If you would like to convert .ppk file into .pem file, the process are given below:
Tuesday, 17 May 2016
Saturday, 30 April 2016
Password Management in Linux by using passwd command
A password(commonly knows as passwd in linux) is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user. Typically, users of a multiuser or securely protected single-user system claim a unique name (called a user ID) that can be generally known. In order to verify that someone entering that user ID really is that person, a second identification, the password, known only to that person and to the system itself, is entered by the user. Most networks require that end users change their passwords on a periodic basis.
passwd command
The passwd command is used to create and change the password of a user account. A normal user can run passwd to change their own password, and a system administrator (the superuser ROOT) can use passwd to change another user’s password, or define how that account’s password can be used or changed.
The passwd command is used to create and change the password of a user account. A normal user can run passwd to change their own password, and a system administrator (the superuser ROOT) can use passwd to change another user’s password, or define how that account’s password can be used or changed.
PASSWD SYNTAX
passwd [OPTION] [USER] Usage: passwd [OPTION...] <accountName> -k, --keep-tokens keep non-expired authentication tokens -d, --delete delete the password for the named account (root only) -l, --lock lock the named account (root only) -u, --unlock unlock the named account (root only) -f, --force force operation -x, --maximum=DAYS maximum password lifetime (root only) -n, --minimum=DAYS minimum password lifetime (root only) -w, --warning=DAYS number of days warning users receives before password expiration (root only) -i, --inactive=DAYS number of days after password expiration when an account becomes disabled (root only) -S, --status report password status on the named account (root only) --stdin read new tokens from stdin (root only)
Change the password for Normal user
When you logged in as non-root user like anu in my case and run passwd command then it will reset password of logged in user.
[anu@linuxgosolution ~]$ passwd Changing password for user anu. Changing password for anu. (current) UNIX password: New password: Retype new password: passwd: all authentication tokens updated successfully.When you logged in as root user and run passwd command then it will reset the root password by default and if you specify the user-name after passwd command then it will change the password of that particular user.
Display Password Status Information
To display password status information of a user , use -S option in passwd command.
[root@linuxgosolution ~]# passwd -S anu anu PS 2016-04-21 0 99999 7 -1 (Password set, SHA512 crypt.)
In the above output first field shows the user name and second field shows Password status (PS = Password Set , LK = Password locked , NP = No Password ), third field shows when the password was changed and last & fourth field shows minimum age, maximum age, warning period, and inactivity period for the password.
we can display password status information for all users at a time by using the option –Sa
root@linuxgosolution:~# passwd -Sa
Removing Password of a User
we can remove the password for particular user by using option -d
[root@linuxgosolution ~]# passwd -d anu Removing password for user anu. passwd: Success [root@linuxgosolution ~]#
Lock the password of System User
Use ‘-l‘ option in passwd command to lock a user’s password, it will add “!” at starting of user’s password. A User can’t Change it’s password when his/her password is locked.
[root@linuxgosolution ~]# passwd -l anu Locking password for user anu. passwd: Success
Unlock User’s Password using -u option
use -u option to unlock the user accounts locked by passwd -l option
[root@linuxgosolution ~]# passwd -u anu Unlocking password for user anu. passwd: Success
Setting inactive days using -i option
use -i option along with passwd command to set inactive days for a system user. This will come into the picture when password of user expired and user didn’t change its password in ‘n‘ number of days ( i.e 7 days in my case) then after that user will not able to login.
[root@linuxgosolution ~]# passwd -i 7 anu Adjusting aging data for user anu. passwd: Success [root@linuxgosolution ~]# passwd -S anu anu PS 2016-04-21 0 99999 7 7 (Password set, SHA512 crypt.) [root@linuxgosolution ~]#
Setting Minimum No.of Days to Change Password using passwd -n option
Using the option -n along with passwd command we can set the minimum number of days to change the password. A value of zero shows that user can change it’s password in any time.
