1 Some accounts related to the inspection tool
1.1 pwck command
pwck this directive checks / etc information in / passwd this account profiles, with the actual home directory exists and other information, can / shadow information is consistent ratio of / etc / passwd / etc, Also, if the / etc / when data in the passwd field error, the user will be prompted to revision.
The above are only told me that these accounts and no home directory, because the vast majority of those accounts are accounts system, does not require home directory, so it is normal mistake!
1.2 pwconv command
The main purpose of this instruction is the account and password in the / etc / passwd, is moved to the / etc / shadow them!
After using pwconv, you can:
• The ratio of / etc / passwd and / etc / shadow, if the / etc / passwd account does not exist in the corresponding / etc / shadow password, you will go to pwconv /etc/login.defs access to password-related data, and the establishment of the account of / etc / shadow data;
• If the / etc / passwd memory when data is encrypted password, the password field pwconv will move to the / etc / inner shadow, and the original / etc / passwd in the corresponding password field becomes x!
In general, if you normally use to increase user useradd, use pwconv not have any action, because the / etc / passwd and / etc / shadow does not have the above two problems.
1.3 pwunconv command
The password field data within pwunconv sucked the / etc / shadow write back to the / etc / passwd them, and delete the / etc / shadow file. The instructions tell the truth, it is best not to use.
1.4 chpasswd command
chpasswd can be read into the unencrypted passwords before and after encryption, the encrypted password written / etc / shadow them. This directive is often used in the case of a large number of accounts in the build. He can read data from the standard input of each data format is "username: password." For example, among my system has a user account for the vbird3, I want to update his password, if his password is abcdefg, then I can do this:
In the case of default, will chpasswd to read the file encryption mechanism in /etc/login.defs, we CentOS 7.x using a SHA512, therefore chpasswd on by default encrypted using SHA512! If you want to use a different encryption mechanisms, it would have to use the -c -e and other ways to deal with. But from the beginning after CentOS 5.x, passwd has joined --stdin default option, so this chpasswd becomes powerless, but in other non-Red Hat derived Linux version, perhaps, or can refer to this command functions to build a large number of accounts.
2. A large number of accounts build templates (applicable passwd --stdin option)
A simple script to perform a new user functions:
#!/bin/bash # This shell script will create amount of linux login accounts for you. # 1. check the "accountadd.txt" file exist? you must create that file manually. # one account name one line in the "accountadd.txt" file. # 2. use openssl to create users password. # 3. User must change his password in his first login. # 4. more options check the following url: export PATH=/bin:/sbin:/usr/bin:/usr/sbin # 0. userinput usergroup="" # if your account need secondary group, add here. pwmech="openssl" # "openssl" or "account" is needed. homeperm="no" # if "yes" then I will modify home dir permission to 711 # 1. check the accountadd.txt file action="${1}" # "create" is useradd and "delete" is userdel. if [ ! -f accountadd.txt ]; then echo "There is no accountadd.txt file, stop here." exit 1 fi [ "${usergroup}" != "" ] && groupadd -r ${usergroup} rm -f outputpw.txt usernames=$(cat accountadd.txt) for username in ${usernames} do case ${action} in "create") [ "${usergroup}" != "" ] && usegrp=" -G ${usergroup} " || usegrp="" useradd ${usegrp} ${username} # 新增账号 [ "${pwmech}" == "openssl" ] && usepw=$(openssl rand -base64 6) || usepw=${username} echo ${usepw} | passwd --stdin ${username} # 建立密码 chage -d 0 ${username} # 强制登入修改密码 [ "${homeperm}" == "yes" ] && chmod 711 /home/${username} echo "username=${username}, password=${usepw}" >> outputpw.txt ;; "delete") echo "deleting ${username}" userdel -r ${username} ;; *) echo "Usage: $0 [create|delete]" ;; esac done
Then simply create accountadd.txt this file. The contents of an account for each row. And if you need to modify your password? Whether the same information as account number, etc., you can choose freely! If using openssl automatic guess passwords, user password, please go to the outputpw.txt.