Linux with Operating System Concepts

Download 5,65 Mb.

Pdf ko'rish

bet	136/254
Sana	22.07.2022
Hajmi	5,65 Mb.
	#840170

1 ... 132 133 134 135 136 137 138 139 ... 254

Bog'liq
Linux-with-Operating-System-Concepts-Fox-Richard-CRC-Press-2014

Option
Meaning
-d
day
Set the number of days of when the password was last changed. This is automatically set
when a user changes password, but we can alter the stored value. If never changed, this
date is the number of days since the epoch.
-E
day
Set the day on which the user’s account will become inactive (will expire), specified as a
date (YYYY-MM-DD) or the number of days since the epoch. This option can be used
to provide all accounts with a lifetime. Using
–E –1
removes any previously established
expiration date.
-I
day
Set the number of days of inactivity after a password has expired before the account
becomes locked. Using
–I –1
removes any previously established inactivity date.
-l (lower case L)
Show this user’s password date information.
-M
days
The number of days remaining before the user must change their password. Should be
used with -W.
-m
days
Minimum number of days between which a user is allowed to change passwords. A value
of 0 means that the user is free to change password at any time. If the value is greater
than 0, this limits the user in terms of how often the password can be changed.
-W
days
The number of days prior to when a password must be changed that a warning is issued
to the user to remind them to change passwords. For example, if we use -W 7 -M 28
then the user is contacted in 21 days to remind them that their password needs changing
within the next 7 days.

User Accounts
◾
369
having the one provided by the apg program. We need to inform the user of their initial
password. We will therefore store each randomly generated password in a text file in /root’s
file space.
Given the user account creation script from Section 9.2.3, we would add these three lines
prior to the done statement.
password
=
‘apg –n 1‘
echo $password | passwd --stdin $username
echo “$username $password”
>>
/root/tempPasswords
The first instruction uses apg to generate a single password (the -n option tells apg how
many passwords to generate), storing it in the variable
password
. The passwd command
is interactive. If we were to place
passwd $username
in our script, then executing the
passwd command would pause the script to wait for user input. This negates the ability to
automate the account generation process via a shell script. So, instead, we force passwd to
accept its input from another source. In this case, we use a pipe. First, we
echo $pass-
word
to output the value stored in the variable. We pipe this into the passwd command.
Now, we have to override the default input (keyboard) to instead come from the pipe
(STDIN) by adding the option --stdin.
Finally, we have to make a record of this password so that we can later tell $username
what his or her initial password is. We need to know both the username and the password,
so we output both of these values from the variables storing them ($username and $pass-
word, respectively) and redirect them to the file
/root/tempPasswords
. We use
>>
to
append to this file as we will most likely be creating numerous user accounts.
If you do not want to install apg, you can generate passwords through other mecha-
nisms. The following uses /dev/urandom:
password
=
‘tr –cd '[:alpha:]'
<
/dev/urandom | head –c8‘
echo $password | passwd --stdin $username
echo “$username $password”
>>
/root/tempPasswords
Now, we have a script that can generate numerous user accounts and initial passwords.
In the exercises at the end of this chapter, you will be asked to enhance this script so that
TABLE 9.5
Options for passwd

Download 5,65 Mb.

Do'stlaringiz bilan baham:

1 ... 132 133 134 135 136 137 138 139 ... 254