LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page RHEL 5 /etc/shadow Expire setting question
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 11-22-2013, 08:20 AM   #1
kechlion
LQ Newbie
 
Registered: Dec 2009
Posts: 15

Rep: Reputation: 0
RHEL 5 /etc/shadow Expire setting question

Good day all,

In reviewing the shadow file for a server I've found something I do not have the answer for : what exactly does the expire setting mean in a shadow file?

Per RedHat here https://access.redhat.com/site/docum...ps-shadow.html

The last entry for a user is supposed to be how long an account has been expired. However, further down their page they show a date in the expire field and they explain it as a date in the future when an account will expire. Which is it?

My specific question is related to this entry :
This was pulled on 1/31/2013, pw last changed on 7/25/2012, meaning 190 days since it was changed.

username:hash:15546:0:90:14:90::

Would this account not have been locked out for 10 days? I.e. it expired after 90 days, was locked because of inactive after 90 days, and it's been 10 days since then. Should the 'expire' value not be 10?

Any help would be appreciated. Thanks!
 
Old 11-26-2013, 04:33 PM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653
Yes, that page is misleading - you can open a ticket to get it fixed if you like. According to 'man 5 shadow' your entry maps to:

Code:
username   ·  login name
hash       ·  encrypted password
15546      ·  days since Jan 1, 1970 that password was last changed
0          ·  days before password may be changed
90         ·  days after which password must be changed
14         ·  days before password is to expire that user is warned
90         ·  days after password expires that account is disabled
           ·  days since Jan 1, 1970 that account is disabled
           ·  a reserved field
Which indicates that the field you are interested in is a fixed date when the account will be disabled, not the number of days since it has expired. This field can be manipulated with the chage command, here's an example:
Code:
# useradd testuser
# grep testuser /etc/shadow
/etc/shadow:testuser:!!:16035:0:60:14:::
# chage -E 2014-02-03 testuser
# grep testuser /etc/shadow
testuser:!!:16035:0:60:14::16104:
And we can confirm that 16104 is correct by calculating it via the date command:
Code:
]$ echo "$(date +%s -d 20140203) / 3600 / 24" | bc
16103
.. off by one but you get the idea.
 
Old 11-27-2013, 08:30 AM   #3
kechlion
LQ Newbie
 
Registered: Dec 2009
Posts: 15

Original Poster
Rep: Reputation: 0
Huh, it's interesting that the man for it is right but the site is very obviously misleading. So for my example account, it would have been expired for 10 days (190 since changed - 90 for pw age - 90 for inactive = 10 days of disabled) but other than doing the math myself, there's no way to check for that is there?

Thank you very much for the help.
Last edited by kechlion; 11-27-2013 at 08:32 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Password Never Expire Setting help needed , How?Hi , I have a requirement from the c redhat70 Linux - Security 1 06-21-2012 12:24 AM
[SOLVED] Will RHEL expire? penyuan Red Hat 6 05-08-2012 04:46 PM
[SOLVED] What should the permission setting for the /etc/shadow file be? chris1973 Linux - Newbie 3 08-15-2010 02:21 AM
Why does RHEL put !! in shadow to disable an account instead of just ! enelson79 Red Hat 1 07-29-2010 05:27 PM
Shadow file question Timur Sakayev Linux - Security 4 06-07-2005 10:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:21 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration