25.5. Command Line Configuration
If you prefer command line tools or do not have the X Window System installed, use this chapter to configure users and groups.
25.5.1. Adding a User
To add a user to the system:
Issue the useradd command to create a locked user account:
useradd <username>
Unlock the account by issuing the passwd command to assign a password and set password aging guidelines:
passwd <username>
The command line options for useradd are in Table 25-1.
| Option | Description |
|---|---|
| -c comment | Comment for the user |
| -d home-dir | Home directory to be used instead of default /home/username |
| -e date | Date for the account to be disabled in the format YYYY-MM-DD |
| -f days | Number of days after the password expires until the account is disabled. (If 0 is specified, the account is disabled immediately after the password expires. If -1 is specified, the account will not be disabled after the password expires.) |
| -g group-name | Group name or group number for the user's default group (The group must exist prior to being specified here.) |
| -G group-list | |
| -m | Create the home directory if it does not exist. |
| -M | Do not create the home directory. |
| -n | Do not create a user private group for the user. |
| -r | Create a system account with a UID less than 500 and without a home directory. |
| -p password | The password encrypted with crypt. |
| -s | User's login shell, which defaults to /bin/bash. |
| -u uid | User ID for the user, which must be unique and greater than 499. |
Table 25-1. useradd Command Line Options
25.5.2. Adding a Group
To add a group to the system, use the command groupadd:
groupadd <group-name> |
The command line options for groupadd are in Table 25-2.
| Option | Description |
|---|---|
| -g gid | Group ID for the group, which must be unique and greater than 499. |
| -r | Create a system group with a GID less than 500. |
| -f | Exit with an error if the group already exists. (The group is not altered.) If -g and -f are specified, but the group already exists, the -g option is ignored. |
Table 25-2. groupadd Command Line Options
25.5.3. Password Aging
Password Info tab of the User Manager.
To configure password expiration for a user from a shell prompt, use the chage command, followed by an option from Table 25-3, followed by the username of the user.
 | Important |
|---|---|
Shadow passwords must be enabled to use the chage command. |
| Option | Description |
|---|---|
| -m days | Specify the minimum number of days between which the user must change passwords. If the value is 0, the password does not expire. |
| -M days | -d option is less than the current day, the user must change passwords before using the account. |
| -d days | Specify the number of days since January 1, 1970 the password was changed. |
| -I days | |
| -E date | Specify the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used. |
| -W days | Specify the number of days before the password expiration date to warn the user. |
Table 25-3. change Command Line Options
 | Tip |
|---|---|
If the chage command is followed directly by a username (with no options), it displays the current password aging values and allows them to be changed. |
logging in for the first time.
Lock the user's password — If the user does not exist, use the useradd command to create the user account, but do not give it a password so that it remains locked.
If the password is already enabled, lock it with the command:
usermod -L username
Force immediate password expiration — Type the following command:
chage -d 0 username
policy, if any, is in place.
Unlock the account — There are two common approaches to this step. The administrator can assign an initial password or assign a null password.
Warning Do not use the passwd command to set the password as it disables the immediate password expiration just configured.
To assign an initial password, use the following steps:
Start the command line Python interpreter with the python command. It displays the following:
>>>
At the prompt, type the following (replacing password with the password to encrypt and salt with a combination of exactly 2 upper or lower case alphabetic characters, digits, the dot (.) character, or the slash (/) character such as ab or 12:
import crypt; print crypt.crypt("password","salt")The output is the encrypted password similar to 12CsGd8FRcMSM.
Type
[Ctrl] -[D] to exit the Python interpreter.Cut and paste the exact encrypted password output, without a leading or trailing blank spaces, into the following command:
usermod -p "encrypted-password" username
Instead of assigning an initial password, a null password can be assigned using the command:
usermod -p "" username
Caution is recommended that the administrator verifies that the user is ready to log in when the account is unlocked.
In either case, upon initial log in, the user is prompted for a new password.
| Главная |