System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Some clarification on Password aging on Linux servers

bullz
Super Advisor

Some clarification on Password aging on Linux servers

Hi Crew,

Some clarification on Password aging on Linux servers

I have bunch of users, few are already expired, due to this, cron jobs are failing.
Now, I have come to a decision that, all the non-admin users which are present on server should be set to non-expiry and inactive option need to be disabled.

If I set a non-expiry for users (passwd –x -1 username), which are already expired, will it work properly after this?

Also, can I use usermod –f -1 username for inactive? ( inactive = if the user not logged in for some amount of time )

Please post your thoughts for removing password aging on linux servers?

Passwd –x -1 username
Usermod –f -1 username
5 REPLIES
Ivan Ferreira
Honored Contributor

Re: Some clarification on Password aging on Linux servers

chage -I -1 -m 0 -M 99999 -E -1
chage -l

>>> few are already expired, due to this, cron jobs are failing

I did not know that cron jobs fails if the user account is expired.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
P Muralidhar Kini
Honored Contributor

Re: Some clarification on Password aging on Linux servers

Hi Bullz,

>> Please post your thoughts for removing password aging on linux servers?
Refer the following links -
* Linux turn OFF password expiration / aging
http://www.cyberciti.biz/tips/setting-off-password-aging-expiration.html

* 7 Examples to Manage Linux Password Expiration and Aging Using chage
http://www.thegeekstuff.com/2009/04/chage-linux-password-expiration-and-aging/

Hope this helps.

Regards,
Murali
Let There Be Rock - AC/DC
Matti_Kurkela
Honored Contributor

Re: Some clarification on Password aging on Linux servers

Disabling password aging for *all* users because of cron jobs might be a massive overkill, because it's easy to identify the users that have cron jobs configured:

# ls /var/spool/cron/crontabs/

If a user has a cron job configured, there will be a file in this directory: the filename will be equal to the username.

You should always use the "crontab" command to manipulate these files (or else the cron daemon may become confused), but viewing the directory and its files to identify cron job users is certainly possible.

MK
MK
P Muralidhar Kini
Honored Contributor

Re: Some clarification on Password aging on Linux servers

Hi Bullz,

>> Passwd -x -1 username
The -x option is used to set the password lifetime in days.
This however applies only to root.

Check the following link for more details -
http://linux.about.com/od/commands/l/blcmdl1_passwd.htm

>> Usermod -f -1 username

The -f option control when the account gets disabled, once the password gets
expired. Value of 0 means disable immediately. Value of -1 means the feature
is disabled. Note default value is -1.

Check the following link for more details -
http://linux.about.com/od/commands/l/blcmdl8_usermod.htm

The links provided in my previous response should help you manage the
password aging.

Regards,
Murali
Let There Be Rock - AC/DC
bullz
Super Advisor

Re: Some clarification on Password aging on Linux servers

Thanks all