Linux user authentication is done with the shadow password file. the shadow password file is configured with the login.defs configuration file which is located under the /etc. This file provides configuration like password maximum days, password minimum days, etc. In this tutorial, we will examine the /etc/login.defs configuration file and different configurations.
Mail Storage Directory Configuration
The mail storage path or directory can be specified with the MAIL_DIR configuration. By default, the “/var/mail” path is configured to store mails. Every user has a directory with its user name under this directory.
Failed Login Attempts Logs
When a user tries to login the authentication may fail. The failed login is logged into the log file /var/log/faillog. The configuration is enabled by default with the following configuration.
Succesfull Login Attempts Logs
Also the succesfull login authentications can be logged with the following configuration which is not enabled by default.
Umask is a value used to set newly created files and folders permissions. The umask command is used to display and change this value. Also the UMASK configuration can be set like below.
Password Maximum Days
Password Maximum Days configuration is used to set how long a user password will be valid. After the specified days, the password should be changed which is forced in login. By default, this value is 99999 which can be called unlimited.
Password Minimum Days
Password Minimum Days is used to configure the minimum days to change password. By default this value it not limited with the value 0.
Password Warning Age
Password Warning Age is used to set when the warning messages about the password change will be shown. The default value is 7 where in the last 7 days when the user logins the password change warning message will be shown.
User ID (UID) Start Number
User ID or UID is used to identify a Linux user with an ID or number. The start number for newly created users can be set with this configuration. By default the user ID start number is 1000.
Login Retry Count
Max number of login retries if the password is bad. This will most likely be overridden by PAM since the default pam_unix module has its own built-in of 3 retries. However, this is a safe fallback in case you are using an authentication module that does not enforce PAM_MAXTRIES.