@laks wrote:
You know how to create Linux user account with useradd and passwd.But do you know how to create it without using them? No, you can't adduser which is nothing but an symlink to 'useradd'
Why we need this? We believe Linux System-Admin should posses in-depth knowledge on things, rather than just depending on few binaries! So If you want to know what's going on behind the scenes. Here we go: Our task is to create user named
giisand setup password. Lets first update the/etc/passwdfile with below entry
echo "giis:x:25000:25000:Giis:/home/giis:/bin/bash" >> /etc/passwdAs you can see there are 7 fields separated by : where each field refer to
`Field1: giis - Login name
Field2: x - Password place holder
Field3: 25000 - Unique User id
Field4: 25000 - Group id
Field5: giis - Real name
Field6: /home/giis - Home directory
Field7: /bin/bash - Shell type
`
The summary of this entry would be - after verifying password for user giis in the /etc/shadow file, allow user giis to login and place him under /home/giis with bash as the shell type. For a valid login, these fields must be sane. Above entry takes care of Field 1,3,5 and 7. We need to restore sanity for Field 2, 4 and 6.We can setup Field-4 (group-id) by creating group-id under
/etc/groupfile like
echo "giis:x:25000" >> /etc/groupAbove places an entry into group file which assigns, group name giis with Group-Id (aka gid ) 25000 Now we need to bring some sanity to field-6 (home-dir) by running a command :
mkdir /home/giis
which creates home directory and we set its permission appropriately with chown
`
chown giis:giis /home/giis
As you can see below, new created home directory has rwx for own giis and non-writable to group/others.
# ls -ld /home/giis drwxr-xr-x. 2 giis giis 4096 Sep 25 22:38 /home/giis
`Finally we take care of field-2. It's little complex than others.For any valid user password, it needs to be stored in encrypted format. Lets use below python statement to create a password
secret897and encrypted with sha256 algorithm using salt$6$salt1234The end result will be encrypted string of secret897 with slat, which will be stored on /etc/shadow file. We stored encrypted password on temporary shell variable named passpython -c 'import crypt; print crypt.crypt(\"secret897\", \"$6$salt1234\")'
pass=
change the permission of shadow file as writable by root
chmod 600 /etc/shadow
and just append the encrypted password along with username giis into the shadow file
echo "giis:${pass}:::::::" >> /etc/shadow
then revert the permission
chmod 000 /etc/shadow
Now its time to log into the newly created accountgiiswithpassword secret897, simply typeloginIt should prompt for your username and password, then place you under /home/giis with bash prompt likebash-4.2$Now verify your login identity usingwhoamiand home directory usingpwd
Everything Fine! right?
Posts: 1
Participants: 1