On 11 September 2012 09:37, Antoine Jacoutot <ajacou...@bsdfrog.org> wrote: > On Tue, Sep 11, 2012 at 09:33:56AM +0300, Eugene Yunak wrote: >> On 10 September 2012 18:01, Antoine Jacoutot <ajacou...@bsdfrog.org> wrote: >> > Hi. >> > >> > This diff adds 2 new options to usermod(8): >> > -U to unlock a user's password >> > -Z to lock a user's password >> > >> > In effect locking/unlocking the password means to add a '!' in front of >> > the encrypted entry in master.passwd. >> > Note that this disable the _password_ not the account of course (you >> > could still connect using ssh+key for e.g.). >> > >> > That said, I have some use for it and would like to be able to have this >> > if at all possible. >> > Behavior is basically the same as Linux's usermod(8) except that I am >> > using -Z for locking the password (-Z is for SElinux in Linux land and >> > -L is used instead but we use it ourselves for the login class). >> > >> > Comments? >> >> Hi, >> >> Isn't think better placed in passwd? >> At least Linux and Solaris (since 5.6 i believe) have this as -l and >> -u in passwd(1), >> so this might be a better option to keep it consistent with other >> systems. HP-UX >> only implements -l; I haven't checked others. > > It is consistent; this is how usermod works in linux as well.
Isn't it better to be consistent with most Unix systems and not just Linux? The world is Linux-centric enough already and an OpenBSD should know it better than anyone else ;) >> OpenBSD passwd already uses -l to restrict passwd to local files only though >> so >> you would still need to use a different letter (as you do with >> usermod) but at least >> passwd(1) is where most unix admins would look for this option first. > > This diff is for the usermod part, not passwd; both are different things. I don't get it - how are they "different things"? Both manipulate shadow. -- The best the little guy can do is what the little guy does right