Linux shadow password suite provides password related utils and configuration.
/etc/login.defs or simple
login.defs provides configuration about shadow utils. This file provides password, mail, user id, group id, user home related configuration. We will look all of the useful configurations in this tutorial.
Login.defs Configuration File
login.defs configuration file is located at
/etc/login.defs . It is simple text file. We can use any text editor to edit and change values. In this tutorial we will use
vim . More information about
vim can be get from following tutorial.
Set Maximum Password Days
We can use
PASS_MAX_DAYS to limit password usage days. After specified time user should change his password. The default value for
PASS_MAX_DAYS is 99999 . In this example we set
100 days for password expire.
Set Minimum Password Days
We can use
PASS_MIN_DAYS to limit minimum days a password can be used. Before specified time user can not change his password. The default value for
PASS_MIN_DAYS is 0 which means this configuration is disabled . In this example we will set
Set Warning Days For Password
We can use
PASS_WARN_AGE to set the days to worn before password expiry. The default value for
PASS_WARN_AGE is 7 days. In this example we will set to
Set Password Minimum Length
Password is important part of the security. Brute force attacks can reveal weak or not enough strong password easily. By using
PASS_MIN_LEN we can specify the minimum length of the passwords about user accounts. The default minimum length for password in Linux is
5 . In this example we will change to
Following tutorial provides how to check user account password strength for more security.
Set Mailbox Directory
We can use
MAIL_DIR configuration to set users mail directory. The default directory for mails in Linux is
/var/spool/mail . In this example we will change mail directory of users to
Set Start Of Normal User ID’s
Every normal user account in Linux have id to uniquely identification. The start value of user id’s can be specified with
UID_MIN option. Default user id start number in Linux is
1000 . In this example we set start of user id to
Set Start Of System User ID’s
Systems users in Linux are used with system binaries, daemon or services. We can define the system user start id with SYS_UID_MAX . The default value for start number of system user id is 201 . In this example we will change to 300 .
Set Start Of Normal Group ID’s
In Linux groups have id’s too because they are used in permission system and relation. We can use
GID_MIN to specify start of group id numbers. The default start value for group id is 1000 . In this example we will start start value for group id to 1500 .
Set Start Of System Group ID’s
System groups are used like system users. Their start id’s are specified with
SYS_GID_MIN . The default value for
SYS_GID_MIN is 201 . In this example we will change to 301.
Enable and Disable User Home Creation
Linux user generally have home directories to store their personal and private data. The user home directories resides
/home/ and the user name. This user home directory is automatically created at user creation. We can change this behaviour with
CREATE_HOME option. The default is
but we can disable user home creation with
no like below.
Umask value is used to set newly created files and folders permissions. We can change the default Umask value with
UMASK configuration. The default value for umask is
077 .In this example we set umask
Set Shadow File User Password Encryption Algorithm
User passwords are stored in
/etc/shadow file in Linux operating systems. Storing them in clear text is critical security problem and so all passwords are stored in encrypted mode. The default encryption algorithm is SHA512 . We can change this algorithm with
ENCRYPT_METHOD option. In this example we will change to