HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Looking for a mass update script passwd file...remove expiration

 
SOLVED
Go to solution
Mike Keys
Regular Advisor

Looking for a mass update script passwd file...remove expiration

Need to remove password expiration for users in our passwd file, but not all users. Have over 4000 entries in file and we can't convert to trusted system. User names are either a???? or m???? where ? is a numeric digit.

Also, need to know how to set system so that any new user is setup without password aging set.
7 REPLIES
James R. Ferguson
Acclaimed Contributor
Solution

Re: Looking for a mass update script passwd file...remove expiration

Hi Mike:

For the users that you want to turn off password aging, you should be able to do:

# passwd -x -1 name

If you are looking only for user names that begin with an "a" or an "m" followed by all digits, you could do:

# awk -F: '{if ($1~/^[am][0-9]+$/) {print $1}}' /etc/passwd > /tmp/myusers

...if you truly want users with 'a' or 'm' and 4-digits, use:

# awk -F: '{if ($1~/^[am][0-9]{4}$/) {print $1}}' /etc/passwd > /tmp/myusers

Then do:

while read NAME X
do
passwd -x -1 ${NAME}
done < /tmp/myusers

...to disable the aging.

I suggest you examine the '/tmp/myusers' file before you set the aging criteria to make sure it truly contains what you want.

Regards!

...JRF...
Mike Keys
Regular Advisor

Re: Looking for a mass update script passwd file...remove expiration

Thanks James. I'll give that a shot.
Mike Keys
Regular Advisor

Re: Looking for a mass update script passwd file...remove expiration

Had a couple of errors.

1. Was told the -x option is not available using /sbin/passwd. Must invoke /bin/passwd to use options.

2. Received this error when running the command /bin/passwd -x -1 ${NAME}

"Invalid argument to option -x"

Any suggestions?
Mike Keys
Regular Advisor

Re: Looking for a mass update script passwd file...remove expiration

man pages show only the following as available commands/options to use with /bin/passwd:

passwd [name]

passwd -r files [-F file] [name]

passwd -r files [-e [shell]] [-gh] [name]

passwd -r files -s [-a]

passwd -r files -s [name]

passwd -r files [-d|-l] [-f] [-n min] [-w warn] [-x max] name

passwd -r nis [-e [shell]] [-gh] [name]

passwd -r nisplus [-e [shell]] [-gh] [-D domain] [name]

passwd -r nisplus -s [-a]

passwd -r nisplus -s [-D domain] [name]

passwd -r nisplus [-l] [-f] [-n min] [-w warn] [-x max] [-D domain]
name

passwd -r dce [-e [shell]] [-gh] [name]
Olivier Masse
Honored Contributor

Re: Looking for a mass update script passwd file...remove expiration

IIRC option "-x -1" is undocumented but "-x" alone usually is. What version of HP-UX are you runing? I can confirm it works in 11.23 and 11.31. Maybe -x works only with shadow passwords.

Olivier.
OldSchool
Honored Contributor

Re: Looking for a mass update script passwd file...remove expiration

it appears it doesn't like "-1", so try 0 (zero). one or the other should work from 11.0 up, or if you've got "min" and / or "warn" you may need to set those as well.

Brute force method would be to, in the password field of /etc/passwd, remove everything from the comma to the right, as in:

dum_test:asdasda,asdfa:123:....

would become:

dum_test:asdasda:123:....

which removes all the aging/expiration. could be scripted. could also be deadly if not done right
Mike Keys
Regular Advisor

Re: Looking for a mass update script passwd file...remove expiration

Thanks for the responses. We are running 11.11 and the -1 is not an option. Using -x 0 will make the user change their password I believe, but it would not expire after that. We don't want to go this route either.

I have some folks that we work with looking at scripting this to remove the password aging information on those subset of users from our passwd file. This seems to be the only surefire way of doing it.