User & Group Management in RedHat Linux:
Uses of "passwd" command
Set a password policy in Red Hat Enterprise Linux 7
Requirement 1. Keep history of used passwords (the number of previous passwords which cannot be reused)
Requirement 2. Password size (Minimum acceptable size for the new password).
Requirement 3. Set limit to number of digits in password.
Requirement 4. Set limit to number of Upper Case characters in password.
Requirement 5. Set limit to number of Lower Case characters in password.
Requirement 6. Set limit to number of Other characters in password.
Requirement 7. Set minimum number of required classes in new password (digits, uppercase, lowercase, others).
Requirement 8. Set maximum number of allowed consecutive same characters in the new password.
Requirement 9. A maximum number of allowed consecutive characters of the same class in the new password.
Requirement 10. A maximum number of characters that is allowed to use in new passwords(compared to old password).
Requirement 11. Enforce root for password complexity.
(1) Change Password of System Users
When you logged in as root user and run passwd command then it will reset the root user's password by default. No need to assign logged user name.
But When you logged in as a normal user (name - admin) and run passwd command then it will reset the normal user's password by default with his current password. No need to assign logged user name.
Now, if you specify the user-name after passwd command then it will change the password of that user. Suppose you want to want admin user's password
(2) Display Password Status Information.
To display password status information of a user , use -S option with passwd command. If we want to see the password status of root & admin users-
[root@mushfiq ~]# passwd -S root
[root@mushfiq ~]# passwd -S admin
Short description of those fields are given at below image
In the above output first field shows the user name and second field shows Password status ( PS = Password Set , LK = Password locked , NP = No Password ), third field shows when the password was changed and last & fourth field shows minimum age, maximum age, warning period, and inactivity period for the password
When you create a new user without password, user's password will be locked. He will not be able to login into a system
When you set password for masud user, user be unlocked. Status will be shown as "Password Set". You will be able to login into a system
When you lock the masud's password, it will be shown as LK, You will not be able to login into system again
When you unlock his password, again he will be able to login into a system. Status will be shown as Password Set
When you remove the password , then status will be shown as NP(No Password / Empty Password). Masud will be able to login into a system yet.
(3) Set Password Expiry Immediately
If you want to expire the masud's password immediately, you will use -e option. Password will be expired. Masud will not be able to login into system his current password. He is bound to change his password immediately, if he wants to login into his system.
[root@mushfiq ~]# passwd -e masud
(5)Setting inactive days using -i option , Set Minimum Days to Change Password using -n option, Set Warning days before password expire using -w option
nice explanation
ReplyDeleteRed Prism Group is one of the best Data Science coaching in Noida, offering services from training to placement as part of the Data Science training program.
ReplyDeletenice post thanks a lot
ReplyDeleteJazakumullah
ReplyDelete