Which file in linux contains account expiry info

Latest response

The info generated by chage -l username gives a line of output that says "account expires --__" . This very entry is stored in which file as password ageing info is stored in /etc/login.defs , but there isn't any entry regarding this account expiry.

YG
Log in to join the conversation

Responses

SM Guru 3731 points
29 August 2018 10:13 AM

Hi Yogesh,

Those details get stored in /etc/shadow file by default.

The file “/etc/shadow” stores user encrypted password & aging details as nine colon-separated fields:

name : password : lastchange : minage : maxage: warning : inactive : expire : blank

Details about each field :

name: This field stores user login name.

password: This stores encrypted user password. If this column starts with an exclamation mark “!” then it notifies that the account has been locked.

lastchange (-d): The last password change date, shown as number of days since 1970.01.01

Minage (-m): The minimum number of days before a password must be changed. If this is “0” then it indicates that there is no minimum age requirement. 

maxage (-M): The maximum number of days before a password must be changed. 

warning (-W): This indicates number of days a warning message to be displayed regarding password expiration.  If this is zero “0” means no warning to be displayed. 

inactive (-I): The number of days an user account remains active after password expired. During this tenure, a user could login and change the password. After this time frame an user account becomes inactive and locked out.

expire (-E): This indicates user account expiration date, shown as number of days since 1970,01,01.

blank: This field is reserved for future use.

I hope this helps.

All the best!

YG Community Member 20 points
30 August 2018 7:13 AM

Hi Sadashiva,

Thank you for the information above. This is really to the point and descriptive.

YG Community Member 20 points
30 August 2018 8:11 AM

Hi Sadashiva, Now I have a new question. If you could know me where the defaults for these fields are stored. Like when a user is created by default it gets a value of 1777? in the lastchange field and the maxage as 99999. So it must be defined in some file. Well login.defs isn't the file that I'm sure about. Can you please let me know the exact file.

Thomas Jones's picture Guru Community Member 3711 points
30 August 2018 10:25 PM

Per the man page:

sp_lstchg - days since Jan 1, 1970 password was last changed

Which means that, if you're seeing 17770 as that field's value, their password was last changed on August 27th of this year.

SM Guru 3731 points
30 August 2018 10:26 AM

Well, the defaults related to password aging are set in '/etc/login.defs' file :

[root@ansiblehost ~]# awk '/Password aging controls/,/^PASS_WARN_AGE/' /etc/login.defs
# Password aging controls:
#
#       PASS_MAX_DAYS   Maximum number of days a password may be used.
#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
#       PASS_MIN_LEN    Minimum acceptable password length.
#       PASS_WARN_AGE   Number of days warning given before a password expires.
#
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7

Other than this, there is 'umask' that is defined and that parameter is self explanatory.

# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK           077

The above commented out sections says that if this is not (umask) set then it defaults to the one that is defined in /etc/profile (for login shell) & /etc/bashrc (for non login shell) files.

/etc/profile

# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
    umask 002
else
    umask 022
fi

/etc/bashrc

   # By default, we want umask to get set. This sets it for non-login shell.
    # Current threshold for system reserved uid/gids is 200
    # You could check uidgid reservation validity in
    # /usr/share/doc/setup-*/uidgid file
    if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
       umask 002
    else
       umask 022
    fi

So, if there is a need to change the default umask for a specific user then this can be set in ' .bash_profile' file under user's home directory:

[root@ansiblehost test]# su - test
[test@ansiblehost ~]$ umask
0002
[test@ansiblehost ~]$ logout
[root@ansiblehost test]# vi /home/test/.bash_profile
[root@ansiblehost test]# su - test
Last login: Thu Aug 30 06:19:11 EDT 2018 on pts/0
[test@ansiblehost ~]$ umask
0022

Please take a loot at the defaults defined /etc/login.defs file:

[root@ansiblehost ~]# egrep -v '^#|^$' /etc/login.defs
MAIL_DIR        /var/spool/mail
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7
UID_MIN                  1000
UID_MAX                 60000
SYS_UID_MIN               201
SYS_UID_MAX               999
GID_MIN                  1000
GID_MAX                 60000
SYS_GID_MIN               201
SYS_GID_MAX               999
CREATE_HOME     yes
UMASK           077
USERGROUPS_ENAB yes
ENCRYPT_METHOD SHA512

Also, you may like to check this as well:

[root@ansiblehost ~]# cat /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

I hope this helps.

YG Community Member 20 points
31 August 2018 6:42 AM

Hi Sadashiva, By all these explanations I got to know that when a user is created the defaults set to it are defined in two files 1. /etc/login.defs 2. /etc/default/useradd I hope I didn't get wrong info, if so correct me and even if any other files is included in setting defaults for a user when it's created, please let me know.

Anyways thanks a lot for this "/etc/defaults/useradd" info. Thanks you :) .

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.