HPE Community
Operating System - HP-UX
1836673 Members
3722 Online
110108 Solutions
New Discussion

deactivate a users via script

 
Penni Nussbaum
Frequent Advisor

‎03-07-2001 12:56 PM

‎03-07-2001 12:56 PM

deactivate a users via script

I would like to deactivate users via a script. I will be checking to see if they have logged in the past 90 days. If not I would like the script to deactivate the user. I know I would manually place a "*" in the password field of the password file. How would I do this in a script?
0 Kudos
Reply
5 REPLIES 5
Rodney Hills
Honored Contributor

‎03-07-2001 01:19 PM

‎03-07-2001 01:19 PM

Re: deactivate a users via script

Within the script, if $user is the user to deactivate.

EDITOR=/usr/bin/ed
echo "/^${user}:\ns/:[^:]*:/:*:/\nw\nq" | vipw

There be dragons...
0 Kudos
Reply
Tom Danzig
Honored Contributor

‎03-07-2001 01:26 PM

‎03-07-2001 01:26 PM

Re: deactivate a users via script

If this is NOT a trusted system, you could do something like:

awk -v user=name_of_user -F: 'BEGIN{OFS=":"}{if($1==user){$2="*"}{print $0}}' /etc/passwd

to replace the password with a "*" in the password file.

If the system is trusted, use /usr/lbin/modprpw to deactivate the accout.
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎03-07-2001 01:40 PM

‎03-07-2001 01:40 PM

Re: deactivate a users via script

To elaborate.

The vipw command will establish a logical lock on /etc/passwd (other people can't make changes through the standard tools,like /usr/bin/passwd).

setting EDITOR to /usr/bin/ed will call ed to edit /etc/passwd when vipw is run.

The echo command sends the simple ed commands to search for that user and replace the password field with "*".

If this is a trusted system (or uses NIS) then other methods will need to be employed.

I liked vipw because it makes sure that /etc/passwd is not changed while it is being editted.
There be dragons...
0 Kudos
Reply
Bruce Regittko_1
Esteemed Contributor

‎03-08-2001 08:49 AM

‎03-08-2001 08:49 AM

Re: deactivate a users via script

Hi,

Better yet,

passwd -l $username

where $username is a variable containing the name of the account to be locked (or deactivated). With this, you won't have to worry about locking the /etc/passwd file.

--Bruce
www.stratech.com/training
0 Kudos
Reply
Joseph A Benaiah_1
Regular Advisor

‎03-10-2001 11:17 AM

‎03-10-2001 11:17 AM

Re: deactivate a users via script

If your system is not trusted:

passwd -l ${user_id}

If it is trusted:

/usr/lbin/getprpw -r -m lockout ${user_id}
/usr/lbin/modprpw -k ${user_id}

Regards,

Joseph.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.