Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Root password expiry script
Operating Systems Linux Red Hat Root password expiry script Post 302980648 by Skrynesaver on Wednesday 31st of August 2016 06:59:39 AM
Old 08-31-2016
There's a field in /etc/shadow which sets how many days before expiry the user is warned, however this warning is on logon and so will not work for rarely administered boxes.
chage -l root will give you this and other values including the expiry date of the current password.

Unfortunately the password expiry date is not in an easily calculable format, however it should be possible to convert it to epoch and compare with today's date, eg Perl's Date::Calc module provides a delta days function which could be used for this...
Code:
Delta_Days($year1,$month1,$day1,$year2,$month2,$day2);

---------- Post updated at 11:59 ---------- Previous update was at 11:36 ----------

To expand...
Code:
perl  -e 'use Date::Calc qw(Delta_Days);
@today=(localtime(time))[3,4,5];
$expiry=qx(/usr/bin/chage -l);
%months=qw(Jan 1 Feb 2 Mar 3 Apr 4 May 5 Jun 6 Jul 7 Aug 8 Sep 9 Oct 10 Nov 11 Dec 12);
($expire_month, $expire_day,$expire_year)=$expiry=~/Password expires\s+:\s(\w+)\s(\d+),\s(\d+)/g;
$expire_month=$months{$expire_month};
$days_to_expiry=Delta_Days($today[2]+1900,$today[1]+1,$today[0],$expire_year,$expire_month, $expire_day);
if ($days_to_expiry < 7){
  use Mail::Sender;
  ...
}'

Last edited by Skrynesaver; 08-31-2016 at 11:58 AM..
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

password expiry

Hi, under SUN Unix, in which file the expiry date of a user password is indicated ? Many thanks. (2 Replies)
Discussion started by: big123456
2 Replies

2. Solaris

Root account - disable expiry

I couldnt find this in any other post - so hoping someone can help out. I want to set password expiry (or rather I have to) for a number of users on my solaris 9 system. I know i can set the following options in the /etc/default/passwd file to do it and then just type a passwd -f <username> to... (6 Replies)
Discussion started by: frustrated1
6 Replies

3. Shell Programming and Scripting

how to change root password using shell script with standard password

Hi Friends. I am new to scripting now i want to change the root password using the script with standard password. which is the easy scripting to learn for the beginner, Thanks in advance. (2 Replies)
Discussion started by: kurva
2 Replies

4. Solaris

Solaris 8 - Asks for current root password when trying to change root password.

Hello All, I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Discussion started by: tferrazz
8 Replies

5. Solaris

Notification of password expiry.

Hi, Is there any way of sending an email to a number of users indicating that the passwords of user accounts will expire? Currently we have a test server with a number of oracle test accounts on it. Each of these accounts correspond to an instance of Oracle on the server. These... (2 Replies)
Discussion started by: sparcman
2 Replies

6. Solaris

Notification of password expiry.

Hi, Is there any way of sending an email to a number of users indicating that the passwords of user accounts will expire? Currently we have a test server with a number of oracle test accounts on it. Each of these accounts correspond to an instance of Oracle on the server. These... (2 Replies)
Discussion started by: sparcman
2 Replies

7. Solaris

SSH Password-less login fails on password expiry.

Hi Gurus I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails. Resetting my password reenables the keys. Do i need to do something to avoid this scenario or is this... (2 Replies)
Discussion started by: Renjesh
2 Replies

8. Shell Programming and Scripting

Need a script to set non-expiry password

Hi All, I have a gateway server, from where I can connect any server via 'sudo ssh server_name'. Generally, if we need to run a command on any number of servers, we put server names in a file like '/tmp/ser_name' and execute it with for loop from gateway server. Now, I need to set non-expiry... (0 Replies)
Discussion started by: solaris_1977
0 Replies

9. Shell Programming and Scripting

How to get rid off Password expiry error message when connecting to sql in script?

I am connecting to sql databases through shell script. Databases that i am connecting will need password change every 60 days. This is according to our security policy and cannot be changed. But this is creating problem when connecting to Databases through shell script . To connect to oracle DB we... (2 Replies)
Discussion started by: pallvi_mahajan
2 Replies

10. Shell Programming and Scripting

Script to send an email for password expiry

Newbie in scripting Please assist with a script to send an email to all users seven days before their passwords expires.Aging set for 90 days. # chage -l user1 Last password change : Jul 08, 2015 Password expires :... (4 Replies)
Discussion started by: tshepang
4 Replies

LEARN ABOUT XFREE86

chage

CHAGE(1)                                                           User Commands                                                          CHAGE(1)

NAME

       chage - change user password expiry information

SYNOPSIS

       chage [options] LOGIN

DESCRIPTION

       The chage command changes the number of days between password changes and the date of the last password change. This information is used by
       the system to determine when a user must change his/her password.

OPTIONS

       The options which apply to the chage command are:

       -d, --lastday LAST_DAY
           Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format
           YYYY-MM-DD (or the format more commonly used in your area).

       -E, --expiredate EXPIRE_DATE
           Set the date or number of days since January 1, 1970 on which the user's account will no longer be accessible. The date may also be
           expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the
           system administrator before being able to use the system again.

           Passing the number -1 as the EXPIRE_DATE will remove an account expiration date.

       -h, --help
           Display help message and exit.

       -I, --inactive INACTIVE
           Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of
           days of inactivity. A user whose account is locked must contact the system administrator before being able to use the system again.

           Passing the number -1 as the INACTIVE will remove an account's inactivity.

       -l, --list
           Show account aging information.

       -m, --mindays MIN_DAYS
           Set the minimum number of days between password changes to MIN_DAYS. A value of zero for this field indicates that the user may change
           his/her password at any time.

       -M, --maxdays MAX_DAYS
           Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user
           will be required to change his/her password before being able to use his/her account. This occurrence can be planned for in advance by
           use of the -W option, which provides the user with advance warning.

           Passing the number -1 as MAX_DAYS will remove checking a password's validity.

       -R, --root CHROOT_DIR
           Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.

       -W, --warndays WARN_DAYS
           Set the number of days of warning before a password change is required. The WARN_DAYS option is the number of days prior to the
           password expiring that a user will be warned his/her password is about to expire.

       If none of the options are selected, chage operates in an interactive fashion, prompting the user with the current values for all of the
       fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a
       pair of [ ] marks.

NOTE

       The chage program requires a shadow password file to be available.

       The chage command is restricted to the root user, except for the -l option, which may be used by an unprivileged user to determine when
       his/her password or account is due to expire.

CONFIGURATION

       The following configuration variables in /etc/login.defs change the behavior of this tool:

FILES

       /etc/passwd
           User account information.

       /etc/shadow
           Secure user account information.

EXIT VALUES

       The chage command exits with the following values:

       0
           success

       1
           permission denied

       2
           invalid command syntax

       15
           can't find the shadow password file

SEE ALSO

       passwd(5), shadow(5).

shadow-utils 4.5                                                    01/25/2018                                                            CHAGE(1)
All times are GMT -4. The time now is 05:17 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy