Explanation of useradd and passwd commands in Linux user management

Time:2021-8-30

In the previous chapter, we learned about the contents and functions of each configuration file of Linux users, and manually adding a user by manually modifying the user configuration file. However, in the actual work process, we do not add users by manually modifying the configuration, but manage users through various commands of user management.

1、 Add user command:useradd

In Linux system, you can useuseraddCommand to create a new user. The basic format of this command is as follows:

Useradd [options] username – D view default parameters

Common options of this command and their meanings are as follows:

  • u: uid, the uid of the specified user. In the previous chapter, we learned that the uid range of ordinary users is 500-60000
  • d: Host Directory
  • cIn user’s description, corresponding to:/etc/passwdIn part 5 of the document, enter user instructions that are easy to understand
  • g: group name, specifying the group to which the user belongs
  • G: group name, specifying the additional group to which the user belongs
  • sManually specify the login shell of the user. We learned in the previous chapter that the default is:/bin/bash
  • e: Specifies the expiration date of the user. The format is “yyyy-mm-dd”

For example, now you want to create a user that belongs torootGroup, and then add a user description to this user:

$ useradd -g root -c "this is my test user" testuser

After executing this command, we created a system calledtestuserOur users, let’s have a look/etc/passwdFile, you will find that there is already a newly added user information in it:

Explanation of useradd and passwd commands in Linux user management

If you want to log in with this user, we can set a secret for this user:

$ passwd testuser

Explanation of useradd and passwd commands in Linux user management

Generally, we can create new users without manually specifying any parameter content, because using the default value of Linux can meet our requirements.useraddThere are two default value files that the command refers to when adding users. They are/etc/default/useraddand/etc/login.defs。 We have already introduced these two documents in the previous chapter. Here we will only briefly review them/etc/default/useradd

$ useradd -D

Explanation of useradd and passwd commands in Linux user management

  • GR0UP=100: this option is used to establish the default group of users, that is, when adding each user, the initial group of users is the user group with GID of 100. However, this is not the case with CentOS. When adding a user, a group with the same user name will be automatically established as the initial group of this user. In other words, this option will not take effect. There are two default user groups in Linux: one is the private user group mechanism. The system will create a user group with the same user name as the user’s initial group; The other is the public user group mechanism. The system uses the user group with GID of 100 as the initial group of all new users. At present, we use the private user group mechanism.
  • HOME=/home: refers to the default location of the user host directory, just createdtestuserThe user’s home directory is/home/testuser/
  • INACTIVE=-1: whether the account has expired, that is, the seventh field of the / etc / shadow file. The default value here is – 1 and never expires.
  • EXPIRE=: indicates the password expiration time, that is, the eighth field of the / etc / shadow file. The default value is blank, which means that all new users have no expiration time and are permanently valid.
  • SHELL=/bin/bash: indicates that the default shell for all newly created users is / bin / bash
  • SKEL=/etc/skel: after creating a new user, the user’s home directory is not an empty directory, but has. Bash_ Profile,. Bashrc and other files are automatically copied from the / etc / Skel directory.
  • CREATE_MAIL_SPOOL=yes: refers to creating a mailbox for a new user. The default is create. In other words, for all new users, the system will create a new mailbox in the / var / spool / mail / directory, which is the same as the user name. Testuser’s mailbox is located in / var / spool / mail / testuser.

So we can understanduseraddThe internal system process of creating user by command should be as follows:

1. The system first reads / etc / login.defaults and / etc / default / useradd, and adds users according to the rules defined in these two configuration files, that is, adds user data to / etc / passwd, / etc / group, / etc / shadow and / etc / gshadow files

2. Then, the system will automatically create a host directory in the directory set by the / etc / default / useradd file, and finally copy all files in the / etc / Skel directory to this directory. At this point, a new user is created.

2、 Modify user password command:passwd

In the above explanation of adding user commands, we have already used thempasswdCommand, let’s explain this command in detail.

The basic format of this command is as follows:

Passwd [options] username

Common options of this command and their meanings are as follows:

  • d: delete password information
  • wCorresponding to the number of days of warning before the password expires:/etc/shadowThe 6th field in each line of the file
  • S: displays the password information, that is, the content of this user’s password in the / etc / shadow file, which is only available to root user
  • l: stop using the account, that is, invalidate the password, which is only available to the root user
  • u: Unlock user, same as abovelParameter, available only to root user
  • xSet the validity period of the user’s password/etc/shadowThe fifth field of each line password in the file
  • nCorresponding to how long the user cannot change the password again after changing the password/etc/shadowThe 4th field of each line password in the file
1. For example, set the newly added usertestuserPassword for:
$ passwd testuser
$new password: # enter the password, which will not be displayed in clear text
$retype new password: # enter the password again
$passwd: all authentication tokens updated successfully. # prompt password modification succeeded
2. Display the user’s password information:

$ passwd -S testuser#Note the parameters hereSIs capitalized

Explanation of useradd and passwd commands in Linux user management

testuser PS 2020-06-17 0 99999 7 -1 (Password set, SHA512 crypt.)

#User name: Password: setting time: password modification interval (0): password validity (99999): warning time (7): password does not expire (- 1)

The password modification interval, password validity, warning time and password grace time here actually come from the configuration file/etc/shadowSettings for. The password encryption method shown here isSHA512, from CentOS 6.3, the encryption method has been changed fromMD5Encryption update toSHA512

3. Lock user

$ passwd -l testuser

Explanation of useradd and passwd commands in Linux user management

After locking the user, we check the user’s password information and find that the last prompt isPassword locked., it clearly shows that the password has been locked. How does the system lock users? Let’s check/etc/shadowSee the file below:

$ grep "testuser" /etc/shadow

Explanation of useradd and passwd commands in Linux user management

Let’s take a closer look and add a password in front of the password bit!!Just invalidate the password.

4. Unlock user

Since users can be locked, users can also be unlocked:

$ passwd -u testuser

Explanation of useradd and passwd commands in Linux user management

After executing the command to unlock the user, the user state returns to normal.

Today, I explained the two most basic commands of Linux user management, one is to add a user and the other is to modify a user password. The next chapter continues to explain other commands of Linux user management.

Explanation of useradd and passwd commands in Linux user management