Date: Saturday, September 18, 2010 @ 18:49:36 Author: pierre Revision: 90912
Fix "Last password change" for system users Having "Last password change" in /etc/shadow set to 0 will enforce a password chagne for that user on next "login". This prevents the usage of "su" to run commands with such a user. Therefore settng is to the same value as the root user. Modified: filesystem/trunk/PKGBUILD filesystem/trunk/filesystem.install filesystem/trunk/shadow --------------------+ PKGBUILD | 4 ++-- filesystem.install | 7 +++++++ shadow | 12 ++++++------ 3 files changed, 15 insertions(+), 8 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2010-09-18 21:28:08 UTC (rev 90911) +++ PKGBUILD 2010-09-18 22:49:36 UTC (rev 90912) @@ -3,7 +3,7 @@ # Contributor: judd <jvi...@zeroflux.org> pkgname=filesystem -pkgver=2010.07 +pkgver=2010.09 pkgrel=1 pkgdesc="Base filesystem" arch=('any') @@ -28,7 +28,7 @@ 'f28150d4c0b22a017be51b9f7f9977ed' '6e488ffecc8ba142c0cf7e2d7aeb832e' '8a9042a2cedf6b6b47eb8973f14289cb' - '019e5c24f9befef395a28e7ef2e4e5b9' + '25d046c06d2400a878095f38f44e9c1f' '57c5cc9da249c3b06a70fd7efb8c34a5' 'e5d8323a4dbee7a6d0d2a19cbf4b819f' '81b3cb42a6ddabc2ed2310511ee9c859' Modified: filesystem.install =================================================================== --- filesystem.install 2010-09-18 21:28:08 UTC (rev 90911) +++ filesystem.install 2010-09-18 22:49:36 UTC (rev 90912) @@ -64,4 +64,11 @@ grep -q '^include /etc/ld.so.conf.d/\*.conf$' etc/ld.so.conf \ || echo 'include /etc/ld.so.conf.d/*.conf' >> etc/ld.so.conf + + # set "Last password change" > 0; otherwise su $user wont work + for user in bin daemon mail ftp http nobody; do + if LANG=C chage -l ${user} | grep -q 'password must be changed'; then + chage -d 99999 ${user} + fi + done } Modified: shadow =================================================================== --- shadow 2010-09-18 21:28:08 UTC (rev 90911) +++ shadow 2010-09-18 22:49:36 UTC (rev 90912) @@ -1,7 +1,7 @@ root::99999:::::: -bin:x:0:::::: -daemon:x:0:::::: -mail:x:0:::::: -ftp:x:0:::::: -http:x:0:::::: -nobody:x:0:::::: +bin:x:99999:::::: +daemon:x:99999:::::: +mail:x:99999:::::: +ftp:x:99999:::::: +http:x:99999:::::: +nobody:x:99999::::::