FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 10-28-2008, 11:53 AM
Tom Brown
 
Default Checking if a user is 'Disabled'

this should get you a list of all the users which have been disabled
by means of `usermod -L`:


perl -e 'open($SHADOW, "<", "/etc/shadow") or die( "$!
" ); while (
<$SHADOW> ) { chomp; print "$1
" if (/^([^:]*):!{1}[^!:]*:.*$/) }
close( $SHADOW );'


you'll need to run it as root. no doubt that regex could be cleaned
up a bit


thanks both - that gives me something to work with

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-28-2008, 01:39 PM
R P Herrold
 
Default Checking if a user is 'Disabled'

On Tue, 28 Oct 2008, Tom Brown wrote:

I need to create some local users but then 'disable' that user. I know i can
enable and disable the user by using usermod -L and -U but does anyone know
if there is a way for me to see the current status of the user? ie locked or
unlocked?

[herrold@mailhub ~]$ sudo passwd -l archive
Locking password for user archive.
passwd: Success
[herrold@mailhub ~]$ sudo passwd -S archive
archive LK 2008-07-15 0 99999 7 -1 (Password locked.)
[herrold@mailhub ~]$

see also: man chage

-- Russ herrold
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-29-2008, 10:06 AM
Peter Kjellstrom
 
Default Checking if a user is 'Disabled'

On Tuesday 28 October 2008, R P Herrold wrote:
> On Tue, 28 Oct 2008, Tom Brown wrote:
> > I need to create some local users but then 'disable' that user. I know i
> > can enable and disable the user by using usermod -L and -U but does
> > anyone know if there is a way for me to see the current status of the
> > user? ie locked or unlocked?
>
> [herrold@mailhub ~]$ sudo passwd -l archive
> Locking password for user archive.
> passwd: Success
> [herrold@mailhub ~]$ sudo passwd -S archive
> archive LK 2008-07-15 0 99999 7 -1 (Password locked.)
> [herrold@mailhub ~]$

Worth noting is that this locking only refers to password authentication. If
the user has a key in his/hers authorized_keys then they will still be able
to login.

/Peter

> see also: man chage
>
> -- Russ herrold
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-29-2008, 03:39 PM
Bill Campbell
 
Default Checking if a user is 'Disabled'

On Wed, Oct 29, 2008, Peter Kjellstrom wrote:
>On Tuesday 28 October 2008, R P Herrold wrote:
>> On Tue, 28 Oct 2008, Tom Brown wrote:
>> > I need to create some local users but then 'disable' that user. I know i
>> > can enable and disable the user by using usermod -L and -U but does
>> > anyone know if there is a way for me to see the current status of the
>> > user? ie locked or unlocked?
>>
>> [herrold@mailhub ~]$ sudo passwd -l archive
>> Locking password for user archive.
>> passwd: Success
>> [herrold@mailhub ~]$ sudo passwd -S archive
>> archive LK 2008-07-15 0 99999 7 -1 (Password locked.)
>> [herrold@mailhub ~]$
>
>Worth noting is that this locking only refers to password authentication. If
>the user has a key in his/hers authorized_keys then they will still be able
>to login.

I'm not sure that is true. I know if I attempt an ssh login to
an account with authorized_keys where no account has been set for
the user, the login fails (e.g. accounts created by kickstart for
which no password is assigned during installation).

Bill
--
INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186

The Income Tax has made more Liars out of American people than Golf has.
Will Rogers
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-30-2008, 08:20 AM
Peter Kjellstrom
 
Default Checking if a user is 'Disabled'

On Wednesday 29 October 2008, Bill Campbell wrote:
> On Wed, Oct 29, 2008, Peter Kjellstrom wrote:
> >On Tuesday 28 October 2008, R P Herrold wrote:
> >> On Tue, 28 Oct 2008, Tom Brown wrote:
> >> > I need to create some local users but then 'disable' that user. I know
> >> > i can enable and disable the user by using usermod -L and -U but does
> >> > anyone know if there is a way for me to see the current status of the
> >> > user? ie locked or unlocked?
> >>
> >> [herrold@mailhub ~]$ sudo passwd -l archive
> >> Locking password for user archive.
> >> passwd: Success
> >> [herrold@mailhub ~]$ sudo passwd -S archive
> >> archive LK 2008-07-15 0 99999 7 -1 (Password locked.)
> >> [herrold@mailhub ~]$
> >
> >Worth noting is that this locking only refers to password authentication.
> > If the user has a key in his/hers authorized_keys then they will still be
> > able to login.
>
> I'm not sure that is true.

Well I am. Now I've even tried it and on both centos-4 and centos-5 I had no
problems authenticating with my public key when my shadow entry started
with "!!".

If you truely want to lock an account (all access and use) then you have many
things to consider including:

* .ssh/authorized_keys
* .forward
* crond
* atd
* running processes
...

/Peter
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 03:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org