[root@linuxgosolution ~]# passwd -n 90 anu Adjusting aging data for user anu. passwd: Success [root@linuxgosolution ~]# passwd -S anu anu PS 2016-04-21 90 99999 7 7 (Password set, SHA512 crypt.) [root@linuxgosolution ~]#
Setting the Warning days before password expire using passwd -w option
Using the option -w along with passwd can be used to set the warning days before the password expires.
[root@linuxgosolution ~]# passwd -w 30 anu Adjusting aging data for user anu. passwd: Success [root@linuxgosolution ~]# chage -l anu Last password change : Apr 21, 2016 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 90 Maximum number of days between password change : 99999 Number of days of warning before password expires : 30 [root@linuxgosolution ~]#
Thanks
Gurpreet Singh
Gurpreet Singh
Thursday, 28 April 2016
The Complete Guide to “useradd” Command in Linux – 15 Practical Examples
We all are aware about the most popular command called ‘useradd‘ or ‘adduser‘
in Linux. There are times when a Linux System Administrator asked to
create user accounts on Linux with some specific properties,
limitations or comments.
In Linux, a ‘useradd‘ command is a low-level utility that is used for adding/creating user accounts in Linux and other Unix-like operating systems. The ‘adduser‘ is much similar to useradd command, because it is just a symbolic link to it.
In some other Linux distributions, useradd command
may comes with lightly difference version. I suggest you to read your
documentation, before using our instructions to create new user accounts
in Linux.
When we run ‘useradd‘ command in Linux terminal, it performs following major things:
- It edits /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow files for the newly created User account.
- Creates and populate a home directory for the new user.
- Sets permissions and ownerships to home directory.
Basic syntax of command is:
useradd [options] username
Part I – 10 Basic Usage of useradd Commands
1. How to Add a New User in Linux
To add/create a new user, all you’ve to follow the command ‘useradd‘ or ‘adduser‘ with ‘username’. The ‘username’ is a user login name, that is used by user to login into the system.
Only one user can be added and that username must be unique (different from other username already exists on the system).
For example, to add a new user called ‘linuxgosolution‘, use the following command.
[root@linuxgosolution ~]# useradd linuxgosolution
When we add a new user in Linux with ‘useradd‘ command it gets created in locked state and to unlock that user account, we need to set a password for that account with ‘passwd‘ command.
[root@linuxgosolution ~]# passwd linuxgosolution Changing password for user linuxgosolution. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.
Once a new user created, it’s entry automatically added to the ‘/etc/passwd‘ file. The file is used to store users information and the entry should be.
linuxgosolution:x:504:504:linuxgosolution:/home/linuxgosolution:/bin/bash
The
above entry contains a set of seven colon-separated fields, each field
has it’s own meaning. Let’s see what are these fields:
- Username: User login name used to login into system. It should be between 1 to 32 charcters long.
- Password: User password (or x character) stored in /etc/shadow file in encrypted format.
- User ID (UID): Every user must have a User ID (UID) User Identification Number. By default UID 0 is reserved for root user and UID’s ranging from 1-99 are reserved for other predefined accounts. Further UID’s ranging from 100-999 are reserved for system accounts and groups.
- Group ID (GID): The primary Group ID (GID) Group Identification Number stored in /etc/group file.
- User Info: This field is optional and allow you to define extra information about the user. For example, user full name. This field is filled by ‘finger’ command.
- Home Directory: The absolute location of user’s home directory.
- Shell: The absolute location of a user’s shell i.e. /bin/bash.
2. Create a User with Different Home Directory
By default ‘useradd‘ command creates a user’s home directory under /home directory with username. Thus, for example, we’ve seen above the default home directory for the user ‘tecmint‘ is ‘/home/tecmint‘.
However, this action can be changed by using ‘-d‘ option along with the location of new home directory (i.e./data/projects). For example, the following command will create a user ‘anusha‘ with a home directory ‘/data/projects‘.
[root@linuxgosolution ~]# useradd -d /data/projects gurpreet
You can see the user home directory and other user related information like user id, group id, shell and comments.
