User Tools

Site Tools


linux:redhat_user

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
linux:redhat_user [2022/03/21 13:51]
manu
linux:redhat_user [2025/06/06 17:13] (current)
manu
Line 14: Line 14:
 ... ...
 </​cli>​ </​cli>​
 +
 +List parameters for a specific user
 +<cli prompt='>'>​
 +[root@linux1] /root > lslogins shs
 +Username: ​                          shs
 +UID:                                1000
 +Gecos field: ​                       Sandra H-S
 +Home directory: ​                    /​home/​shs
 +Shell: ​                             /bin/bash
 +No login: ​                          no
 +Password is locked: ​                no
 +Password not required: ​             no
 +Login by password disabled: ​        no
 +Password encryption method: ​        ​SHA-512
 +Primary group: ​                     shs
 +GID:                                1000
 +Supplementary groups: ​              ​secteam,​sudo
 +Supplementary group IDs:            11,27
 +Last login: ​                        14:44
 +Last terminal: ​                     pts/1
 +Last hostname: ​                     192.168.0.13
 +Hushed: ​                            no
 +Password expiration warn interval: ​ 7
 +Password changed: ​                  ​2020-Sep30
 +Maximum change time:                99999
 +Running processes: ​                 67
 +</​cli>​
 +
 +List user logged in
 +<cli prompt='>'>​
 +[root@linux1] /root > lslogins -u
 +  UID USER                PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
 +    0 root                 ​151 ​       0        0            root
 + 1000 shs                   ​68 ​       0        0      12:35 Sandra H-S
 +</​cli>​
 +
 +<cli prompt='>'>​
 +[root@linux1] /root > passwd -S glpiagent
 +glpiagent PS 2024-02-13 0 99999 7 -1 (Password set, SHA512 crypt.)
 +</​cli>​
 +
  
 List all groups, local and LDAP List all groups, local and LDAP
Line 27: Line 68:
 </​cli>​ </​cli>​
  
 +=== Change a user password ===
 +
 +<cli prompt='#'>​
 +# echo -e "​MyOldPasswd\nMyNewPasswd\nMyNewPasswd"​ | passwd  ​
 +</​cli>​
 +
 +<cli prompt='#'>​
 +# echo "​user01:​MyNewPasswd"​ | chpasswd
 +</​cli>​
  
 === List all users LDAP === === List all users LDAP ===
Line 38: Line 88:
 lu,cn=sysdb lu,cn=sysdb
 T@test.lu,​cn=users,​cn=test.lu,​cn=sysdb T@test.lu,​cn=users,​cn=test.lu,​cn=sysdb
-&​DN=@INDEX:​UIDNUMBER:​1200423298 +&​DN=@INDEX:​UIDNUMBER:​1234423298 
-@INDEX:​UIDNUMBER:​1200423298+@INDEX:​UIDNUMBER:​1234423298
 @IDXVERSION @IDXVERSION
 @IDX @IDX
 name=user01@test.lu,​cn=users,​cn=test.lu,​cn=sysdb name=user01@test.lu,​cn=users,​cn=test.lu,​cn=sysdb
-DN=@INDEX:​GIDNUMBER:​1200400513 +DN=@INDEX:​GIDNUMBER:​1234400513 
-@INDEX:​GIDNUMBER:​1200400513+@INDEX:​GIDNUMBER:​1234400513
 @IDXVERSION @IDXVERSION
 @IDX @IDX
  
 ... ...
 +</​cli>​
 +
 +<cli prompt='>'>​
 +[user1@linux1] /home/user1 > getent passwd -s sss user01
 +user01@test.lu:​*:​1234423298:​1234400513:​My test user:/​home/​user01@test.lu:/​usr/​bin/​bash
 +</​cli>​
 +
 +List users in an AD group
 +<cli prompt='>'>​
 +[user1@linux1] /home/user1 > getent group grpadmin@test.lu
 +grpadmin@ad.lu:​*:​1234423233:​user01@test.lu,​user02@test.lu,​user03@test.lu,​
 </​cli>​ </​cli>​
  
Line 67: Line 128:
   usermod -L [LOGIN]   usermod -L [LOGIN]
  
-The chage utility.+The **chage** utility. 
 +<cli prompt='#'>​ 
 +[root@linux01 ~]# chage -M 90 myadmin 
 + 
 +[root@linux01 ~]# chage -l myadmin 
 +Last password change ​                                   : May 23, 2025 
 +Password expires ​                                       : May 23, 2026 
 +Password inactive ​                                      : never 
 +Account expires ​                                        : never 
 +Minimum number of days between password change ​         : 0 
 +Maximum number of days between password change ​         : 90 
 +Number of days of warning before password expires ​      : 8 
 + 
 +[root@linux01 ~]# lchage -l myadmin 
 +Account is not locked. 
 +Minimum: ​       0 
 +Maximum: ​       90 
 +Warning: ​       8 
 +Inactive: ​      ​Never 
 +Last Change: ​   05/​23/​2025 
 +Password Expires: ​      ​05/​23/​2026 
 +Password Inactive: ​     Never 
 +Account Expires: ​       Never 
 +</​cli>​
  
 Usage: chage [options] [LOGIN] Usage: chage [options] [LOGIN]
Line 92: Line 176:
   passwd -u USER   passwd -u USER
   usermod -U USER   usermod -U USER
 +
 +Verify the status of a user with passwd command
 +  P or PS: password is set (user is unlocked)
 +  L or LK: User is locked
 +  N or NP: No password is needed by the user
 +<cli prompt='#'>​
 +[root@temp-rh8 ~]# passwd -S agent
 +agent PS 2023-10-16 0 99999 7 -1 (Password set, SHA512 crypt.)
 +</​cli>​
  
 Change PAM config for pawword-history Change PAM config for pawword-history
Line 203: Line 296:
 ENCRYPT_METHOD SHA512 ENCRYPT_METHOD SHA512
 </​cli>​ </​cli>​
 +
 +==== User locked ====
 +
 +Check locked users
 +<cli prompt='#'>​
 +[root@Linux ~]# passwd -S user1 
 +user1 LK 2023-01-07 0 99999 7 -1 (Password locked.)
 +</​cli>​
 +
 +To check if a system is configured to allow more or less than the usual three failed logins, we can check the value of deny in the **/​etc/​security/​faillock.conf** file:
 +<cli prompt='#'>​
 +# Deny access if the number of consecutive authentication failures
 +# for this user during the recent interval exceeds n tries.
 +# The default is 3.
 + deny = 3
 +</​cli>​
 +
 +<cli prompt='#'>​
 +# faillock --user baeldung
 +baeldung:
 +When                Type  Source ​                                          Valid
 +2022-06-21 18:32:16 RHOST 192.168.0.22 ​                                        V
 +2022-06-21 18:32:29 RHOST 192.168.0.22 ​                                        V
 +2022-06-21 18:32:41 RHOST 192.168.0.22 ​                                        V
 +</​cli>​
 +
 +Unlock a user:
 +<cli prompt='#'>​
 +# faillock --user baeldung ​ --reset
 +</​cli>​
 +
 +Or 
 +<cli prompt='#'>​
 +# rm /​var/​run/​faillock/​baeldung
 +</​cli>​
 +
  
 http://​www.slashroot.in/​how-are-passwords-stored-linux-understanding-hashing-shadow-utils http://​www.slashroot.in/​how-are-passwords-stored-linux-understanding-hashing-shadow-utils
linux/redhat_user.1647867090.txt.gz · Last modified: 2022/03/21 13:51 by manu