Bug 169354
| Summary: | passwd(5) manual incorrectly documents password-change/account-expire features | ||
|---|---|---|---|
| Product: | Documentation | Reporter: | Devin Teske <dteske> |
| Component: | Books & Articles | Assignee: | Benjamin Kaduk <bjk> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
Responsible Changed From-To: freebsd-doc->bjk take Author: bjk (doc committer) Date: Mon Jun 25 22:39:37 2012 New Revision: 237581 URL: http://svn.freebsd.org/changeset/base/237581 Log: Explicitly mention that setting the change and expiry times to zero is equivalent to leaving the time unset. [1] Wordsmith in the compat support section. Use a full path to nologin(8) in the context of setting it as a user's shell, keeping a separate cross-reference. PR: docs/169354 [1] Approved by: hrs (mentor) MFC after: 3 weeks Modified: head/share/man/man5/passwd.5 Modified: head/share/man/man5/passwd.5 ============================================================================== --- head/share/man/man5/passwd.5 Mon Jun 25 22:22:39 2012 (r237580) +++ head/share/man/man5/passwd.5 Mon Jun 25 22:39:37 2012 (r237581) @@ -35,7 +35,7 @@ .\" From: @(#)passwd.5 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd May 8, 2007 +.Dd June 23, 2012 .Dt PASSWD 5 .Os .Sh NAME @@ -203,7 +203,8 @@ field is the number of seconds from the .Dv UTC , until the password for the account must be changed. -This field may be left empty to turn off the password aging feature. +This field may be left empty to turn off the password aging feature; +a value of zero is equivalent to leaving the field empty. .Pp The .Ar expire @@ -211,7 +212,8 @@ field is the number of seconds from the .Dv UTC , until the account expires. -This field may be left empty to turn off the account aging feature. +This field may be left empty to turn off the account aging feature; +a value of zero is equivalent to leaving the field empty. .Pp The .Ar gecos @@ -271,7 +273,8 @@ as it is done for system accounts, is to set its .Ar shell to -.Xr nologin 8 . +.Pa /sbin/nologin +.Pq see Xr nologin 8 . .Sh HESIOD SUPPORT If .Sq Li dns @@ -363,7 +366,7 @@ fields, the specified numbers will overr from the Hesiod domain or the .Tn NIS maps. -As well, if the +Likewise, if the .Ar gecos , .Ar dir or @@ -399,7 +402,8 @@ The additional fields .Ar change and .Ar expire -are added, but are turned off by default. +are added, but are turned off by default +.Pq setting these fields to zero is equivalent to leaving them blank . Class is currently not implemented, but change and expire are; to set them, use the current day in seconds from the epoch + whatever number of seconds of offset you want. _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" State Changed From-To: open->patched In head as r237581, awaiting MFC. Author: bjk (doc committer) Date: Fri Jul 6 03:43:33 2012 New Revision: 238160 URL: http://svn.freebsd.org/changeset/base/238160 Log: MFC r237581: Explicitly mention that setting the change and expiry times to zero is equivalent to leaving the time unset. [1] Wordsmith in the compat support section. Use a full path to nologin(8) in the context of setting it as a user's shell, keeping a separate cross-reference. PR: docs/169354 [1] Approved by: hrs (mentor) Modified: stable/7/share/man/man5/passwd.5 Directory Properties: stable/7/share/man/man5/ (props changed) Modified: stable/7/share/man/man5/passwd.5 ============================================================================== --- stable/7/share/man/man5/passwd.5 Fri Jul 6 02:18:49 2012 (r238159) +++ stable/7/share/man/man5/passwd.5 Fri Jul 6 03:43:33 2012 (r238160) @@ -35,7 +35,7 @@ .\" From: @(#)passwd.5 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd May 8, 2007 +.Dd June 23, 2012 .Dt PASSWD 5 .Os .Sh NAME @@ -204,7 +204,8 @@ field is the number of seconds from the .Dv UTC , until the password for the account must be changed. -This field may be left empty to turn off the password aging feature. +This field may be left empty to turn off the password aging feature; +a value of zero is equivalent to leaving the field empty. .Pp The .Ar expire @@ -212,7 +213,8 @@ field is the number of seconds from the .Dv UTC , until the account expires. -This field may be left empty to turn off the account aging feature. +This field may be left empty to turn off the account aging feature; +a value of zero is equivalent to leaving the field empty. .Pp The .Ar gecos @@ -272,7 +274,8 @@ as it is done for system accounts, is to set its .Ar shell to -.Xr nologin 8 . +.Pa /sbin/nologin +.Pq see Xr nologin 8 . .Sh HESIOD SUPPORT If .Sq Li dns @@ -364,7 +367,7 @@ fields, the specified numbers will overr from the Hesiod domain or the .Tn NIS maps. -As well, if the +Likewise, if the .Ar gecos , .Ar dir or @@ -400,7 +403,8 @@ The additional fields .Ar change and .Ar expire -are added, but are turned off by default. +are added, but are turned off by default +.Pq setting these fields to zero is equivalent to leaving them blank . Class is currently not implemented, but change and expire are; to set them, use the current day in seconds from the epoch + whatever number of seconds of offset you want. _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" Author: bjk (doc committer) Date: Fri Jul 6 03:44:40 2012 New Revision: 238161 URL: http://svn.freebsd.org/changeset/base/238161 Log: MFC r237581: Explicitly mention that setting the change and expiry times to zero is equivalent to leaving the time unset. [1] Wordsmith in the compat support section. Use a full path to nologin(8) in the context of setting it as a user's shell, keeping a separate cross-reference. PR: docs/169354 [1] Approved by: hrs (mentor) Modified: stable/8/share/man/man5/passwd.5 Directory Properties: stable/8/share/man/man5/ (props changed) Modified: stable/8/share/man/man5/passwd.5 ============================================================================== --- stable/8/share/man/man5/passwd.5 Fri Jul 6 03:43:33 2012 (r238160) +++ stable/8/share/man/man5/passwd.5 Fri Jul 6 03:44:40 2012 (r238161) @@ -35,7 +35,7 @@ .