Hi
I need to create some local users but then 'disable' that user. I know i can enable and disable the user by using usermod -L and -U but does anyone know if there is a way for me to see the current status of the user? ie locked or unlocked?
thanks
On Tue, Oct 28, 2008 at 7:46 PM, Tom Brown tom@ng23.net wrote:
Hi
I need to create some local users but then 'disable' that user. I know i can enable and disable the user by using usermod -L and -U but does anyone know if there is a way for me to see the current status of the user? ie locked or unlocked?
Can use: passwd -S username
It will give either: username PS 2008-10-28 0 9999 7 -1 (Password set, MD5 Crypt) or when locked: username LK 2008-10-28 0 9999 7 -1 (Password locked)
I'm sure there's other way.
On Oct 28, 2008, at 7:46 AM, Tom Brown wrote:
I need to create some local users but then 'disable' that user. I know i can enable and disable the user by using usermod -L and -U but does anyone know if there is a way for me to see the current status of the user? ie locked or unlocked?
this should get you a list of all the users which have been disabled by means of `usermod -L`:
perl -e 'open($SHADOW, "<", "/etc/shadow") or die( "$!\n" ); while ( < $SHADOW> ) { chomp; print "$1\n" if (/^([^:]*):!{1}[^!:]*:.*$/) } close( $SHADOW );'
you'll need to run it as root. no doubt that regex could be cleaned up a bit :)
-steve
--- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v
this should get you a list of all the users which have been disabled by means of `usermod -L`:
perl -e 'open($SHADOW, "<", "/etc/shadow") or die( "$!\n" ); while ( <$SHADOW> ) { chomp; print "$1\n" if (/^([^:]*):!{1}[^!:]*:.*$/) } close( $SHADOW );'
you'll need to run it as root. no doubt that regex could be cleaned up a bit :)
thanks both - that gives me something to work with
On Tue, 28 Oct 2008, Tom Brown wrote:
I need to create some local users but then 'disable' that user. I know i can enable and disable the user by using usermod -L and -U but does anyone know if there is a way for me to see the current status of the user? ie locked or unlocked?
[herrold@mailhub ~]$ sudo passwd -l archive Locking password for user archive. passwd: Success [herrold@mailhub ~]$ sudo passwd -S archive archive LK 2008-07-15 0 99999 7 -1 (Password locked.) [herrold@mailhub ~]$
see also: man chage
-- Russ herrold
On Tuesday 28 October 2008, R P Herrold wrote:
On Tue, 28 Oct 2008, Tom Brown wrote:
I need to create some local users but then 'disable' that user. I know i can enable and disable the user by using usermod -L and -U but does anyone know if there is a way for me to see the current status of the user? ie locked or unlocked?
[herrold@mailhub ~]$ sudo passwd -l archive Locking password for user archive. passwd: Success [herrold@mailhub ~]$ sudo passwd -S archive archive LK 2008-07-15 0 99999 7 -1 (Password locked.) [herrold@mailhub ~]$
Worth noting is that this locking only refers to password authentication. If the user has a key in his/hers authorized_keys then they will still be able to login.
/Peter
see also: man chage
-- Russ herrold
On Wed, Oct 29, 2008, Peter Kjellstrom wrote:
On Tuesday 28 October 2008, R P Herrold wrote:
On Tue, 28 Oct 2008, Tom Brown wrote:
I need to create some local users but then 'disable' that user. I know i can enable and disable the user by using usermod -L and -U but does anyone know if there is a way for me to see the current status of the user? ie locked or unlocked?
[herrold@mailhub ~]$ sudo passwd -l archive Locking password for user archive. passwd: Success [herrold@mailhub ~]$ sudo passwd -S archive archive LK 2008-07-15 0 99999 7 -1 (Password locked.) [herrold@mailhub ~]$
Worth noting is that this locking only refers to password authentication. If the user has a key in his/hers authorized_keys then they will still be able to login.
I'm not sure that is true. I know if I attempt an ssh login to an account with authorized_keys where no account has been set for the user, the login fails (e.g. accounts created by kickstart for which no password is assigned during installation).
Bill
On Wednesday 29 October 2008, Bill Campbell wrote:
On Wed, Oct 29, 2008, Peter Kjellstrom wrote:
On Tuesday 28 October 2008, R P Herrold wrote:
On Tue, 28 Oct 2008, Tom Brown wrote:
I need to create some local users but then 'disable' that user. I know i can enable and disable the user by using usermod -L and -U but does anyone know if there is a way for me to see the current status of the user? ie locked or unlocked?
[herrold@mailhub ~]$ sudo passwd -l archive Locking password for user archive. passwd: Success [herrold@mailhub ~]$ sudo passwd -S archive archive LK 2008-07-15 0 99999 7 -1 (Password locked.) [herrold@mailhub ~]$
Worth noting is that this locking only refers to password authentication. If the user has a key in his/hers authorized_keys then they will still be able to login.
I'm not sure that is true.
Well I am. Now I've even tried it and on both centos-4 and centos-5 I had no problems authenticating with my public key when my shadow entry started with "!!".
If you truely want to lock an account (all access and use) then you have many things to consider including:
* .ssh/authorized_keys * .forward * crond * atd * running processes ...
/Peter
-
Bill Campbell -
Fajar Priyanto -
Peter Kjellstrom -
R P Herrold -
Steve Huff -
Tom Brown