Recipe for Adding Users to Linux

Posted 6 months, 4 weeks ago | Originally written on 5 Mar 2015

Create the user

[email protected] ~$ sudo adduser <username>

I like to use a default password that is easy to remember 'Password01' for first log in.

Add the user to any additional groups needed

[email protected] ~$ sudo adduser <username> <group>

Enforce change password on first login

[email protected] ~$ sudo chage -d 0 <username>

Enforce strong passwords

First, install the required library:

[email protected] ~$ sudo apt-get install libpam-cracklib.so

Next, modify the file /etc/pam.d/common-password by adding the following line at the end. It is space-separated.

password requisite pam_cracklib.so ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 

where the parameters ucredit, lcredit, dcredit and ocredit specify whether upper-case, lower-case, different-case and other-characters are enforced.

Below is a more complex option including the maximum number of retries to change the password and a minimum length:

password requisite pam_cracklib.so retry=3 minlen=10 difok=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 

Reset password

Enforcing strong password and limiting login attempts will invariably result in users getting locked out. You will therefore need to know how to reset accounts. It's easy.

[email protected] ~$ sudo passwd <username>

and you're done.

Sources

  1. Linux manual
  2. http://www.cyberciti.biz/faq/rhel-debian-force-users-to-change-passwords/
  3. http://askubuntu.com/questions/244115/how-to-enforce-company-password-complexity-in-10-04
  4. http://linux.die.net/man/5/pam.d