Redhat - Change all existing users password expiry

howie2293 · 12-19-2016, 12:02 PM

Hi

I have an issue of needing to change the password expiry for all users on our server. Bar doing it one by one. Is there a way to change the expiry for all existing users?

TB0ne · 12-19-2016, 12:14 PM

Quote:

Originally Posted by howie2293

Hi
I have an issue of needing to change the password expiry for all users on our server. Bar doing it one by one. Is there a way to change the expiry for all existing users?

Your subject line says "Redhat", but you don't say what version of Red Hat you're using, nor what authentication method you're using now (LDAP? Local?). Read the "Quesiton Guidelines" link in my posting signature.

Should be very simple to dump a list of users from the passwd file, and shove it through a bash script to change the expiry. But there isn't a way to do it for ALL users at once with one command. And have you called Red Hat support?? If you're using RHEL, you're PAYING for it, right???

jefro · 12-19-2016, 02:41 PM

Something on this line then use script to grab the users and issue the changes maybe??

https://access.redhat.com/documentat...swd-aging.html

szboardstretcher · 12-19-2016, 03:46 PM

You can use this to get users of regular user ids listed in login.defs:

Code:

MIN=$(grep '^UID_MIN' /etc/login.defs)
MAX=$(grep '^UID_MAX' /etc/login.defs)
awk -F':' -v "min=${MIN##UID_MIN}" -v "max=${MAX##UID_MAX}" '{ if ( $3 >= min && $3 <= max ) print $1}' /etc/passwd >> userlist

And you could feed that into the chage command to reset the expiry of those users to, say... 60 days from now:

Code:

while read u; do
 echo "chage -M 60 $u"
 #chage -M 60 $u
done < userlist

Test that first,. if it works to satisfaction, you can remove the 'echo' part and uncomment the command. Or change it to suit your specific need.

howie2293 · 12-20-2016, 04:27 AM

Quote:

Originally Posted by TB0ne

Your subject line says "Redhat", but you don't say what version of Red Hat you're using, nor what authentication method you're using now (LDAP? Local?). Read the "Quesiton Guidelines" link in my posting signature.

[/B]

Apologizes the Red Hat release version is 6.7 (Santiago)

Coffee!!! · 12-20-2016, 10:35 AM

Assuming you're using local password policies, here are a few basic settings:

/etc/login.defs
PASS_MAX_DAYS 60
PASS_MIN_DAYS 1
PASS_MIN_LEN 5
PASS_WARN_AGE 7

The above will assign any new users the following definitions and you can use szboardstretcher's script to assign the policies to each of the existing users.