/etc/login.defs 文件

/etc/login.defs 是设置用户帐号限制的文件。该文件里的配置对root用户无效。优先级低于/etc/shadow里面的配置。
使用vim打开文件
[root@localhost ~]# vim /etc/login.defs

#
# Please note that the parameters in this configuration file control the
# behavior of the tools from the shadow-utils component. None of these
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
# /etc/pam.d/system-auth for more information.
#

# *REQUIRED*
#   Directory where mailboxes reside, _or_ name of file, relative to the
#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
#   QMAIL_DIR is for Qmail
#
#QMAIL_DIR      Maildir
MAIL_DIR        /var/spool/mail
#MAIL_FILE      .mail

# Password aging controls:
#
#       PASS_MAX_DAYS   Maximum number of days a password may be used.
#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
#       PASS_MIN_LEN    Minimum acceptable password length.
#       PASS_WARN_AGE   Number of days warning given before a password expires.
#
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7

#
# Min/max values for automatic uid selection in useradd
#
UID_MIN                  1000
UID_MAX                 60000
# System accounts
SYS_UID_MIN               201
SYS_UID_MAX               999

#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN                  1000
GID_MAX                 60000
# System accounts
SYS_GID_MIN               201
SYS_GID_MAX               999

#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD    /usr/sbin/userdel_local

#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME     yes

# The permission mask is initialized to this value. If not specified, 
# the permission mask will be initialized to 022.
UMASK           077

# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes

# Use SHA512 to encrypt password.
ENCRYPT_METHOD SHA512

删除注释信息后

#创建用户时，要在目录/var/spool/mail中创建一个用户mail文件
MAIL_DIR        /var/spool/mail   
#密码最大有效期99999   
PASS_MAX_DAYS   99999
#两次修改密码的最小间隔时间0
PASS_MIN_DAYS   0
#密码最小长度，对于root无效
PASS_MIN_LEN    5
#密码过期前多少天开始提示
PASS_WARN_AGE   7
#创建用户时不指定UID的话自动UID的范围
UID_MIN                  1000
#用户ID的最小值
UID_MAX                 60000
#系统uid的最小值
SYS_UID_MIN               201
#系统uid的最大值
SYS_UID_MAX               999
#用户组GID的最小值
GID_MIN                  1000
#用户组GID的最大值
GID_MAX                 60000
#系统用户组GID的最小值
SYS_GID_MIN               201
#系统用户组GID的最大值
SYS_GID_MAX               999
#允许使用useradd的时候创建用户家目录
CREATE_HOME     yes
#权限掩码设置为077（默认为022，注释里面有这方面介绍）
UMASK           077
#使用命令 userdel 删除用户时，是否删除用户的初始组，默认是删除
USERGROUPS_ENAB yes
#指定 Linux 用户的密码使用 SHA512 散列模式加密，这是新的密码加密模式，原先的 Linux只能用 DES 或 MD5 方式加密
ENCRYPT_METHOD SHA512