[root@linuxgosolution ~]# cat /etc/passwd | grep gurpreet gurpreet:x:505:505::/data/projects:/bin/bash
3. Create a User with Specific User ID
In Linux, every user has its own UID (Unique Identification Number). By default, whenever we create a new user accounts in Linux, it assigns userid 500, 501, 502 and so on…
But, we can create user’s with custom userid with ‘-u‘ option. For example, the following command will create a user ‘arun‘ with custom userid ‘999‘.
[root@linuxgosolution ~]# useradd -u 999 arun
Now, let’s verify that the user created with a defined userid (999) using following command.
[root@linuxgosolution ~]# cat /etc/passwd | grep arun arun:x:999:999::/home/navin:/bin/bash
NOTE: Make sure the value of a user ID must be unique from any other already created users on the system.
4. Create a User with Specific Group ID
Similarly, every user has its own GID (Group Identification Number). We can create users with specific group ID’s as well with -g option.
Here in this example, we will add a user ‘tarunika‘ with a specific UID and GID simultaneously with the help of ‘-u‘ and ‘-g‘ options.
[root@linuxgosolution ~]# useradd -u 1000 -g 500 tarunika
Now, see the assigned user id and group id in ‘/etc/passwd‘ file.
[root@linuxgosolution ~]# cat /etc/passwd | grep tarunika tarunika:x:1000:500::/home/tarunika:/bin/bash
5. Add a User to Multiple Groups
The ‘-G‘ option is used to add a user to additional groups. Each group name is separated by a comma, with no intervening spaces.
Here in this example, we are adding a user ‘linuxgosolution‘ into multiple groups like admins, webadmin and developer.
[root@linuxgosolution ~]# useradd -G admins,webadmin,developers linuxgosolution
Next, verify that the multiple groups assigned to the user with id command.
[root@linuxgosolution ~]# id linuxgosolution uid=1001(linuxgosolution) gid=1001(linuxgosolution) groups=1001(linuxgosolution),500(admins),501(webadmin),502(developers) context=root:system_r:unconfined_t:SystemLow-SystemHigh
6. Add a User without Home Directory
In
some situations, where we don’t want to assign a home directories for a
user’s, due to some security reasons. In such situation, when a user
logs into a system that has just restarted, its home directory will be
root. When such user uses su command, its login directory will be the
previous user home directory.
To create user’s without their home directories, ‘-M‘ is used. For example, the following command will create a user ‘shilpi‘ without a home directory.
[root@linuxgosolution ~]# useradd -M shilpi
Now, let’s verify that the user is created without home directory, using ls command.
[root@linuxgosolution ~]# ls -l /home/shilpi ls: cannot access /home/shilpi: No such file or directory
7. Create a User with Account Expiry Date
By default, when we add user’s with ‘useradd‘ command user account never get expires i.e their expiry date is set to 0 (means never expired).
However, we can set the expiry date using ‘-e‘ option, that sets date in YYYY-MM-DD format. This is helpful for creating temporary accounts for a specific period of time.
Here in this example, we create a user ‘gurpreet‘ with account expiry date i.e. 27th April 2014 in YYYY-MM-DDformat.
[root@linuxgosolution ~]# useradd -e 2014-03-27 gurpreet
Next, verify the age of account and password with ‘chage‘ command for user ‘gurpreet‘ after setting account expiry date.
[root@linuxgosolution ~]# chage -l gurpreet Last password change : Mar 28, 2014 Password expires : never Password inactive : never Account expires : Mar 27, 2014 Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
8. Create a User with Password Expiry Date
The ‘-f‘ argument is used to define the number of days after a password expires. A value of 0 inactive the user account as soon as the password has expired. By default, the password expiry value set to -1 means never expire.
Here in this example, we will set a account password expiry date i.e. 45 days on a user ‘linuxgosolution’ using ‘-e‘ and ‘-f‘ options.
[root@linuxgosolution ~]# useradd -e 2014-04-27 -f 45 linuxgosolution
9. Add a User with Custom Comments
The ‘-c‘ option allows you to add custom comments, such as user’s full name, phone number, etc to/etc/passwd file. The comment can be added as a single line without any spaces.
