This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux:redhat_user [2022/03/21 13:51] manu |
linux:redhat_user [2025/06/06 17:13] (current) manu |
||
---|---|---|---|
Line 14: | Line 14: | ||
... | ... | ||
</cli> | </cli> | ||
+ | |||
+ | List parameters for a specific user | ||
+ | <cli prompt='>'> | ||
+ | [root@linux1] /root > lslogins shs | ||
+ | Username: shs | ||
+ | UID: 1000 | ||
+ | Gecos field: Sandra H-S | ||
+ | Home directory: /home/shs | ||
+ | Shell: /bin/bash | ||
+ | No login: no | ||
+ | Password is locked: no | ||
+ | Password not required: no | ||
+ | Login by password disabled: no | ||
+ | Password encryption method: SHA-512 | ||
+ | Primary group: shs | ||
+ | GID: 1000 | ||
+ | Supplementary groups: secteam,sudo | ||
+ | Supplementary group IDs: 11,27 | ||
+ | Last login: 14:44 | ||
+ | Last terminal: pts/1 | ||
+ | Last hostname: 192.168.0.13 | ||
+ | Hushed: no | ||
+ | Password expiration warn interval: 7 | ||
+ | Password changed: 2020-Sep30 | ||
+ | Maximum change time: 99999 | ||
+ | Running processes: 67 | ||
+ | </cli> | ||
+ | |||
+ | List user logged in | ||
+ | <cli prompt='>'> | ||
+ | [root@linux1] /root > lslogins -u | ||
+ | UID USER PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS | ||
+ | 0 root 151 0 0 root | ||
+ | 1000 shs 68 0 0 12:35 Sandra H-S | ||
+ | </cli> | ||
+ | |||
+ | <cli prompt='>'> | ||
+ | [root@linux1] /root > passwd -S glpiagent | ||
+ | glpiagent PS 2024-02-13 0 99999 7 -1 (Password set, SHA512 crypt.) | ||
+ | </cli> | ||
+ | |||
List all groups, local and LDAP | List all groups, local and LDAP | ||
Line 27: | Line 68: | ||
</cli> | </cli> | ||
+ | === Change a user password === | ||
+ | |||
+ | <cli prompt='#'> | ||
+ | # echo -e "MyOldPasswd\nMyNewPasswd\nMyNewPasswd" | passwd | ||
+ | </cli> | ||
+ | |||
+ | <cli prompt='#'> | ||
+ | # echo "user01:MyNewPasswd" | chpasswd | ||
+ | </cli> | ||
=== List all users LDAP === | === List all users LDAP === | ||
Line 38: | Line 88: | ||
lu,cn=sysdb | lu,cn=sysdb | ||
T@test.lu,cn=users,cn=test.lu,cn=sysdb | T@test.lu,cn=users,cn=test.lu,cn=sysdb | ||
- | &DN=@INDEX:UIDNUMBER:1200423298 | + | &DN=@INDEX:UIDNUMBER:1234423298 |
- | @INDEX:UIDNUMBER:1200423298 | + | @INDEX:UIDNUMBER:1234423298 |
@IDXVERSION | @IDXVERSION | ||
@IDX | @IDX | ||
name=user01@test.lu,cn=users,cn=test.lu,cn=sysdb | name=user01@test.lu,cn=users,cn=test.lu,cn=sysdb | ||
- | DN=@INDEX:GIDNUMBER:1200400513 | + | DN=@INDEX:GIDNUMBER:1234400513 |
- | @INDEX:GIDNUMBER:1200400513 | + | @INDEX:GIDNUMBER:1234400513 |
@IDXVERSION | @IDXVERSION | ||
@IDX | @IDX | ||
... | ... | ||
+ | </cli> | ||
+ | |||
+ | <cli prompt='>'> | ||
+ | [user1@linux1] /home/user1 > getent passwd -s sss user01 | ||
+ | user01@test.lu:*:1234423298:1234400513:My test user:/home/user01@test.lu:/usr/bin/bash | ||
+ | </cli> | ||
+ | |||
+ | List users in an AD group | ||
+ | <cli prompt='>'> | ||
+ | [user1@linux1] /home/user1 > getent group grpadmin@test.lu | ||
+ | grpadmin@ad.lu:*:1234423233:user01@test.lu,user02@test.lu,user03@test.lu, | ||
