The useradd command in Linux is used for creating new user accounts. When configuring password inactivity periods using the -f or --inactive INACTIVE option, administrators can set the number of days after a password expires until the account is permanently disabled. This feature helps enforce security policies by automatically locking out inactive accounts after a specified period.
Here are several examples demonstrating the usage of the useradd command with the -f option:
Example 1: Setting an account to be disabled 30 days after password expiration.
useradd -f 30 username
This command creates a new user username and sets the password inactivity period to 30 days. After the password expires, if the user does not change it within 30 days, the account will be disabled.
Example 2: Creating a user with immediate account expiration after password expiration.
useradd --inactive 0 username2
Here, username2 is created with a password inactivity period of 0 days, meaning the account will be disabled immediately after the password expires.
Example 3: Setting a longer inactivity period of 60 days for an account.
useradd --inactive 60 username3
This command assigns a 60-day period after password expiration before the account username3 is disabled due to inactivity.
Example 4: Adding a user with a default inactivity period.
useradd username4
When no -f or --inactive option is specified, the system default inactivity period applies, which may vary based on system configuration.
Verification Steps: To verify if the useradd command with the password inactivity period option was executed correctly, you can use the following steps:
- Check if the user account was created by listing all users on the system:
cat /etc/passwd | cut -d: -f1. - Inspect the account details, including inactivity settings, in the
/etc/shadowfile:sudo grep username /etc/shadow. - Confirm the password expiration and inactivity period by examining the user’s account status:
sudo chage -l username.
Discussion about this post