topic Re: Cron in Operating System - HP-UX

Cron

Jayson B. Hurd — Tue, 12 Jul 2005 10:02:53 GMT

Cron stopped running a particular user's jobs because its password had expired. They now run because I changed the password. What is the best way to keep this from happening again?

Re: Cron

TwoProc — Tue, 12 Jul 2005 10:07:12 GMT

Maybe make it a root cron job that runs a script that calls an "su -c" command to run your user's job as your user. This would make the process get kicked off by root's cron list, the su command from root should succeed regardless of user password setting, and would run as the user himself with his/her file permissions so no additional risk would be brought to the system as far as I can see.

Re: Cron

Mel Burslan — Tue, 12 Jul 2005 10:17:53 GMT

although it is not a good security practice, you can make an exception and set the user's password not to expire at all if this is very critical to run the cron jobs.

Re: Cron

Jayson B. Hurd — Tue, 12 Jul 2005 10:19:02 GMT

Where is this done?

Re: Cron

Pete Randall — Tue, 12 Jul 2005 10:22:28 GMT

Jayson,

Take a look at "man modprpw".

Pete

Re: Cron

DCE — Tue, 12 Jul 2005 10:24:31 GMT

If you are asking about John's suggestion:

in the root cron

*4*** su - oracle -c "some command"

An added benefit, you will have better control of which jobs run when (helps avoid conflicts with backup, batch prints,etc)

an added downside - you will be responsible for maintaining it, as it is now in root's cron job

Re: Cron

Mel Burslan — Tue, 12 Jul 2005 10:30:01 GMT

Jayson,

As I am not sure if you are running a trusted or untrusted system, I can not tell you the command syntax but if you go to sam and go to user/group administration, and select this user from the list, then got to action menu item, you will see an item like set users security policies. Select that one and you will find the option you are looking for.

Hope this helps

Re: Cron

Jayson B. Hurd — Tue, 12 Jul 2005 10:31:35 GMT

Yikes, it's Solaris. HP is so much better for this!! Solaris is not my choice.

Re: Cron

Mel Burslan — Tue, 12 Jul 2005 10:37:27 GMT

I am not knowledgable in solaris but I think in /etc/default/passwd the following lines exist:

MAXWEEKS=52
WARNWEEKS=2

which in this example means expire password in 52 weeks and give the user 2 weeks advance expiration warning. You can set this value of MAXWEEKS to something obscenely high or if it is like hpux, changing it to 0 may disable expiration totally.

something to investigate...

Re: Cron

Jayson B. Hurd — Tue, 12 Jul 2005 10:55:09 GMT

I see that in the file. However, I only want to change the policy for that one user...

Re: Cron

DCE — Tue, 12 Jul 2005 10:59:57 GMT

If I remember right (at least in the hp world) the password entry for the user in /etc/password file (untrusted system),ends with comma followed by some characters. Delete the comma and following characters - this is the aging portion of the password

Re: Cron

Mel Burslan — Tue, 12 Jul 2005 11:30:18 GMT

As I have indicated I am not even knowledgeable in solaris let alone being an expert but a little googling turned out a document like this:

Title:How to Set Password Aging on a User Account
http://docs.sun.com/app/docs/doc/817-1985/6mhm8o5lt?a=view

As I do not have a decent solaris box under my hand to test it, I hjave no clue if it will work or not, but you may want to glance thru it and see if it serves your purpose.

Re: Cron

Cem Tugrul — Wed, 13 Jul 2005 00:34:02 GMT

/usr/lbin/modprpw -v -m mintm=-1,exptm=-1,expwarn=-1,lftm=-1 $user