General :: Disable - Non-root Shell Command To Find If A User Account Is Enabled Or Not?
Aug 10, 2011
Is there a non-root shell command that can tell me if a user's account is disabled or not? note that there is a fine distinction between LOCKING and DISABLED:
LOCKING is where you prepend ! or * or !! to the password field of the /etc/passwd file. On Linux systems that shadow the passwords, this marker flag may be placed in /etc/shadow instead of /etc/passwd. Password locking can be done (at a shell prompt) via password -l username (as root) to lock the account of username, and the use of the option -u will unlock it.
DISABLING an account is done by setting the expiration time of the user account to some point in the past. This can be done with chage -E 0 username, which sets the expiration date to 0 days after the Unix epoch. Setting it to -1 will disable the use of the expiration date.
The effect of locking to to prevent the login process from using a supplied password to hash correctly against the saved hash (by virtue of the fact that the pre-pended marker character(s) are not valid output character(s) for the hash, thus no possible input can ever be used to generate a hash that would match it). The effect of disabling is to prevent any process from using an account because the expiration date of the account has already passed.For my situation, the use of locking is not sufficient because a user might still be able to login, e.g. using ssh authentication tokens, and processes under that user can still spawn other processes. Thus, we have accounts that are enabled or disabled, not just locked. We already know how to disable and enable the account - it requires root access and the use of chage, as shown above.To repeat my question: is there a shell command which can be run without root privileges which can output the status of this account expiration info for a given user? this is intended for use on a Red Hat Enterprise 5.4 system.The output is being returned to a java process which can then parse the output as needed, or make use of the return code.
I wrote a small script that gets me the list of enabled system accounts in my system.
I figure '*' & '!' (in field #2 of /etc/shadow) mean that the account is disabled or they cannot login, hence 'safe-to-ignore'
Code: IFS=$' ' for i in `cat /etc/passwd` #get each line in the passwd file do var1=`echo $i | cut -d':' -f3` #get user ID field if [ $var1 -lt 500 ] && [ $var1 -gt 0 ] #compare to extract relevant IDs
BTW i figure the following command gives me the list of system users, but i am not able to find a way to process it further... :-(
On a Fedora Core box, I have a normal non-privileged user and I also have sole access to the root account. Because I am the only administrator of this box, I frequently su over to root for administrative tasks. The problem is that many of the user configuration I've become accustomed to are only configured on my day-to-day account (.vimrc, .bashrc, .screenrc, etc). Other than giving my day-to-day user account privileges to perform administration tasks, how would I go about sharing configuration between these two accounts?
I need sudo for www (apache) user to run a shell script('ip.sh' contains iptables rules) from cgi-bin directory via browser using a per script. I edit sudoers( www ALL=(ALL) NOPASSWD: ALL ),but when run the bellow command that's with err:
# sudo -u www sh /srv/www/cgi-bin/ip.sh
iptables v1.4.4: can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. And:
I'm relatively experienced with UNIX and Linux, but this has me thrown for quite a loop, and it seemed like such a simple question. How would I go about finding the newest file in a file system? I thought something like:
ls -ltr `find /usr -type f`
would work, but I seem to be exceeding the argument maximum for ls:
ksh: 0403-029 There is not enough memory available now
I thought something involving xargs might work, but I really suck with that command.
So, i've a little question. I have a Linux Red Hat 5.1 System wich has a programm that needs to be started as a user -> usera .When i reboot the server, how can i make it possible to run a command in the shell as usera user?Someone told me, that this is not possible to make an autostart entry because this works only with the root account?!What i want its simple.- Command -> startprg need's to be started as user usera automatically after an automated reboot of the red hat linux
A while back I don't know what I did but I messed up my root user account and now the password that I think is supposed to be for the account doesn't work anymore.In an attempt to fix it I rebooted and went into recovery mode and then edited the sudoers file. This appears to have been good enough to be me by but now I'm running into problems installing or changing configurations in gnome. For example, I just installed Asterisk via the terminal the other day and had no problems because I could use sudo. But just now I tried installing Gastman via the Ubuntu Software Center and of course it asked for the root password.I entered my usual root password when I use sudo and it doesn't work.
