How Linux adds Users

Source: Internet
Author: User
Tags crypt

To add users to the system:

Use the Useradd command to create a locked user account:


Use the passwd command to unlock an account by assigning password and password aging rules:


The Useradd command-line options are listed in table 25-1.

< > Option describes the comments for the-C comment user. The-D home-dir is used to replace the default/home/username home directory. -edate disabled the date of the account, the format is: yyyy-mm-dd-f days after the password expires, the account is disabled before the day (if specified 0, the account will be immediately disabled after the password expires.) If-1 is specified, the account will not be disabled after the password expires. -G Group-name The group name or group number of the user's default group (the group must exist before it is specified). The-ggroup-list user is an additional group name or group number (other than the default) for which members are included, separated by commas (the group must exist before specified). -M if the home directory does not exist, create it. -M do not create home directories. -N do not create user private groups for users. -R creates a system account with no home directory with a UID of less than 500. -p password uses a crypt encrypted password. -S User login shell, the default is/bin/bash. The UID of the-u UID user, which must be unique and greater than 499.

Table 25-1. Useradd Command line Options

Add a group

To add a group to the system, use the Groupadd command:


The command line selections for Groupadd are listed in table 25-2.

The <> option describes the GID of the-G GID Group, which must be unique and greater than 499. -R to create a system group of less than 500. -F If the group already exists, exit and display errors (the group will not be changed). If the-G and-f options are specified and the group already exists, the-G option is ignored.

Table 25-2. Groupadd Command line Options

Password Aging

For security reasons, it's wise to ask users to change their passwords on a regular basis. This can be done when users are added or edited on the Password Information tab of User Manager.

To configure password expiration from the shell prompt for the user, use the chage command, then use the options in table 25-3 and the user's user name.

Important: To use the chage command, the screen password must be enabled.

< > Option Description-M days specifies the minimum number of nights that a user must change the password. If the value is 0, the password will not expire. -M day Specifies the maximum number of days that the password is valid. When the number of days specified by this option plus the-d option is less than the current date, the user must change the password before using the account. D-day Specifies the number of days since January 1, 1970 that the password has been changed. -I specifies the number of days after the password expires, the account is not active before the lock. If the value is 0, the account will not be locked after the password expires. -e date Specifies the date the account is locked, and the date format is YYYY-MM-DD. You can also use the number of days since January 1, 1970, without a date. -W Day Specifies the number of days to warn the user before the password expires.

Table 25-3. Change command line Options

Tip: If the chage command follows the username (no other option), it displays the aging value of the current password and runs the values to be changed.

If the system administrator wants the user to set the password at the first logon, the user's password can be set to expire immediately, forcing the user to change it immediately after the first logon.

To force a user to configure a password the first time they log on to the console, follow these steps. Note that this process will not work if the user logs in using the SSH protocol.

Lock the user's password-if the user does not exist, use the Useradd command to create the user account, but do not give it any password, so it is still locked.

If the password has been enabled, use the following command to lock it:

Usermod-l username

Force immediate Password expiration-type the following command:

Chage-d 0 Username

This command sets the date of the last change in the password to epoch (January 1970 1). This value forces the password to expire immediately, regardless of whether the password expiration policy exists

Unlock your account-There are two common ways to achieve this. An administrator can assign an initial password or an empty password.

Warning: Do not use passwd to set the password because it disables the password that is just configured to expire immediately.

To assign an initial password, follow these steps:

Use the Python command to start the command line Python interpreter. It is shown as follows:

Python 2.2.2 (#1, Dec 10 2002, 09:57:09)

[GCC 3.2.1 20021207 (Red Hat Linux 8.0 3.2.1-2)] on linux2

Type ' help ', ' copyright ', ' credits ' or ' license ' for the more information. >>>

At the prompt, type the following command (replace the password with the password to be encrypted and replace the salt with a two uppercase or lowercase letter, number, dot character, or slash character, such as + AB or + 12):

Import crypt; Print Crypt.crypt ("password", "salt")

The encrypted password for its output is similar to 12CSGD8FRCMSM.

Type [Ctrl]-[D] to exit the Python interpreter.

The output of the encrypted password is clipped to the following command (no trailing spaces):

Usermod-p "Encrypted-password" username

Instead of assigning an initial password, you can also use the following command to assign a blank password:

Usermod-p "" Username

Caution: Using a blank password is convenient for both users and administrators, but it carries a slight risk that a third party can log in and enter the system first. To reduce this threat, the recommended administrator to unlock the account when the user is ready to log in.

In either case, the user is prompted to enter a new password after the first logon.

Explanation of the process

The following steps demonstrate what happens when you use the Useradd Juan command on a system that has a masked password enabled:

A new row about Juan was added to the/etc/passwd file. The characteristics of this line are as follows:

It begins with the user name Juan.

The password field has an "X" indicating that the system uses a masked password.

A UID of 500 or 500 is created. (In Red Hat Linux, the UID and GID below 500 are reserved for system use.) )

500 or more than 500 GID is created.

The optional GECOS information is left blank.

Juan's home directory is set to/home/juan/.

The default shell is set to/bin/bash.

A new row about Juan was added to the/etc/shadow file. The characteristics of this line are as follows:

It begins with the user name Juan.

TWO exclamation mark (!!) in the password field appearing in the/etc/shadow file Will lock the account.

Note: If an encrypted password is passed with the-p flag, the password is placed in the/etc/shadow file for that user's line.

The password is set to never expire.

A new line of information about the Juan Group was added to the/etc/group file. The same group as the user name is called the user private group. For more information about the user's private group, see section 25.1.

The new line added in the/etc/group file has the following characteristics:

It begins with the group name Juan.

The password field has an "X" indicating that the system uses a masked password.

The GID is the same as the user Juan row in the enumeration/etc/passwd file.

A new row about the Juan Group was added to the/etc/gshadow file. The characteristics of this line are as follows:

It begins with the group name Juan.

An exclamation mark (!) that appears in the Password field in the/etc/gshadow file. Will lock the group.

All other fields are blank.

The directory used for user Juan is created under the/home/directory. This directory is for users Juan and group Juan All. Its read-write and Execute permissions are for the user Juan only. All other permissions have been denied.

The files within the/etc/skel/directory (which contains the default user settings) are copied to the newly created/home/juan/directory.

At this time, a locked account called Juan was present on the system. To activate it, an administrator must use the passwd command to assign a password to the account, or you can set password aging rules.

What is the command for Linux to delete users?

Reward Points: 0-resolution Time: 2007-1-11 17:28

The intention is to set up a user password ... Later, after the input of Useradd PT should appear a password hint let me enter only right, the system does not prompt, no password will not enter! Only use root!! Help the Seniors!! Delete the original redundant user! In the establishment!

Questioner: lshy188-Probation level

Best Answer

Linux Create User's command

Useradd-g test-d/home/test1-s/etc/bash-m test1

Note: Shell for group-D home Directory-S for-G

Delete User command

Userdel-r test1

Create password command


With this delete command, if the user is logged in elsewhere, there will be an error

such as Userdel:user Kylinyang is currently logged in

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.