English Sinhala
The [command]#useradd# command with the [option]`-e, --expiredate` or [option]`-f, --inactive` option.
The command-line options associated with the [command]#usermod# command are essentially the same. Note that if you want to add a user to another supplementary group, you need to use the [option]`-a, --append` option with the [option]`-G` option. Otherwise the list of supplementary groups for the user will be overwritten by those specified with the [command]#usermod -G# command.
The [command]#gpasswd# utility for administrating the `/etc/group` file.
The [command]#chage# utility for setting password-aging parameters. For details, see the link:++https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/chap-Hardening_Your_System_with_Tools_and_Services.html#sec-Password_Security++[Password Security] section in the [citetitle]_Red{nbsp}Hat Enterprise{nbsp}Linux{nbsp}7 Security Guide_.
The changes take effect the next time a user logs in to the system.
Shadow passwords store information about password aging.
Shadow passwords must be enabled to use the [command]#chage# command. For more information, see xref:Managing_Users_and_Groups.adoc#s2-users-groups-shadow-utilities[Shadow Passwords].
Shadow passwords must be enabled to use chage
Shadow passwords improve system security by moving encrypted password hashes from the world-readable `/etc/passwd` file to `/etc/shadow`, which is readable only by the `root` user.
Shadow passwords allow the `/etc/login.defs` file to enforce security policies.
Shadow Passwords
`shadow`(5) — The manual page for the `/etc/shadow` file documents how to use this file to set passwords and account expiration information for the system.
Set up an initial password. There are two common approaches to this step: you can either assign a default password, or you can use a null password.
SCREENEXEC="screen"
if [ -w $(tty) ]; then
trap "exec $SCREENEXEC" 1 2 3 15
echo -n 'Starting session in 10 seconds'
sleep 10
exec $SCREENEXEC
fi
`pwconv`(8) — The manual page for the [command]#pwconv#, [command]#pwunconv#, [command]#grpconv#, and [command]#grpunconv# commands documents how to convert shadowed information for passwords and groups.
`pwck`(8) — The manual page for the [command]#pwck# command documents how to use it to verify the integrity of the `/etc/passwd` and `/etc/shadow` files.
Press the kbd:[Super] key to enter the Activities Overview, type [command]#Users# and then press kbd:[Enter]. The [application]*Users* settings tool appears. The kbd:[Super] key appears in a variety of guises, depending on the keyboard and other hardware, but often as either the Windows or Command key, and typically to the left of the Spacebar.
`passwd`(5) — The manual page for the `/etc/passwd` file documents how to use this file to define user information.
|Option|Description
|[option]`-f`, [option]`--force`|When used with [option]`-g`pass:attributes[{blank}] pass:attributes[{blank}]_gid_ and _gid_ already exists, [command]#groupadd# will choose another unique _gid_ for the group.
|[option]`-g`pass:attributes[{blank}] pass:attributes[{blank}]_gid_|Group ID for the group, which must be unique and greater than 999.
|[option]`-K`, [option]`--key`pass:attributes[{blank}] pass:attributes[{blank}]_key_pass:attributes[{blank}]=pass:attributes[{blank}]_value_|Override `/etc/login.defs` defaults.
|[option]`-o`, [option]`--non-unique`|Allows creating groups with duplicate GID.
|[option]`-p`, [option]`--password`pass:attributes[{blank}] pass:attributes[{blank}]_password_|Use this encrypted password for the new group.
|[option]`-r`|Create a system group with a GID less than 1000.
|Option|Description
|[option]`-d`pass:attributes[{blank}] pass:attributes[{blank}]_days_|Specifies the number of days since January 1, 1970 the password was changed.
|[option]`-E`pass:attributes[{blank}] pass:attributes[{blank}]_date_|Specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used.
|[option]`-I`pass:attributes[{blank}] pass:attributes[{blank}]_days_|Specifies the number of inactive days after the password expiration before locking the account. If the value is `0`, the account is not locked after the password expires.
|[option]`-l`|Lists current account aging settings.
|[option]`-m`pass:attributes[{blank}] pass:attributes[{blank}]_days_|Specify the minimum number of days after which the user must change passwords. If the value is `0`, the password does not expire.
|[option]`-M`pass:attributes[{blank}] pass:attributes[{blank}]_days_|Specify the maximum number of days for which the password is valid. When the number of days specified by this option plus the number of days specified with the [option]`-d` option is less than the current day, the user must change passwords before using the account.
|[option]`-W`pass:attributes[{blank}] pass:attributes[{blank}]_days_|Specifies the number of days before the password expiration date to warn the user.