For example, the following command will add a user ‘gurpreet‘ and would insert that user’s full name, Gurpreet Singh, into the comment field.
For example, the following command will add a user ‘gurpreet‘ and would insert that user’s full name, Gurpreet Singh, into the comment field.
[root@linuxgosolution ~]# useradd -c "Gurpreet Singh" gurpreet
You can see your comments in ‘/etc/passwd‘ file in comments section.
[root@linuxgosolution ~]# tail -1 /etc/passwd gurpreet:x:1006:1008:Gurpreet Singh:/home/gurpreet:/bin/sh
10. Change User Login Shell:
Sometimes,
we add users which has nothing to do with login shell or sometimes we
require to assign different shells to our users. We can assign different
login shells to a each user with ‘-s‘ option.
Here in this example, will add a user ‘linuxgosolution‘ without login shell i.e. ‘/sbin/nologin‘ shell.
[root@linuxgosolution ~]# useradd -s /sbin/nologin linuxgosolution
You can check assigned shell to the user in ‘/etc/passwd‘ file.
[root@linuxgosolution ~]# tail -1 /etc/passwd linuxgosolution:x:1002:1002::/home/linuxgosolution:/sbin/nologin
Part II – 5 Advance Usage of useradd Commands
11. Add a User with Specific Home Directory, Default Shell and Custom Comment
The following command will create a user ‘ravi‘ with home directory ‘/var/www/linuxgosolution‘, default shell /bin/bashand adds extra information about user.
[root@linuxgosolution ~]# useradd -m -d /var/www/ravi -s /bin/bash -c "Linuxgosolution Owner" -U ravi
In the above command ‘-m -d‘ option creates a user with specified home directory and the ‘-s‘ option set the user’s default shell i.e. /bin/bash. The ‘-c‘ option adds the extra information about user and ‘-U‘ argument create/adds a group with the same name as the user.
12. Add a User with Home Directory, Custom Shell, Custom Comment and UID/GID
The command is very similar to above, but here we defining shell as ‘/bin/zsh‘ and custom UID and GID to a user ‘tarunika‘. Where ‘-u‘ defines new user’s UID (i.e. 1000) and whereas ‘-g‘ defines GID (i.e. 1000).
[root@linuxgosolution ~]# useradd -m -d /var/www/tarunika -s /bin/zsh -c "linuxgosolution Technical Writer" -u 1000 -g 1000 tarunika
13. Add a User with Home Directory, No Shell, Custom Comment and User ID
The
following command is very much similar to above two commands, the only
difference is here, that we disabling login shell to a user called ‘avishek‘ with custom User ID (i.e. 1019).
Here ‘-s‘ option adds the default shell /bin/bash, but in this case we set login to ‘/usr/sbin/nologin‘. That means user ‘avishek‘ will not able to login into the system.
[root@linuxgosolution ~]# useradd -m -d /var/www/avishek -s /usr/sbin/nologin -c "linuxgosolution Sr. Technical Writer" -u 1019 avishek
14. Add a User with Home Directory, Shell, Custom Skell/Comment and User ID
The only change in this command is, we used ‘-k‘ option to set custom skeleton directory i.e. /etc/custom.skell, not the default one /etc/skel. We also used ‘-s‘ option to define different shell i.e. /bin/tcsh to user ‘navin‘.
[root@linuxgosolution ~]# useradd -m -d /var/www/navin -k /etc/custom.skell -s /bin/tcsh -c "No Active Member of linuxgosolution" -u 1027 navin
15. Add a User without Home Directory, No Shell, No Group and Custom Comment
This following command is very different than the other commands explained above. Here we used ‘-M‘ option to create user without user’s home directory and ‘-N‘ argument is used that tells the system to only create username (without group). The ‘-r‘ arguments is for creating a system user.
[root@linuxgosolution ~]# useradd -M -N -r -s /bin/false -c "Disabled linuxgosolution Member" clayton
Thanks
Subscribe to:
Posts (Atom)