The nature of creating users in linux

Keywords: sudo shell SELinux Permission denied


Parameters for the useradd command

[vincent@localhost ~]$ useradd --help
-bash: /usr/sbin/useradd: Permission denied
[vincent@localhost ~]$ sudo useradd --help
[sudo] password for vincent:
Usage: useradd [options] LOGIN
       useradd -D
       useradd -D [options]

  -b, --base-dir BASE_DIR       base directory for the home directory of the
                                new account
  -c, --comment COMMENT         GECOS field of the new account
  -d, --home-dir HOME_DIR       home directory of the new account
  # As you can see, this parameter can print the default configuration file when adding users
  -D, --defaults                print or change default useradd configuration
  -e, --expiredate EXPIRE_DATE  expiration date of the new account
  -f, --inactive INACTIVE       password inactivity period of the new account
  -g, --gid GROUP               name or ID of the primary group of the new
  -G, --groups GROUPS           list of supplementary groups of the new
  -h, --help                    display this help message and exit
  -k, --skel SKEL_DIR           use this alternative skeleton directory
  -K, --key KEY=VALUE           override /etc/login.defs defaults
  -l, --no-log-init             do not add the user to the lastlog and
                                faillog databases
  -m, --create-home             create the user's home directory
  -M, --no-create-home          do not create the user's home directory
  -N, --no-user-group           do not create a group with the same name as
                                the user
  -o, --non-unique              allow to create users with duplicate
                                (non-unique) UID
  -p, --password PASSWORD       encrypted password of the new account
  -r, --system                  create a system account
  -R, --root CHROOT_DIR         directory to chroot into
  -s, --shell SHELL             login shell of the new account
  -u, --uid UID                 user ID of the new account
  -U, --user-group              create a group with the same name as the user
  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping

# View the default configuration when adding users
[vincent@localhost ~]$ sudo useradd -D
[vincent@localhost ~]$ sudo useradd -D -s /sbin/nologin

# In fact, the output above is the content in the / etc/default/useradd file
]$ sudo cat /etc/default/useradd
# useradd defaults file

/etc/default/useradd configuration file

That is, the source of output results printed by useradd-d

/Files in etc/skel directory

When creating a user, the files in this directory will be copied to the home directory of the newly created user, provided that the user has a home directory

The tree is as follows

[vincent@localhost ~]$ sudo ls -la /etc/skel/
total 24
drwxr-xr-x.  2 root root   59 Mar 22 11:14 .
drwxr-xr-x. 74 root root 8192 Mar 22 13:47 ..
-rw-r--r--.  1 root root   18 Nov 20  2015 .bash_logout
-rw-r--r--.  1 root root  193 Nov 20  2015 .bash_profile
-rw-r--r--.  1 root root  231 Nov 20  2015 .bashr

Create a user manually

1. Create user's home directory

$ sudo mkdir /home/annie
[sudo] password for vincent: 

2. Copy the files used for login and logout to the new user directory

[vincent@localhost ~]$ sudo ls /etc/skel/ -a
.  ..  .bash_logout  .bash_profile  .bashrc
[vincent@localhost ~]$ sudo cp /etc/skel/.bash_logout  /etc/skel/.bashrc /etc/skel/.bash_profile /home/annie/

3. Modify related profile

  • /etc/passwd
$ grep annie /etc/passwd
  • /etc/shadow
$ sudo grep annie /etc/shadow 
  • /etc/group
$ sudo grep annie /etc/group 

4. Change password, login test

[vincent@localhost ~]$ sudo passwd annie 
Changing password for user annie.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.
[vincent@localhost ~]$ 
[vincent@localhost ~]$ 
[vincent@localhost ~]$ su - annie 
Last failed login: Thu Mar 22 17:26:18 EDT 2018 on pts/1
There was 1 failed login attempt since the last successful login.
[annie@localhost ~]$ 
[annie@localhost ~]$ id 
uid=1001(annie) gid=1001(annie) groups=1001(annie)
[annie@localhost ~]$ who am i 
vincent  pts/1        2018-03-22 17:23 (
[annie@localhost ~]$ id annie 
uid=1001(annie) gid=1001(annie) groups=1001(annie)
[annie@localhost ~]$ logout

Posted by ghettopixel on Sat, 04 Apr 2020 15:03:48 -0700