All of you would have used commands useradd and passwd very commonly or at least in the recent evolution, you would have used GUI to create user accounts on a unix based systems. But being a Linux System Administrator, you should have in-depth knowledge on things rather than just depending on few commands! So this article would show you how you can create an account and setup password without useradd and passwd commands!
Step1 : Create a Linux User Account
Open the file: /etc/passwd and add the below entry:
From the above entry you would see 7 fields which are separated by colon. Each field refers to –
1: ramya - Login Name 2: x - Password placeholder 3: 1600 - Unique User Id 4: 1600 - Group Id 5: Ramya - Real Name 6: /home/ramya - Home Directory Location 7: /bin/bash - Shell Type
The 2nd field “x” means during login, the password for user ramya should be verified in /etc/shadow file. Fields 2, 4, 6 depends on others things as below:
Step 2: Create password
Field 2 depends on the file /etc/shadow where the passwords are stored in an encrypted format referring to the username as shown below. Here I would be showing you how to setup the encrypted password in a little complex way without using the passwd command.
In the above entry, the username ramya is appended with encrypted password generated using the python statement.
To generate the encrypted password (say, mylogin897) with sha256 algorithm using salt $5$salt233 as shown below:
$python -c 'import crypt; print crypt.crypt("mylogin897","$5$salt233")'; $5$salt233$YZX1FTq8qgsnZF.rmDETGh141vWx72j8OPppSwkJ180
To generate an hash with Sha512 algorithm, use the salt: $6$salt233.
Python version 3.3 and above includes mksalt in crypt, which makes it much easier and more secure to use:
python3 -c 'import crypt; print(crypt.crypt("test", crypt.mksalt(crypt.METHOD_SHA512)))
Every time you execute the above code, against a new random salt, the hash’s are generated. If you don’t specify the hashing algorithm in the function crypt.mksalt, then it will use the strongest available. Below tables provides the hashing algorithms the crypt module supports and its strongest in the ascending order:
The ID of the hash (number after the first $) is related to the method used which you can notice in the method1:
1 -> MD5
5 -> SHA-256
6 -> SHA-512
Note: In cryptography, a salt is a random data that is used as an additional input to a one-way function that hashes a password or passphrase. The primary function of salts is to defend against dictionary attacks versus a list of password hashes and against per-computed rainbow table attacks.
Step 3: Create Group Id
Field 4 (group Id) is setup by creating an entry as shown below in the /etc/group file:
Step 4: Create Home directory
Field 6 (Home directory) is setup by creating a directory under /home/ and set permissions appropriately using the command chown:
chown ramya:ramya /home/ramya
The above directory should have drwx for the owner and for others non-writable.
chmod 700 /home/ramya
$ls -ld /home/ramya drwx------ 74 ramya ramya 2048 Nov 23 09:39 /home/ramya
Now you are ready login to the account ramya with the password mylogin897. Once successfully logged in, you will be placed onto a bash shell under the directory /home/ramya