Password ageing script problem !!!

kpatel786 — Tue, 26 Jan 2010 17:33:24 GMT

I have a standard password aging script on our hpux boxes. The script sends mail when the password aging is less then 9 days.

Problem:- I have amended mailx command in towards the end. The script is sending multiple mails since the script has for loop in it.
It sends mail as many mails as per the users in the userlist and appends the users name in the corresponding mail

Below is the script:

#!/usr/bin/sh
# Show users in a trusted system whose passwords are about to expire
# Reset the u_succhg (spwchg) last successful password change time

set -u
PATH=/usr/bin:/usr/sbin:/usr/lbin
HOST=`uname -n`
REPORT_FILE="/var/tmp/user_expiry_dba.rpt"

echo "\n`date`\n\n" > $REPORT_FILE

integer exp_time
integer exp_date
integer current_time
integer last_change
integer time_left
integer days_left
integer seconds_per_day=86400
integer system_wide_aging
integer user_aging

NOTTRUSTED=/sbin/true
if [ -x /usr/lbin/modprpw ]
then
modprpw 1> /dev/null 2>&1
if [ $? -eq 2 ]
then
NOTTRUSTED=/sbin/false
fi
fi

if $NOTTRUSTED
then
print "\n This system is not a Trusted System"
exit 1
fi

system_wide_aging=$(/usr/lbin/getprdef -r -m exptm)
if [ $system_wide_aging -eq 0 ]
then
print "System wide password aging is disabled on $HOST.\n"
fi

system_wide_aging=$(/usr/lbin/getprdef -r -m exptm)
if [ $system_wide_aging -eq 0 ]
then
print "System wide password aging is disabled on $HOST.\n"
else
print "System wide password aging is enabled on $HOST.\n"
fi

for USER in $(cat /sysadmin/scripts/user_list_dba)
do
user_aging=$(/usr/lbin/getprpw -r -m exptm $USER)
if [ $user_aging -eq "0" ]
then
print "\nUser $USER does not have password aging enabled."
continue
fi

if [ $system_wide_aging -eq 0 ]
then
if [ $user_aging -eq "-1" ]
then
print "\nUser $USER does not have password aging enabled."
continue
fi
fi

U=$(echo $USER|cut -c 1)

exp=$(logins -x -l $USER | tail -1 | awk '{print $4}')
((exp_time = exp * 86400))
current_time=$(/sysadmin/scripts/time)

passwd_changed=$(grep u_succhg /tcb/files/auth/$U/$USER)
if [ $? = 1 ]
then
echo "User $USER : password expired\n\n" >> $REPORT_FILE
print "\nUser $USER does not have valid last successful password"
print "change date. This can happen if tsconvert is used on"
print "the command line to convert the system, instead of SAM."
continue
fi

last_change=$(grep u_succhg /tcb/files/auth/$U/$USER | \
awk -F "u_succhg#" ' {print $2}' |\
awk -F ":" ' {print $1}' )

((exp_date = last_change + exp_time))
((time_left = exp_date - current_time))
((days_left = time_left / seconds_per_day))

last_change_date=$(getprpw -r -m spwchg $USER)
expire_date=$(echo 0d${exp_date}=Y | adb -o | cut -c 17-27)

# if [ $days_left -gt 1 ]

if [ $days_left -lt 9 ]
then
print "User $USER on $HOST has $days_left days left until password expires."
print "User $USER on $HOST last changed the password on: $last_change_date."
print "User $USER on $HOST - password will expire on: $expire_date.\n"
echo "User $USER : password will expire on $expire_date\n\n" >> $REPORT_FILE
MAILTO="kamshiv@rediffmail.com"
# mailx -s "CGHRPRODDB Password_Status" $MAILTO < $REPORT_FILE
read
echo "Sending mail"
mailx -s "TESTING PLEASE IGNORE" $MAILTO < $REPORT_FILE
echo "Mail sent"
read
else
print "User $USER: password will expire within one day.\n"
echo "User $USER : password expired\n\n" >> $REPORT_FILE
echo "Sending mail"
MAILTO="kamshiv@rediffmail.com"
mailx -s "TESTING PLEASE IGNORE" $MAILTO < $REPORT_FILE
echo "Mail sent"

# modprpw -l -v $USER
fi
done

Kindly assist with your inputs.

Re: Password ageing script problem !!!

Steven E. Protter — Tue, 26 Jan 2010 18:03:52 GMT

Shalom,

Take a look at this:

http://hpux.ws/mailfile2

Write your script output to a file or the email body set by this script. Then you can attach the report if you want.

This is a production script.

If you want debug help on your script, then please provide the error message.

Your problem may also be solved by running your user list through sort -u (unique)

Otherwise its a loop control issue and you will need to put write statements to find out which loop condition is not working as expected, resulting in multiple mails.

SEP

Re: Password ageing script problem !!!

James R. Ferguson — Tue, 26 Jan 2010 18:10:52 GMT

Hi:

Move your 'mailx' to after the 'done' of the loop; that is, after all users have been examined.

Regards!

...JRF...

topic Password ageing script problem !!! in Operating System - HP-UX

Password ageing script problem !!!

Re: Password ageing script problem !!!

Re: Password ageing script problem !!!