리눅스에서 사용자 비밀번호 만료일 설정 해보기
- Operating System
- 2010. 3. 4.
리눅스에서 사용자 비밀번호 만료일 설정 해보기
일괄적으로 만료일을 지정해줄 수 있고
개별 사용자에게도 지정해줄 수 있습니다.
/etc/login.defs 파일을 수정 - 일괄적용
chage 사용자명 - 개별적용
[root@vash ~]# cat /etc/login.defs
저 파일에서
# *REQUIRED*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
# QMAIL_DIR is for Qmail
#
#QMAIL_DIR Maildir
MAIL_DIR /var/spool/mail 이거는 메일 디렉토리
#MAIL_FILE .mail
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999 사용 최대 기간(죽을 때 까지 사용하라는 내용 같구만용)
PASS_MIN_DAYS 0 사용 최소 기간
PASS_MIN_LEN 5 계정 잠그기 까지 비활성화 기간
PASS_WARN_AGE 7 경고메시지 날리는 기간
이 부분을 적당히 수정해주면 새로 생성되는 사용자의 비밀번호 만료일을 일괄적으로 설정할 수 있겠네요...
#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 500
UID_MAX 60000
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 500
GID_MAX 60000
#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local
#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME yes
# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK 077
# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes
# Use MD5 or DES to encrypt password? Red Hat use MD5 by default.
MD5_CRYPT_ENAB yes
[root@vash ~]#
[root@vash ~]# chang stest1
-bash: chang: command not found
[root@vash ~]# chage stest1
stest1ì˜ ì‚¬ìš©ê¸°í•œ ì •ë³´ë¥¼ 바꿉니다
새로운 ê°’ì„ ë„£ê±°ë‚˜, ê¸°ë³¸ê°’ì„ ì›í•˜ì‹œë©´ 엔터를 치세요
ì—´ì‡ ê¸€ì˜ ìµœì†Œ ìœ íš¨ 기간 [0]:
[root@vash ~]# unset LANG
[root@vash ~]# chage stest1
Changing the aging information for stest1
Enter the new value, or press ENTER for the default
Minimum Password Age [0]:
Maximum Password Age [99999]:
Last Password Change (YYYY-MM-DD) [2010-03-04]:
Password Expiration Warning [7]:
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
[root@vash ~]#
[root@vash ~]#
[root@vash ~]# chage --help
Usage: chage [options] user
Options:
-d, --lastday LAST_DAY set last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximim number of days before password
change to MAX_DAYS
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
[root@vash ~]# man chage
CHAGE(1) User Commands CHAGE(1)
NAME
chage - change user password expiry information
SYNOPSIS
chage [options] user
DESCRIPTION
The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to
determine when a user must change his/her password.
OPTIONS
The options which apply to the chage command are:
-d, --lastday LAST_DAY
Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the
format more commonly used in your area).
-E, --expiredate EXPIRE_DATE
Set the date or number of days since January 1, 1970 on which the user's account will no longer be accessible. The date may also be expressed in the
format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the system administrator before being
able to use the system again.
Passing the number -1 as the EXPIRE_DATE will remove an account expiration date.
-h, --help
Display help message and exit.
-I, --inactive INACTIVE
Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of days of
inactivity. A user whose account is locked must contact the system administrator before being able to use the system again.
Passing the number -1 as the INACTIVE will remove an account's inactivity.
-l, --list
Show account aging information.
-m, --mindays MIN_DAYS
Set the minimum number of days between password changes to MIN_DAYS. A value of zero for this field indicates that the user may change his/her password
at any time.
-M, --maxdays MAX_DAYS
Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to
change his/her password before being able to use his/her account. This occurrence can be planned for in advance by use of the -W option, which provides
the user with advance warning.
Passing the number -1 as MAX_DAYS will remove checking a password's validity.
-W, --warndays WARN_DAYS
Set the number of days of warning before a password change is required. The WARN_DAYS option is the number of days prior to the password expiring that
a user will be warned his/her password is about to expire.
If none of the options are selected, chage operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the
new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of [ ] marks.
NOTE
The chage program requires a shadow password file to be available.
The chage command is restricted to the root user, except for the -l option, which may be used by an unprivileged user to determine when his/her password
or account is due to expire.
FILES
/etc/passwd
User account information.
/etc/shadow
Secure user account information.
EXIT VALUES
The chage command exits with the following values:
0 success
1 permission denied
2 invalid command syntax
15 can't find the shadow password file
SEE ALSO
passwd(5), shadow(5).
User Commands 06/25/2006 CHAGE(1)