[Pkg-shadow-devel] Bug#562221: manpages of passwd and usermod report wrong instructions about locking accounts
legovini at spiro.fisica.unipd.it
Wed Dec 23 21:48:56 UTC 2009
I found that the manpages of passwd and usermod report a non-working
procedure about how to lock accounts.
>From `man passwd':
Note that this does not disable the account. The user may still be
able to login using another authentication token (e.g. an SSH key).
To disable the account, administrators should use usermod
--expiredate 1 (this set the account´s expire date to Jan 2, 1970).
and, from `man usermod':
Note: if you wish to lock the account (not only access with a
password), you should also set the EXPIRE_DATE to 1.
However, `usermod -e 1 <username>' does not set the expiraton date to
Jan 2, 1970 (1970-01-01 + 1day), but to the current date. This means
that the account won't be locked until the next day (this is the real
Ubuntu behaves differently, there `passwd -L' locks the password AND the
account by setting the expiration date to Jan 2, 1970. I think that this
might be a good way to implement account locking, and there'e no need to
mention 'usermod -e 1` in the manpages (or it must be fixed).
Hope this helps.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 126.96.36.199 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages passwd depends on:
ii debianutils 3.2.2 Miscellaneous utilities specific t
ii libc6 2.10.2-2 GNU C Library: Shared libraries
ii libpam-modules 1.1.0-4 Pluggable Authentication Modules f
ii libpam0g 1.1.0-4 Pluggable Authentication Modules l
ii libselinux1 2.0.89-4 SELinux runtime shared libraries
passwd recommends no packages.
passwd suggests no packages.
-- no debconf information
More information about the Pkg-shadow-devel