리눅스 login.defs: Difference between revisions

From IT Wiki
No edit summary
No edit summary
 
Line 1: Line 1:
; 새로 생성되는 유저에 대한 기본 설정파일
; 새로 생성되는 유저에 대한 기본 설정파일


* 패스워드의 사용기간 만료, 패스워드 최대 사용기간, 패스워드의 최소 변경기간 등의 패스워드 정책을 설정
* 위치 : /etc/login.defs
* 위치 : /etc/login.defs



Latest revision as of 23:38, 29 September 2019

새로 생성되는 유저에 대한 기본 설정파일
  • 패스워드의 사용기간 만료, 패스워드 최대 사용기간, 패스워드의 최소 변경기간 등의 패스워드 정책을 설정
  • 위치 : /etc/login.defs
CREATE_HOME (boolean)
     Indicate if a home directory should be created by default for new users.

     This setting does not apply to system users, and can be overridden on the command line.

 GID_MAX (number), GID_MIN (number)
     Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.

     The default value for GID_MIN (resp.  GID_MAX) is 500 (resp. 60000).

 MAIL_DIR (string)
     The mail spool directory. This is needed to manipulate the mailbox when its corresponding user account is modified
     or deleted. If not specified, a compile-time default is used.

 MAIL_FILE (string)
     Defines the location of the users mail spool files relatively to their home directory.

 The MAIL_DIR and MAIL_FILE variables are used by useradd, usermod, and userdel to create, move, or delete the user´s
 mail spool.

 If MAIL_CHECK_ENAB is set to yes, they are also used to define the MAIL environment variable.

 MAX_MEMBERS_PER_GROUP (number)
     Maximum members per group entry. When the maximum is reached, a new group entry (line) is started in /etc/group
     (with the same name, same password, and same GID).

     The default value is 0, meaning that there are no limits in the number of members in a group.

     This feature (split group) permits to limit the length of lines in the group file. This is useful to make sure that
     lines for NIS groups are not larger than 1024 characters.

     If you need to enforce such limit, you can use 25.

     Note: split groups may not be supported by all tools (even in the Shadow toolsuite). You should not use this
     variable unless you really need it.

 PASS_MAX_DAYS (number)
     The maximum number of days a password may be used. If the password is older than this, a password change will be
     forced. If not specified, -1 will be assumed (which disables the restriction).

 PASS_MIN_DAYS (number)
     The minimum number of days allowed between password changes. Any password changes attempted sooner than this will
     be rejected. If not specified, -1 will be assumed (which disables the restriction).

 PASS_WARN_AGE (number)
     The number of days warning given before a password expires. A zero means warning is given only upon the day of
     expiration, a negative value means no warning is given. If not specified, no warning will be provided.

 SYS_GID_MAX (number), SYS_GID_MIN (number)
     Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers.

     The default value for SYS_GID_MIN (resp.  SYS_GID_MAX) is 201 (resp.  GID_MIN-1).

 SYS_UID_MAX (number), SYS_UID_MIN (number)
     Range of user IDs used for the creation of system users by useradd or newusers.

     The default value for SYS_UID_MIN (resp.  SYS_UID_MAX) is 201 (resp.  UID_MIN-1).

 UID_MAX (number), UID_MIN (number)
     Range of user IDs used for the creation of regular users by useradd or newusers.

     The default value for UID_MIN (resp.  UID_MAX) is 500 (resp. 60000).

 UMASK (number)
     The file mode creation mask is initialized to this value. If not specified, the mask will be initialized to 022.

     useradd and newusers use this mask to set the mode of the home directory they create

     It is also used by login to define users´ initial umask. Note that this mask can be overridden by the user´s GECOS
     line (if QUOTAS_ENAB is set) or by the specification of a limit with the K identifier in limits(5).

 USERGROUPS_ENAB (boolean)
     Enable setting of the umask group bits to be the same as owner bits (examples: 022 -> 002, 077 -> 007) for non-root
     users, if the uid is the same as gid, and username is the same as the primary group name.

     If set to yes, userdel will remove the user´s group if it contains no more members, and useradd will create by
     default a group with the name of the user.