</cli> | </cli> | ||
Line 67: | Line 128: | ||
usermod -L [LOGIN] | usermod -L [LOGIN] | ||
- | The chage utility. | + | The **chage** utility. |
+ | <cli prompt='#'> | ||
+ | [root@linux01 ~]# chage -M 90 myadmin | ||
+ | |||
+ | [root@linux01 ~]# chage -l myadmin | ||
+ | Last password change : May 23, 2025 | ||
+ | Password expires : May 23, 2026 | ||
+ | Password inactive : never | ||
+ | Account expires : never | ||
+ | Minimum number of days between password change : 0 | ||
+ | Maximum number of days between password change : 90 | ||
+ | Number of days of warning before password expires : 8 | ||
+ | |||
+ | [root@linux01 ~]# lchage -l myadmin | ||
+ | Account is not locked. | ||
+ | Minimum: 0 | ||
+ | Maximum: 90 | ||
+ | Warning: 8 | ||
+ | Inactive: Never | ||
+ | Last Change: 05/23/2025 | ||
+ | Password Expires: 05/23/2026 | ||
+ | Password Inactive: Never | ||
+ | Account Expires: Never | ||
+ | </cli> | ||
Usage: chage [options] [LOGIN] | Usage: chage [options] [LOGIN] | ||
Line 92: | Line 176: | ||
passwd -u USER | passwd -u USER | ||
usermod -U USER | usermod -U USER | ||
+ | |||
+ | Verify the status of a user with passwd command | ||
+ | P or PS: password is set (user is unlocked) | ||
+ | L or LK: User is locked | ||
+ | N or NP: No password is needed by the user | ||
+ | <cli prompt='#'> | ||
+ | [root@temp-rh8 ~]# passwd -S agent | ||
+ | agent PS 2023-10-16 0 99999 7 -1 (Password set, SHA512 crypt.) | ||
+ | </cli> | ||
Change PAM config for pawword-history | Change PAM config for pawword-history | ||
Line 203: | Line 296: | ||
ENCRYPT_METHOD SHA512 | ENCRYPT_METHOD SHA512 | ||
</cli> | </cli> | ||
+ | |||
+ | ==== User locked ==== | ||
+ | |||
+ | Check locked users | ||
+ | <cli prompt='#'> | ||
+ | [root@Linux ~]# passwd -S user1 | ||
+ | user1 LK 2023-01-07 0 99999 7 -1 (Password locked.) | ||
+ | </cli> | ||
+ | |||
+ | To check if a system is configured to allow more or less than the usual three failed logins, we can check the value of deny in the **/etc/security/faillock.conf** file: | ||
+ | <cli prompt='#'> | ||
+ | # Deny access if the number of consecutive authentication failures | ||
+ | # for this user during the recent interval exceeds n tries. | ||
+ | # The default is 3. | ||
+ | deny = 3 | ||
+ | </cli> | ||
+ | |||
+ | <cli prompt='#'> | ||
+ | # faillock --user baeldung | ||
+ | baeldung: | ||
+ | When Type Source Valid | ||
+ | 2022-06-21 18:32:16 RHOST 192.168.0.22 V | ||
+ | 2022-06-21 18:32:29 RHOST 192.168.0.22 V | ||
+ | 2022-06-21 18:32:41 RHOST 192.168.0.22 V | ||
+ | </cli> | ||
+ | |||
+ | Unlock a user: | ||
+ | <cli prompt='#'> | ||
+ | # faillock --user baeldung --reset | ||
+ | </cli> | ||
+ | |||
+ | Or | ||
+ | <cli prompt='#'> | ||
+ | # rm /var/run/faillock/baeldung | ||
+ | </cli> | ||
+ | |||
http://www.slashroot.in/how-are-passwords-stored-linux-understanding-hashing-shadow-utils | http://www.slashroot.in/how-are-passwords-stored-linux-understanding-hashing-shadow-utils |