< Previous | Contents | Next >
6.20.2. Configuring Shadow
This package contains utilities to add, modify, and delete users and groups; set and change their passwords; and perform other administrative tasks. For a full explanation of what password shadowing means, see the doc/HOWTO file within the unpacked source tree. If using Shadow support, keep in mind that programs which need to verify passwords (display managers, FTP programs, pop3 daemons, etc.) must be Shadow-compliant. That is, they need to be able to work with shadowed passwords.
To enable shadowed passwords, run the following command:
pwconv
pwconv
To enable shadowed group passwords, run:
grpconv
grpconv
Shadow's stock configuration for the useradd utility has a few caveats that need some explanation. First, the default action for the useradd utility is to create the user and a group of the same name as the user. By default the user ID (UID) and group ID (GID) numbers will begin with 1000. This means if you don't pass parameters to useradd, each user will be a member of a unique group on the system. If this behavior is undesirable, you'll need to pass the -g parameter to useradd. The default parameters are stored in the /etc/default/useradd file. You may need to modify two parameters in this file to suit your particular needs.
/etc/default/useradd Parameter Explanations
GROUP=1000
This parameter sets the beginning of the group numbers used in the /etc/group file. You can modify it to anything you desire. Note that useradd will never reuse a UID or GID. If the number identified in this parameter is used, it will use the next available number after this. Note also that if you don't have a group 1000 on your system the first time you use useradd without the -g parameter, you'll get a message displayed on the terminal that says: useradd: unknown GID 1000. You may disregard this message and group number 1000 will be used.
CREATE_MAIL_SPOOL=yes
This parameter causes useradd to create a mailbox file for the newly created user. useradd will make the group ownership of this file to the mail group with 0660 permissions. If you would prefer that these mailbox files are not created by useradd, issue the following command:
sed -i 's/yes/no/' /etc/default/useradd
sed -i 's/yes/no/' /etc/default/useradd
 
 
 Documentation
 Documentation