I then went to the terminal and entered sudo apt-get install gastman and it worked fine becuase I used my sudo password for my account. So it seems I can do things just fine via the terminal but when in gnome it doesn't work. I went into the Users and Groups section in Gnome to attempt to set or change the root password but of course I have to unlock the application which requires the root password.
I want to have a choice or more preferable pass shell as command line argument when I ssh to an linux account.i.e. If John logs in to account "zzz" on server "abc", by default definition of account "zzz" n server "abc" he get csh.But Sally desires that when she logs in to account "zzz" on server "abc", she needs the login shell to be ksh,and Rick wants bash when he logs in to account "zzz" on server "abc".What is the most non-intrusive / easiest way to achieve this? Each user can set their preference on ssh command line or create a simple alias by each shell, but not sure how to do this.
Is there a way to grant 'root' privileges to my user account? My account name ... I'll call it 'masterskop' as it is my forum name here, but not on my computer.Would it look like this in the sudoers' file?My purpose is to get access to all the folders and files in the 'File System'. The root and lost+found folders have 'Xs' on them...No access! And for example, under properties of the 'var' folder it states that 'you are not the owner, so you cannot change these permissions.' How can I get access to all of it everytime I login as the main user of my computer? I do not have anyone else using this computer.I did edit this file and used my real user name ... logged out and logged back in and still I do not have access/edit these folders and files.
I recently made a computer for someone who decided to get a new one instead.. so i thought i'd make a server out of it lk i had it before. so i deleted their account (while on their account) and made me an account.. but now when i try to login to my account it's.. not there? such as when i type my username and pass it says i entered an invalid user/pass. any idea how i can get my user accounts back or atleast logon to this system? i know the root password if there's any way i can login under the root account.
I have lost my password for my root and for my user account.
Code: Select alluser@debian:~$ su Password: su: Authentication failure user@debian:~$ su Password: su: Authentication failure user@debian:~$ su
I have just installed a gust debian 8 on debian 8 host in virtualbox, and when i wonted too login as su/root on the host there where no login possible, is there a way to regain the root password for the host?
My install of 11.4 has been running perfectly for for several weeks now. But- (always a but) today it started acting up. I cannot log in to any user account including Root after logging out. After a cold boot I can log in again anywhere but after logging out I have to reboot again then I can get back in to any account once. After logging out any attempted log in causes the splash screen to blank for a few seconds and then it comes back with the previous successful user name log in but typing in the password blanks the screen a few seconds again. Clicking on a user account also blanks the screen a few seconds and then it again comes back with the previous log in users name.
I just installed opensuse 11.1 with only the standard user account, not root account. Therefore, my question is regarding this ... is safe running linux with no root account? Should I create a root account for adminstrative purposes? If so, how can I do that?
I'm looking for a script that can do two things: (1) determine the shortname of the user with the largest account in /Users and (2) look up their full/long name. I'm going to use this script to help identify who the user on a computer and while I know that's possible that a sometime-user may have a larger account than the normal-user on any given computer, the results of a script should be sufficient in most cases for my needs.I'm not sure the best way to around this. I know that can use "du -m -d1 /Users" as root:
root on torchwood [ ~ ]$ du -m -d1 /Users 157 /Users/admin
When I log on a root and attempt to issue the command Freshclam to upgrade the virus definitions it attempts or create a new file with a definition name. I get a message stating that the directory isnt writable. The user and group access rights are as follows:
USER = read, write, execute Group = read, write, execute All= read, execute.
The only way I can get around this is by applying a 777 which would be read, write and execute for all. Now, I have a group define with several user ids in it including Root.How do I connect the group with the directory/file so I dont have to apply a 777 access right to group users could issue the Freshclam command.
I manage to get my mobile broadband working (connected, I mean) in both root & user account. However, my web browser, IM etc only work in root account.In user, knetworkmanager does show that my Huawei E160G is working fine, connected but I still can't surf the net & chat. I've included the dialout & uucp group for user account but that still doesn't resolve the problem