Your suggestions could be set out as:-
- Compare today's /etc/passwd to yesterday (sort first for ease)
- Save current /etc/passwd to use tomorrow
You can then look for password expiry based on the content of
/etc/security/password It's a little awkward because:-
- The Last password change time is stored in seconds from 1/1/1970
- The expiry will be in weeks, either per user or in the default stanza
Using
/etc/passwd as a driver, you can read one stanza from
/etc/security/passwd with
grep -Ep "^$userid:" /etc/security/passwd although you then have to consider the points above to decide if the password is about to expire, depending also how you define 'about to expire'
Does this give you something to work with?
Robin