LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Redhat - Change all existing users password expiry (https://www.linuxquestions.org/questions/linux-server-73/redhat-change-all-existing-users-password-expiry-4175595738/)

howie2293 12-19-2016 12:02 PM
Redhat - Change all existing users password expiry
 
Hi

I have an issue of needing to change the password expiry for all users on our server. Bar doing it one by one. Is there a way to change the expiry for all existing users?

TB0ne 12-19-2016 12:14 PM
Quote:
Originally Posted by howie2293 (Post 5643949)
Hi
I have an issue of needing to change the password expiry for all users on our server. Bar doing it one by one. Is there a way to change the expiry for all existing users?
Your subject line says "Redhat", but you don't say what version of Red Hat you're using, nor what authentication method you're using now (LDAP? Local?). Read the "Quesiton Guidelines" link in my posting signature.

Should be very simple to dump a list of users from the passwd file, and shove it through a bash script to change the expiry. But there isn't a way to do it for ALL users at once with one command. And have you called Red Hat support?? If you're using RHEL, you're PAYING for it, right???

jefro 12-19-2016 02:41 PM
Something on this line then use script to grab the users and issue the changes maybe??

https://access.redhat.com/documentat...swd-aging.html

szboardstretcher 12-19-2016 03:46 PM
You can use this to get users of regular user ids listed in login.defs:

Code:
MIN=$(grep '^UID_MIN' /etc/login.defs)
MAX=$(grep '^UID_MAX' /etc/login.defs)
awk -F':' -v "min=${MIN##UID_MIN}" -v "max=${MAX##UID_MAX}" '{ if ( $3 >= min && $3 <= max ) print $1}' /etc/passwd >> userlist
And you could feed that into the chage command to reset the expiry of those users to, say... 60 days from now:

Code:
while read u; do
 echo "chage -M 60 $u"
 #chage -M 60 $u
done < userlist
Test that first,. if it works to satisfaction, you can remove the 'echo' part and uncomment the command. Or change it to suit your specific need.

howie2293 12-20-2016 04:27 AM
Quote:
Originally Posted by TB0ne (Post 5643953)
Your subject line says "Redhat", but you don't say what version of Red Hat you're using, nor what authentication method you're using now (LDAP? Local?). Read the "Quesiton Guidelines" link in my posting signature.

[/B]
Apologizes the Red Hat release version is 6.7 (Santiago)

Coffee!!! 12-20-2016 10:35 AM
Assuming you're using local password policies, here are a few basic settings:

/etc/login.defs
PASS_MAX_DAYS 60
PASS_MIN_DAYS 1
PASS_MIN_LEN 5
PASS_WARN_AGE 7

The above will assign any new users the following definitions and you can use szboardstretcher's script to assign the policies to each of the existing users.


All times are GMT -5. The time now is 08:51 PM.