1、vim /etc/login.defs

邮件选项

REQUIRED

Directory where mailboxes reside, or name of file, relative to the

home directory. If you do define both, MAIL_DIR takes precedence.

QMAIL_DIR is for Qmail

#

QMAIL_DIR Maildir

MAIL_DIR /var/spool/mail

MAIL_FILE .mail

密码控制策略

Password aging controls:

#

PASS_MAX_DAYS Maximum number of days a password may be used.

PASS_MIN_DAYS Minimum number of days allowed between password changes.

PASS_MIN_LEN Minimum acceptable password length.

PASS_WARN_AGE Number of days warning given before a password expires.

#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7

UID起止范围设置，此处最小值被我修改为5000，最大值为60000.

#

Min/max values for automatic uid selection in useradd

#
UID_MIN 5000
UID_MAX 60000

System accounts

SYS_UID_MIN 201
SYS_UID_MAX 999

GID起止范围设置，此处最小值被我修改为5000，最大值为60000.

#

Min/max values for automatic gid selection in groupadd

#
GID_MIN 5000
GID_MAX 60000

System accounts

SYS_GID_MIN 201
SYS_GID_MAX 999

删除用户选项

#

If defined, this command is run when removing a user.

It should remove any at/cron/print jobs etc. owned by

the user to be removed (passed as the first argument).

#

USERDEL_CMD /usr/sbin/userdel_local

是否创建用户目录

#

If useradd should create home directories for users by default

On RH systems, we do. This option is overridden with the -m flag on

useradd command line.

#
CREATE_HOME yes

umask设置

The permission mask is initialized to this value. If not specified,

the permission mask will be initialized to 022.

UMASK 077

移除用户同时移除该用户原来所在除了原用户之外没有其他没有成员的组。

This enables userdel to remove user groups if no members exist.

#
USERGROUPS_ENAB yes

Use SHA512 to encrypt password.

全部的注解

密码策略相关
PASS_MAX_DAYS 90 　　 # 密码最长过期天数
PASS_MIN_DAYS 80 　　　 # 密码最小过期天数
PASS_MIN_LEN 10 　　　　# 密码最小长度
PASS_WARN_AGE 7 　　　 # 密码过期警告天数