Password aging help

szahri · 03-23-2005, 03:15 AM

Hello all

I need to change the password expiry period for my existing users. Is there any other way I could do it, so that I dont need to change password aging setting one by one? I mean...a script that takes a variable from a file and update it on the /etc/shadow...

Any ideas? All help is very appreciated!

- Suze

druuna · 03-23-2005, 03:25 AM

Hi,

Code:

for USERNAME in `cat file_with_usernames`
do
chage <options> $USERNAME
done

This example takes a file with usernames only. If more info is in that file, you need to cut out the username part.

Hope this helps.

szahri · 03-23-2005, 03:43 AM

Thanks for the help!

I'm wondering if I can just take the name variable from the /etc/passwd or shadow file...coz writing a separate file for the names seems to defeat the purpose of making it an easy task

Something like :

Code:

cat /etc/passwd |awk -F: '{print$1}' |\
while read name ; do

uname=`cat /etc/shadow | grep $name | awk -F":" '{print}'`
chage <options> $uname
done

I'm sorry, my shell script abilities are very limited. Will the script above work?

Thanks a lot again for the code!

- Suze

szahri · 03-23-2005, 04:08 AM

This code seems to do the trick:

Code:

#!/bin/bash
cat /etc/shadow |awk -F: '{print$1}' |\
while read name ; do
 
uname=`cat /etc/shadow | grep $name | awk -F":" '{print$1}'`
/usr/bin/chage -M 2 $uname
done

But when i checked /etc/shadow, I found that some users' password aging werent changed. I did notice the errors below when running the script :

Usage: chage [-l] [-m min_days] [-M max_days] [-W warn]
[-I inactive] [-E expire] [-d last_day] user
Usage: chage [-l] [-m min_days] [-M max_days] [-W warn]
[-I inactive] [-E expire] [-d last_day] user
Usage: chage [-l] [-m min_days] [-M max_days] [-W warn]
[-I inactive] [-E expire] [-d last_day] user
Usage: chage [-l] [-m min_days] [-M max_days] [-W warn]
[-I inactive] [-E expire] [-d last_day] user

There were incidentally 4 users whose password aging didnt change...so I guess that was why it was giving me those errors. Any ideas how i can fix it?

Thanks in advance!
- Suze

druuna · 03-23-2005, 04:09 AM

Hi again,

Besides the syntax and some coding isuues, there's another thing you need to be aware of:

You probably do not want to change the aging info for non-users (root, daemon,sys,lp etc etc). You need to exclude these from your list.

Most distro's use UID's that are 500 or greater for normal users (nobody being an exception, this non-user could have a very high uid, should also be excluded). Check this for your distro!

If 500 is the lowest UID for normal users this will get them from your /etc/passwd file:
awk -F":" '$3 >= 500 { print $1 }' /etc/passwd

Command breakdown:
-F":" <= set seperator to : (colon)
$3 >= 500 <= check if field 3 is greater or equal to 500
{ print $1 }' <= print field 1 (only if $3 >= 500)

You will end up with this:

Code:

for USERNAME in `awk -F":" '$3 >= 500 { print $1 }' /etc/passwd`
do
echo $USERNAME
#chage <options> $USERNAME
done

I commented out the chmod part and added an echo statement. This is for testing. Make sure all is well before actually using the chage ....... line!!!

If you have any doubts/questions: Just ask

Hope this helps.

szahri · 03-23-2005, 08:02 PM

That works beautifully!! Thank you so much for your help, you've saved me from a great headache!

- Suze