Differences

This shows you the differences between two versions of the page.

--- linux:redhat_user [2022/03/21 13:51]
manu
+++ linux:redhat_user [2025/06/06 17:13] (current)
manu
@@ Line 14: / Line 14: @@
 ...
 </cli>
+List parameters for a specific user
+<cli prompt='>'>
+[root@linux1] /root > lslogins shs
+Username:                           shs
+UID:                                1000
+Gecos field:                        Sandra H-S
+Home directory:                     /home/shs
+Shell:                              /bin/bash
+No login:                           no
+Password is locked:                 no
+Password not required:              no
+Login by password disabled:         no
+Password encryption method:         SHA-512
+Primary group:                      shs
+GID:                                1000
+Supplementary groups:               secteam,sudo
+Supplementary group IDs:            11,27
+Last login:                         14:44
+Last terminal:                      pts/1
+Last hostname:                      192.168.0.13
+Hushed:                             no
+Password expiration warn interval:  7
+Password changed:                   2020-Sep30
+Maximum change time:                99999
+Running processes:                  67
+</cli>
+List user logged in
+<cli prompt='>'>
+[root@linux1] /root > lslogins -u
+  UID USER                PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
+root                 151        0        0            root
+shs                   68        0        0      12:35 Sandra H-S
+</cli>
+<cli prompt='>'>
+[root@linux1] /root > passwd -S glpiagent
+glpiagent PS 2024-02-13 0 99999 7 -1 (Password set, SHA512 crypt.)
+</cli>
 List all groups, local and LDAP
@@ Line 27: / Line 68: @@
 </cli>
+=== Change a user password ===
+<cli prompt='#'>
+# echo -e "MyOldPasswd\nMyNewPasswd\nMyNewPasswd" | passwd
+</cli>
+<cli prompt='#'>
+# echo "user01:MyNewPasswd" | chpasswd
+</cli>
 === List all users LDAP ===
@@ Line 38: / Line 88: @@
 lu,cn=sysdb
 T@test.lu,cn=users,cn=test.lu,cn=sysdb
-&DN=@INDEX:UIDNUMBER:1200423298
+&DN=@INDEX:UIDNUMBER:1234423298
-@INDEX:UIDNUMBER:1200423298
+@INDEX:UIDNUMBER:1234423298
 @IDXVERSION
 @IDX
 name=user01@test.lu,cn=users,cn=test.lu,cn=sysdb
-DN=@INDEX:GIDNUMBER:1200400513
+DN=@INDEX:GIDNUMBER:1234400513
-@INDEX:GIDNUMBER:1200400513
+@INDEX:GIDNUMBER:1234400513
 @IDXVERSION
 @IDX
 ...
+</cli>
+<cli prompt='>'>
+[user1@linux1] /home/user1 > getent passwd -s sss user01
+user01@test.lu:*:1234423298:1234400513:My test user:/home/user01@test.lu:/usr/bin/bash
+</cli>
+List users in an AD group
+<cli prompt='>'>
+[user1@linux1] /home/user1 > getent group grpadmin@test.lu
+grpadmin@ad.lu:*:1234423233:user01@test.lu,user02@test.lu,user03@test.lu,
 </cli>
@@ Line 67: / Line 128: @@
   usermod -L [LOGIN]
-The chage utility.
+The **chage** utility.
+<cli prompt='#'>
+[root@linux01 ~]# chage -M 90 myadmin
+[root@linux01 ~]# chage -l myadmin
+Last password change                                    : May 23, 2025
+Password expires                                        : May 23, 2026
+Password inactive                                       : never
+Account expires                                         : never
+Minimum number of days between password change          : 0
+Maximum number of days between password change          : 90
+Number of days of warning before password expires       : 8
+[root@linux01 ~]# lchage -l myadmin
+Account is not locked.
+Minimum:        0
+Maximum:        90
+Warning:        8
+Inactive:       Never
+Last Change:    05/23/2025
+Password Expires:       05/23/2026
+Password Inactive:      Never
+Account Expires:        Never
+</cli>
 Usage: chage [options] [LOGIN]
@@ Line 92: / Line 176: @@
   passwd -u USER
   usermod -U USER
+Verify the status of a user with passwd command
+  P or PS: password is set (user is unlocked)
+  L or LK: User is locked
+  N or NP: No password is needed by the user
+<cli prompt='#'>
+[root@temp-rh8 ~]# passwd -S agent
+agent PS 2023-10-16 0 99999 7 -1 (Password set, SHA512 crypt.)
+</cli>
 Change PAM config for pawword-history
@@ Line 203: / Line 296: @@
 ENCRYPT_METHOD SHA512
 </cli>
+==== User locked ====
+Check locked users
+<cli prompt='#'>
+[root@Linux ~]# passwd -S user1
+user1 LK 2023-01-07 0 99999 7 -1 (Password locked.)
+</cli>
+To check if a system is configured to allow more or less than the usual three failed logins, we can check the value of deny in the **/etc/security/faillock.conf** file:
+<cli prompt='#'>
+# Deny access if the number of consecutive authentication failures
+# for this user during the recent interval exceeds n tries.
+# The default is 3.
+ deny = 3
+</cli>
+<cli prompt='#'>
+# faillock --user baeldung
+baeldung:
+When                Type  Source                                           Valid
+-06-21 18:32:16 RHOST 192.168.0.22                                         V
+-06-21 18:32:29 RHOST 192.168.0.22                                         V
+-06-21 18:32:41 RHOST 192.168.0.22                                         V
+</cli>
+Unlock a user:
+<cli prompt='#'>
+# faillock --user baeldung  --reset
+</cli>
+Or
+<cli prompt='#'>
+# rm /var/run/faillock/baeldung
+</cli>
 http://www.slashroot.in/how-are-passwords-stored-linux-understanding-hashing-shadow-utils

wiki

User Tools

Site Tools

Differences

Page Tools