What is /etc/login.defs file and why its used?
The /etc/login.def file is containing the basic settings for newly created user on server like
MAIL_DIR /var/spool/mail
The useradd, usermod, userdel, and groupadd commands, and other user and group utilities take default values from this file.
The default /etc/login.defs file is as follows
#
# Please note that the parameters in this configuration file control the
# behavior of the tools from the shadow-utils component. None of these
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
# /etc/pam.d/system-auth for more information.
## *REQUIRED*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
# QMAIL_DIR is for Qmail
#
#QMAIL_DIR Maildir
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 500
UID_MAX 60000#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 500
GID_MAX 60000#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME yes# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK 077# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes# Use SHA512 to encrypt password.
ENCRYPT_METHOD MD5MD5_CRYPT_ENAB yes
Some key point need to be note down while working in /etc/login.defs else your server is in risk, so be careful.
If the USERGROUPS_ENAB directive in /etc/login.defs is YES, a group is created for the user with the same name as the username. If the directive is NO, the useradd command sets the primary group of the new user to the value specified by the GROUP directive in the /etc/default/useradd file, or 100 by default.