Thursday, 29 May 2025

ubuntu creat user with sudo, home. /bin/bash shell and allow to login , change pwd

 create user with home and /bin/bash


https://askubuntu.com/questions/281217/added-new-user-no-shell-tab-completing


sudo useradd -s /bin/bash -d /home/newname -m newname



if user doesnt have /bin/bash by default they dont 

by default useradd reads a file /etc/default/useradd which by default has this set SHELL=/bin/sh. adduser on the other hand config defaults to bash DSHELL=/bin/bash

login as user and type chsh 


SSH need to allow user


 SSH Configuration:

  • AllowUsers:
    If you're only allowing specific users to SSH, make sure your user is in the AllowUsers list in /etc/ssh/sshd_config. 
  • sudo systemctl restart sshd (for systems using systemd). 
Add user to sudo

https://askubuntu.com/questions/7477/how-can-i-add-a-user-as-a-new-sudoer-using-the-command-line


passwod unchanged
https://askubuntu.com/questions/1473418/passwd-command-outputs-password-unchanged-when-the-password-was-changed


/etc/pam.d/common-password file:

# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords.  The default is pam_unix.

# Explanation of pam_unix options:
#
# The "sha512" option enables salted SHA512 passwords.  Without this option,
# the default is Unix crypt.  Prior releases used the option "md5".
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs.
#
# See the pam_unix manpage for other options.

# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
password    requisite      pam_pwquality.so retry=3
password    [success=1 default=ignore]  pam_unix.so obscure use_authtok try_first_pass sha512
# here's the fallback if no module succeeds
password    requisite      pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password    required       pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
password required pam_pwhistory.so remember=5
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)