22.2 Changing Default Settings for User Accounts

To display the default settings for an account use the following command:

# useradd -D

INACTIVE specifies after how many days the system locks an account if a user's password expires. If set to 0, the system locks the account immediately. If set to -1, the system does not lock the account.

SKEL defines a template directory, whose contents are copied to a newly created user’s home directory. The contents of this directory should match the default shell defined by SHELL.

You can specify options to useradd -D to change the default settings for user accounts. For example, to change the defaults for INACTIVE, HOME and SHELL:

# useradd -D -f 3 -b /home2 -s /bin/sh

If you change the default login shell, you would usually also create a new SKEL template directory with contents that are appropriate to the new shell.

If you specify /sbin/nologin for a user's SHELL, that user cannot log into the system directly but processes can run with that user's ID. This setting is typically used for services that run as users other than root.

The default settings are stored in the /etc/default/useradd file.

For more information, see Section 22.8, “Configuring Password Ageing” and the useradd(8) manual page.