passwd PDF Print E-mail

passwd

The passwd command will prompt you to change your own password if the command is typed alone. Your password should not be a dictionary word and it should be at least 6 letters.

If you wanted to change the password of another user and you were logged in as root you would type the user's name and then the command.


User Summary
In order to provide access to server resources all users need to have an account set up for them. The administrator sets up an account using the useradd command and creating a password with the passwd command. The passwords are kept in the /etc/shadow file to make sure they cannot be viewed. The specifics of the user's environment will be provided in the /etc/skel file which will determine what shell the user will access as well as other specifics provided. Whenever a user is created the user is placed in a group that will allow the administrator to manage groups of users with similar needs. The /etc/motd file provides a method that the administrator can communicate a "message of the day" to users for information. This section will provide interactive lessons of managing these aspects of administration.

Create User

Creating a user in Linux is simple. Type..

useradd Joe

This creates a user named Joe. However, this does not create a password nor any other options that you would like. Here are several options:

-u uid user ID specified
-g group specify a group for the user
-G lists groups the user is in
-c comment describe user
-d dir home directory
-m make home directory if it does not exist
-k skel_dir skeleton home directory
-s shell login program, the default is /bin/bash
-e YYYY-MM-DD expiration date account disabled
-p password create password at time of creating user
adduser command
The previous example used useradd instead of adduser. Either command may be used to create new users with the same options. The rest of this CD will use useradd instead of adduser.
-u uid user ID specified
-g group specify a group for the user
-G lists groups the user is in
-c comment describe user
-d dir home directory
-m make home directory if it does not exist
-k skel_dir skeleton home directory
-s shell login program, the default is /bin/bash
-e YYYY-MM-DD expiration date account disabled
-p password create password at time of creating user

Why Use useradd?

One of the advantages of this command is that it will automatically run chown and chgrp commands to make sure the permissions are set correctly for the user. If you don't use useradd you must set these permissions manually.

Another advantage of useradd is that it is a command that can be used on all Linux systems to add users. Often the GUI (graphical user interface) made for Gnome or KDE will be different than what you are familiar with or the GUI may crash.


Files When a User is Created
There are five major files that are employed when the administrator creates a user.

/etc/passwd - contains user account information
/etc/shadow - secure user password stored here, only root can read it
/etc/group - group information for user
/etc/default/useradd - default information for adding all users
/etc/login.defs - system default login in settings

User Passwords

Passwords are kept in /etc/passwd

Example Entry:
mike - username
x - encrypted password
500 - user ID
500 - Group ID
Mike - information about user
/home/mike - user's home directory
/bin/bash - user's login shell

mike:x:500:500:Mike :/home/mike:/bin/bash


Creating a Password

If you would like to create a new password for a user you will use two commands. The first will indicate the user you want to make the change for and the second will be the password. The command is passwd username.

Example:
passwd john

Then you would be asked to enter the new password two times.


Password Control

The command usermod can be used to create several password aging attributes. Here are several options:

-c comment description of the user
-d home_dir change the home directory
-e expire_date assign an expiration date in the MM/DD/YYYY format
-f inactivity number of days before account disabled
-g group change primary group
-G grouplist set the list of groups that the user is in
-l login_name change login name for user
-m used only with -d option, home contents copied to
new home directory
-s shell indicate a new shell
-u user_id change user ID


Reset a Password
Users forget their passwords. Often the administrator will be expected to reset those passwords. Looking up passwords is not a possibility because they are encrypted in storage. A new password must be created with the passwd command.

To reset the password for user John:

passwd John

Then you will be prompted to enter a password twice.