User's Manual

Solaris 9 Security CX-310-301 47

¾ After a specified time of inactivity

¾ On a specific date

¾ Immediately

You can also use a combination in that an account could be set to expire if it is not used for a specific

number of days, but also expire on a certain date.

To expire the account temptest if there has been no activity for 2 days:

# usermod –f 2 temptest

To expire the account temptest on April 20 2004:

# usermod –e 04/20/2004 temptest

To expire the account temptest immediately, lock the passwd:

# passwd –l temptest

Note that there is no immediate expiry option, you have to lock the account.

You can display the expiry information for a user account by running the logins program as shown here:

# logins –l temptest –a

temptest 8888 staff 10 Temporary test User

-1 000000

The fields are explained as follows:

¾ temptest – The user name

¾ 8888 – The UID

¾ staff – The primary group

¾ 10 – The primary group ID (GID)

¾ Temporary test User – The user comment from /etc/passwd

¾ -1 – The inactivity flag (-1 means that this flag is not set)

¾ 000000 – The expiry date (all zeros means the account will not expire)

If you run this again after setting the inactivity flag to 2 days and the account to expire on 20 April 2004,

the values will change:

# logins –l temptest –a

temptest 8888 staff 10 Temporary test User

2 042004

To set a user account so that it will no longer expire on the specified date, use a null string “”, and to turn

off the inactivity flag, set it to 0.