How Allow root password to expire

johnmccarthy · 08-28-2012, 10:58 AM

Our government customer has expressed that our RHEL 5 root account must have an expiration date. He observed our /etc/shadow file and found that root account is set to 99999 (many many years). How can I safely set the root password to expire after 90 days?

A million thanks
Johnny Mac

Very new to Linux and don't want to mess up the root account

kedarp · 08-28-2012, 11:07 AM

Go through the man page of the shadown file

#man shadow

You will find all the details of the shadow fields.

Regards.

chrism01 · 08-28-2012, 08:56 PM

http://linux.die.net/man/1/chage

Quote:

-E, --expiredate EXPIRE_DATE
Set the date or number of days since January 1, 1970 on which the user's account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.

Passing the number -1 as the EXPIRE_DATE will remove an account expiration date.

-M, --maxdays MAX_DAYS
Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change his/her password before being able to use his/her account. This occurrence can be planned for in advance by use of the -W option, which provides the user with advance warning.

Passing the number -1 as MAX_DAYS will remove checking a password's validity.

Expire & duration are 2 different things...

See also http://linux.die.net/man/5/login.defs for defaults

kedarp · 08-28-2012, 10:29 PM

Yes, chage will write to the same shadow file. Thanks.