Re: expire user accounts

matthew mills · ‎05-03-2004

I want to expire users acount within a range of user ID's. say for example from ID 100-200. could you show me a easy way to do this. SAM is not it! lol.

Thanks in advance.

Marvin Strong · ‎05-03-2004

when you say expire, do you mean to force them to change their passwd, or lock the account?

matthew mills · ‎05-03-2004

force them to change there password.

Sundar_7 · ‎05-03-2004

You can do it with modprpw - I know a way of doing it with the user names.

typeset -i MIN=100
typeset -i MAX=200
typeset -i UID
UID=$MIN
while [[ $UID -le MAX ]]
do
USR=$(grep ":$UID:" /etc/passwd | awk -F: '{print $1}')
/usr/lbin/modprpw -e $USR
(( UID=UID+1 ))
done

I am sure people will come up with a better way of doing this :-)

Learn What to do ,How to do and more importantly When to do ?

A. Clay Stephenson · ‎05-03-2004

INFILE=/etc/passwd
typeset -i10 LO_UID=100
typeset -i10 HI_UID=200

awk -F ":" '{print $1,$3}' ${INFILE} | while read USER UID
do
if [[ ${UID} -ge ${LO_UID} && ${UID} -le ${HI_UID} ]]
then
echo "User: ${USER} UID: ${UID}"
passwd -f ${USER}
fi
done

I would comment out the passwd -f command until you get the command like you want it.

If it ain't broke, I can fix that.

Marvin Strong · ‎05-03-2004

you can do that with passwd -f

example:
passwd -f mstrong

would force me to change my passwd on the next login.

you could write a loop around that command for the users you want to change.

UID=100
while [ $UID -lt 200 ]
do
UNAME=`grep $UID /etc/passwd | awk -F: '{print $1}'`
UID=$(($UID+1))
passwd -f $UNAME
done

something like that should work.
I didn't test this but that should get ya started.

Marvin Strong · ‎05-03-2004

Be warned that mine uses grep so it is possible the pattern may match something not in the range you want.

The others are clearly better.

A. Clay Stephenson · ‎05-03-2004

Simply doing a grep ${UID} is dangerous since that will match the UID anywhere within the passwd line -- you want to match ONLY the 3rd (UID) field.

If it ain't broke, I can fix that.

Marvin Strong · ‎05-03-2004

yeah, realized after I posted, that grep was probably not a good solution.

generic_1 · ‎05-03-2004

After you have locked all of those user accounts you may want to check them with the
/usr/lbin/getprpw Username
The binary number at the end of the string shows the account is locked if it is anything but all zeros and if you reference those numbers against the command's man page you can even see the reason the account was locked. Also by chance if you ever want to unlock those accounts try
/usr/lbin/modprpw -k Username
Have Fun!

generic_1 · ‎05-03-2004

One other note modprpw and getprpw commands will only work if your system is Trusted. If it is not trusted you may want to consider doing a tsconvert because trusted is more secure. Be sure and do a backup before starting :). If you are not running trusted then you will have to user passwd. Note that the options avaiabable between 10.20 and 11/11i will var if your systems are not trusted.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: expire user accounts

expire user accounts