一个命令+一个配置文件/etc/login.defs

版本：Linux moban 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux；

系统：centos 6.5

大概内容是创建用户帐号时的文件控制；注意：对root用户是没有作用的；

[root@moban ~]# cat /etc/login.defs 

#

# Please note that the parameters in this configuration file control the

# behavior of the tools from the shadow-utils component. None of these

# tools uses the PAM mechanism, and the utilities that use PAM (such as the

# passwd command) should therefore be configured elsewhere. Refer to

# /etc/pam.d/system-auth for more information.

#

总体意思：请注意控制配置文件的参数；passwd命令在其它地方；参照/etc/pam.d/system-auth

# *REQUIRED*

#   Directory where mailboxes reside, _or_ name of file, relative to the

#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.

#   QMAIL_DIR is for Qmail

#

#QMAIL_DIR      Maildir

MAIL_DIR        /var/spool/mail 当你在创建用户的同时，在/var/spool/mail目录下创建mail文件；

#MAIL_FILE      .mail

# Password aging controls:

#

#       PASS_MAX_DAYS   Maximum number of days a password may be used.

#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.

#       PASS_MIN_LEN    Minimum acceptable password length.

#       PASS_WARN_AGE   Number of days warning given before a password expires.

#

PASS_MAX_DAYS   99999    用户密码的过期天数；

PASS_MIN_DAYS   0        需要修改密码的最小天数；

PASS_MIN_LEN    5        密码的最小长度；

PASS_WARN_AGE   7        密码过期提前的警告天数；

#

# Min/max values for automatic uid selection in useradd

#

UID_MIN                   500

UID_MAX                 60000

此处是创建用户的最小uid和最大uid的范围，当然是你不指定的前提下！！

#

# Min/max values for automatic gid selection in groupadd

#

GID_MIN                   500

GID_MAX                 60000

此处是gid

#

# If defined, this command is run when removing a user.

# It should remove any at/cron/print jobs etc. owned by

# the user to be removed (passed as the first argument).

#

#USERDEL_CMD    /usr/sbin/userdel_local

此处我认为是当删除一个用户时，应解除对他的占用？

别处看的是#当删除用户的时候执行的脚本

#

# If useradd should create home directories for users by default

# On RH systems, we do. This option is overridden with the -m flag on

# useradd command line.

#

CREATE_HOME     yes

创建用户的时候是否创建用户的家目录；此处是yes；

# The permission mask is initialized to this value. If not specified, 

# the permission mask will be initialized to 022.

UMASK           077

家目录的权限初始值

查看用户家目录：drwx------   3 kong            kong            4096 8月  16 11:27 kong

# This enables userdel to remove user groups if no members exist.

#

USERGROUPS_ENAB yes

当一个组只有一个用户存在的时候，删除用户同时删除组；

# Use SHA512 to encrypt password.

ENCRYPT_METHOD SHA512 

指定的passwd的加密方法；

[root@moban ~]# 

转载于:https://blog.51cto.com/linuxboys/1547635