\" From: @(#)passwd.5 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd May 8, 2007 +.Dd June 23, 2012 .Dt PASSWD 5 .Os .Sh NAME @@ -204,7 +204,8 @@ field is the number of seconds from the .Dv UTC , until the password for the account must be changed. -This field may be left empty to turn off the password aging feature. +This field may be left empty to turn off the password aging feature; +a value of zero is equivalent to leaving the field empty. .Pp The .Ar expire @@ -212,7 +213,8 @@ field is the number of seconds from the .Dv UTC , until the account expires. -This field may be left empty to turn off the account aging feature. +This field may be left empty to turn off the account aging feature; +a value of zero is equivalent to leaving the field empty. .Pp The .Ar gecos @@ -272,7 +274,8 @@ as it is done for system accounts, is to set its .Ar shell to -.Xr nologin 8 . +.Pa /sbin/nologin +.Pq see Xr nologin 8 . .Sh HESIOD SUPPORT If .Sq Li dns @@ -364,7 +367,7 @@ fields, the specified numbers will overr from the Hesiod domain or the .Tn NIS maps. -As well, if the +Likewise, if the .Ar gecos , .Ar dir or @@ -400,7 +403,8 @@ The additional fields .Ar change and .Ar expire -are added, but are turned off by default. +are added, but are turned off by default +.Pq setting these fields to zero is equivalent to leaving them blank . Class is currently not implemented, but change and expire are; to set them, use the current day in seconds from the epoch + whatever number of seconds of offset you want. _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" Author: bjk (doc committer) Date: Fri Jul 6 03:56:45 2012 New Revision: 238162 URL: http://svn.freebsd.org/changeset/base/238162 Log: MFC r237581: Explicitly mention that setting the change and expiry times to zero is equivalent to leaving the time unset. [1] Wordsmith in the compat support section. Use a full path to nologin(8) in the context of setting it as a user's shell, keeping a separate cross-reference. PR: docs/169354 [1] Approved by: re (hrs), hrs (mentor) Modified: stable/9/share/man/man5/passwd.5 Directory Properties: stable/9/share/man/man5/ (props changed) Modified: stable/9/share/man/man5/passwd.5 ============================================================================== --- stable/9/share/man/man5/passwd.5 Fri Jul 6 03:44:40 2012 (r238161) +++ stable/9/share/man/man5/passwd.5 Fri Jul 6 03:56:45 2012 (r238162) @@ -35,7 +35,7 @@ .\" From: @(#)passwd.5 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd May 8, 2007 +.Dd June 23, 2012 .Dt PASSWD 5 .Os .Sh NAME @@ -203,7 +203,8 @@ field is the number of seconds from the .Dv UTC , until the password for the account must be changed. -This field may be left empty to turn off the password aging feature. +This field may be left empty to turn off the password aging feature; +a value of zero is equivalent to leaving the field empty. .Pp The .Ar expire @@ -211,7 +212,8 @@ field is the number of seconds from the .Dv UTC , until the account expires. -This field may be left empty to turn off the account aging feature. +This field may be left empty to turn off the account aging feature; +a value of zero is equivalent to leaving the field empty. .Pp The .Ar gecos @@ -271,7 +273,8 @@ as it is done for system accounts, is to set its .Ar shell to -.Xr nologin 8 . +.Pa /sbin/nologin +.Pq see Xr nologin 8 . .Sh HESIOD SUPPORT If .Sq Li dns @@ -363,7 +366,7 @@ fields, the specified numbers will overr from the Hesiod domain or the .Tn NIS maps. -As well, if the +Likewise, if the .Ar gecos , .Ar dir or @@ -399,7 +402,8 @@ The additional fields .Ar change and .Ar expire -are added, but are turned off by default. +are added, but are turned off by default +.Pq setting these fields to zero is equivalent to leaving them blank . Class is currently not implemented, but change and expire are; to set them, use the current day in seconds from the epoch + whatever number of seconds of offset you want. _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" State Changed From-To: patched->closed Merged to 7, 8, and 9 in r238160-238162. |
In the passwd(5) manual it states: The change field is the number of seconds from the epoch, UTC, until the password for the account must be changed. This field may be left empty to turn off the password aging feature. The expire field is the number of seconds from the epoch, UTC, until the account expires. This field may be left empty to turn off the account aging feature. This, however, is an incomplete description. The FreeBSD operating system uses a value of zero by-default (for both password-change and account-expire fields) for all default users on a vanilla/freshly-installed system. Meanwhile, the manual says nothing about a value of zero (0) being functionally equivalent to NULL (experienced behavior). Rather, if one takes the manual literally (given above), a value of zero is taken as "number of seconds from the epoch, UTC" and therefore, one would expect that all accounts in a default install are both (a) expired (account-wise) and (b) have expired passwords. The manual should likely be updated to say that zero is functionally equivalent to NULL. Fix: Update passwd(5) manual to mention that a value of zero is functionally equivalent to NULL. How-To-Repeat: Read passwd(5). Now execute the following to see the password-change and account-expire fields for all users: sudo awk -F: '{print $1 ":" $6 ":" $7}' /etc/master.passwd Notice how all (or nearly all) users have a value of zero, including root and all privilege-separation users.