Quote:
Originally Posted by
bobochacha29
I would like to copy some user policy ( such as login time out , password expired time, number of failed login before user is locked, ... )
Unix does not deal with "policies", there are just (access) rights: read, write and execute. What you are after is spread out over several different portions of the OS software:
login time out if you mean a time of inactivity after which a user is logged out: this is a shell variable, called "TMOUT", which is usually set in /etc/enviroment as a read-only variable. Many security auditors insist on it, but it is idiotic (meaning: it doesn't serve the proposed purpose in any way), it can easily be circumvented and it might even be harmful without any practical gain. My suggestion is not to implement it at all.
password expired time is a property of the user account and you should use the
chuser (
mkuser for new users) command to set or change it.
number of failed login before user is locked same as above.
Quote:
Originally Posted by
bobochacha29
I guess that I have to reboot server
No, not at all. Booting loads a new kernel image into memory. Have you changed anything on the kernel? No! Therefore....
Quote:
OK but what about the users? Their home directories??? the one you see in /etc/passwd...
The users are created by copying
/etc/passwd, but about the home-directories and their contents, ssh-keys and similar information you are absolutely right.
As
rbatte1 has already said: ONLY USE THE OS COMMANDS to do things, do not dabble around in configuration files - at least not to achieve ordinary things like creating/changing users and definitely not as long as you are not 1000% sure what you do.
Rule of thumb: if you have to ask how you should not do it at all.
PS: the perhaps cleanest way to implement uniform user accounts across a scenery of systems is to use some system designed for that: Kerberos, LDAP, NIS, NISplus, DCE, X.500, ....
I hope this helps.
bakunin