Q.) Which of the below will take precedence ?
# cat /etc/login.defs | grep -i len
PASS_MIN_LEN 5
# cat /etc/security/pwquality.conf | grep -i len
minlen = 9
Q.) How to resolve this error when doing ssh :
Last login: Tue Oct 8 22:09:50 2024 from 72.57.183.162
This account is currently not available.
Q.) How do I change the default kernel in GRUB that is loaded at startup?
I'll be posting a series of Linux-related questions covering various skill levels. Feel free to share your insights and expertise. Your contributions will benefit learners at all stages, from those in current roles to those preparing for Linux interviews.
Level - L1 and above
That first question is a lovely one: /etc/login.defs vs /etc/security/pwquality.conf
taking precedence.
I would say that I was resourceful (a gentlemanly way of saying "I cheated"),
because I had a look at the exact response on the Red Hat Customer Portal.
However, I took my investigation a little bit further, and I walked through a couple
of scenarios, to confirm what that solution reported. By doing so, I made a very
handsome discovery.
Okay, a direct quote from that solution on the Red Hat Customer Portal states:
"While changing the password, We can see that /etc/security/pwquality.conf
takes precendence over /etc/login.defs".
Yeah, even if the minimum length is set to a lower value in the /etc/login/defs file,
the minimum length that's considered/enforced is the one in the
/etc/security/pwquality.conf!!!
Now, I'm not so sure that "precendence" is responsible for this, as much as "solitary"
is responsible. What I'm saying here is that the setting in the /etc/security/pwquality.conf file is the only setting considered. Why do I say this?
Based on a little note in the /etc/logins.def file. On line number 135 of the
/etc/logins.def file, the following comment appears:
# Currently PASS_MIN_LEN is not supported
I didn't just look at this comment, and say, "Okay". I had to examine it, and I did!!!
Based on my examination, that comment is absolutely true!!! For completeness, I
examined this in a RHEL 9.4 installation - your mileage may vary
In conclusion, if I have to stick with "precedence", the setting in the
/etc/security/pwquality.conf file indeed takes precedence over the setting in the
/etc/logins.def - however, I must add, "by default"!!
Question #2: How to resolve this error when doing ssh
Uh oh! Looks like the system admin accidentally (or deliberately ) put the
nologin command, in place of the bash command - in the /etc/passwd file.
With that being the case, there will be no logging into this user account!!!
As long as /sbin/nologin, is in field 7, of the /etc/passwd file, of a user account,
you will be greeted with the message "This account is currently not available"
(or some variation thereof) when attempting to login to that account!!!
So, if you wish to log into this account, simply replace /sbin/nologin with
/bin/bash, and you can put away the headache medication
# usermod -s /bin/bash user_account_name
Happy login!!!!
Preparing is right - not quite there yet
Question #3: How do I change the default kernel in GRUB that is loaded at startup?
Sooooooooo, you want to change the default kernel in GRUB that is loaded at startup!
Well, I "think" I can help with that.
This isn't part of the solution, but I just like to verify what's currently in place before
I start tunring knobs. So, I'll begin by executing the following command:
# grubby --default-kernel
Note: This same command will be used to verify that a new kernel has been
configured as the kernel to be loaded at startup!
Now, we need to identify the kernel (file) that we want to have loaded at startup.
Just like we know to go into the dairy section of the grocery store to look for milk,
we know to go into the /boot/ directory to locate the kernel files to choose from.
You won't have to spend a lot of time trying to locate them, because they'll be
bunched together, with names beginning with "vmlinuz....".
Okay, after identifying the kernel that you want to have loaded at startup, execute
the following command:
# grubby --set-default=/boot/kernel_filename
Restart/reboot your linux system to see that this is indeed the default kernel being
loaded at startup. Now, go to lunch!!!
Wonderful job explaining all the answers @Trevor !
Thank you Chetan, for your kind words and support, as always!!!
Red Hat
Learning Community
A collaborative learning environment, enabling open source skill development.