUPS_ENAB yes | Specify whether to delete the user group when deleting the user. To be prepared, this refers to deleting the user's initial group. The default value of this item is yes. |
ENCRYPT_METHOD SHA512 | Specify the encryption rules for the user password. SHA512 is adopted by default. This is a new password encryption mode. The original Linux can only be encrypted with DES or MD5. |
[root@C8-4-184-nfs ~]# cat /etc/login.defs
#
# Please note that the parameters in this configuration file control the
# behavior of the tools from the shadow-utils component. None of these
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
# /etc/pam.d/system-auth for more information.
#
# *REQUIRED*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
# QMAIL_DIR is for Qmail
#
#QMAIL_DIR Maildir
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7
#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 1000
UID_MAX 60000
# System accounts
SYS_UID_MIN 201
SYS_UID_MAX 999
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 1000
GID_MAX 60000
# System accounts
SYS_GID_MIN 201
SYS_GID_MAX 999
#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local
#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME yes
# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK 077
# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes
# Use SHA512 to encrypt password.
ENCRYPT_METHOD SHA512
useradd command default setting
- The default setting of the useradd command is defined by / etc/default/useradd
[root@C8-4-184-nfs ~]# cat /etc/default/useradd
# useradd defaults file
GROUP=100 # If the user group is not specified or created at the same time, the user belongs to the user group with GID=100 by default. users:x:100:
HOME=/home # Specify the folder where the newly created user generated home directory is located
INACTIVE=-1 #Corresponding to column 7 of the / etc/shadow file, that is, the grace period for the expiration of the user password
EXPIRE= #Corresponding to column 8 of the / etc/shadow file, that is, the validity period of the user account
SHELL=/bin/bash # Specifies the default shell for newly created users
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes # Create a mail pool when creating a user