You know how to create Linux user account with useradd and passwd.But do you know, how to create it without using them? No, you can’t use adduser which is nothing but an symlink to ‘useradd‘
Why we need this? We believe Linux System-Admin should posses in-depth knowledge on things, rather than just depending on few binaries! So If you want to know what’s going on behind the scenes. Here we go: Our task is to create user named giis and setup password. Lets first update the /etc/passwd file with below entry
echo "giis:x:25000:25000:Giis:/home/giis:/bin/bash" >> /etc/passwdAs you can see there are 7 fields separated by : where each field refer to
Field1: giis - Login name
Field2: x - Password place holder
Field3: 25000 - Unique User id
Field4: 25000 - Group id
Field5: giis - Real name
Field6: /home/giis - Home directory
Field7: /bin/bash - Shell typeThe summary of this entry would be – after verifying password for user giis in the /etc/shadow file, allow user giis to login and place him under /home/giis with bash as the shell type. For a valid login, these fields must be sane. Above entry takes care of Field 1,3,5 and 7. We need to restore sanity for Field 2, 4 and 6.
We can setup Field-4 (group-id) by creating group-id under /etc/group file like
echo "giis:x:25000" >> /etc/groupAbove places an entry into group file which assigns, group name giis with Group-Id (aka gid ) 25000 Now we need to bring some sanity to field-6 (home-dir) by running a command :
mkdir /home/giiswhich creates home directory and we set its permission appropriately with chown
chown giis:giis /home/giisAs you can see below, new created home directory has rwx for own giis and non-writable to group/others.
# ls -ld /home/giis drwxr-xr-x. 2 giis giis 4096 Sep 25 22:38 /home/giisFinally we take care of field-2. It’s little complex than others.For any valid user password, it needs to be stored in encrypted format. Lets use below python statement to create a password secret897 and encrypted with sha256 algorithm using salt $6$salt1234 The end result will be encrypted string of secret897 with slat, which will be stored on /etc/shadow file. We stored encrypted password on temporary shell variable named pass
pass=`python -c 'import crypt; print crypt.crypt("secret897", "$6$salt1234")'`change the permission of shadow file as writable by root
chmod 600 /etc/shadowand just append the encrypted password along with username giis into the shadow file
echo "giis:${pass}:::::::" >> /etc/shadowthen revert the permission
chmod 000 /etc/shadowNow its time to log into the newly created account giis with password secret897 . Goto login prompt type your username and password, then it should place you under /home/giis with bash prompt like bash-4.2$ Now verify your login identity using whoami and home directory using pwd
Everything Fine! right?
