The environment variable $HOME for a Linux account is defined by file /etc/passwd if the account was not created in AD (Active Directory). Each account has an entry line in file /etc/passwd. For example, I can get my account's password expiration date by:
$ echo $HOME
/u02/app
$ whoami
applmgr
$ grep applmgr /etc/passwd
applmgr:x:50378:102:Oracle EBS ID - J Y:/u02/app:/bin/ksh
$ expstr=$( chage -l $(whoami) | grep "^Password expires" | awk -F: '{ print $(NF) }' | sed -e 's/^ *//g; s/ *$//g;' )
$ echo "password for account `whoami` will expire on $expstr"
password for account applmgr will expire on Jul 30, 2025
But, if the account was created by Windows AD (Active Directory), the variable $HOME is defined in AD by "Home Directory" (Note: an entry in .profile or such could change $HOME to a different path immediately after login). ADHelp search page may show info:
Unix Account
Home Directory: /users/applmgr
Login Shell: /bin/ksh
In that case, "chage" will give a different result:
$ echo $HOME
/users/applmgr
$ expstr=$( chage -l $(whoami) | grep "^Password expires" | awk -F: '{ print $(NF) }' | sed -e 's/^ *//g; s/ *$//g;' )
chage: user 'applmgr' does not exist in /etc/passwd
For an important account created in Linux (vs. an AD account), I wrote a script to email warning out before its password expires. It can be run by a cron job, such as
30 12 * * * /path/to/xxxx_scripts/checkPWDexpire.sh 2>&1
============= script checkPWDexpire.sh =============
let secs_per_day=60*60*24
nowtime=$( date +%s )
expstr=$( chage -l $(whoami) | grep "^Password expires" | awk -F: '{ print $(NF) }' | sed -e 's/^ *//g; s/ *$//g;' )
echo "DEBUG: expstr is $expstr"
if [ "$expstr" == "never" ]; then
echo "Password never expires.";
exit 0;
fi
exptime=$( date --date "$expstr" +%s )
if [ "$exptime" -lt 1 ]; then
echo "Something is wrong.";
exit 255; # Or, email a message out
fi
if [ "$exptime" -lt "$nowtime" ]; then
echo "Password already expired.";
exit 1; # Or, email a message out
fi
secs_til_exp=$(expr $exptime - $nowtime)
days_til_exp=$(expr $secs_til_exp / $secs_per_day)
echo "Password expires in $days_til_exp days."
if [ "$days_til_exp" -lt 6 ]; then
# send email out
echo "Please reset password manually and update 3rd party environments." | mailx -s "`whoami` on `uname -n` will expire in $days_til_exp days" me@email.com
# or
# mailx -s "`whoami` on `uname -n` will expire in $days_til_exp days" -a aFile.log me@email.com < aFile.log
else
echo "All is fine.";
exit ;
fi
============== end =====================
"chage" Linux command:
If OS user applmgr is granted sudo, it can act as root to check another account's status or change password status.
$ sudo su -
[sudo] password for applmgr:
Last login: Mon Mar 28 03:22:57 EDT xxxx
Hostname: server_name.domain.com
OS: Red Hat Enterprise Linux release 8.10 (Ootpa)
Arch: x86_64
[root@server_name ~]# chage -E -1 batch_mgr # -1 <== number
Notes: passing the number -1 to Expire Date (-E) only never expires the account, but not unexpire the password.
[root@server_name ~]# chage -l batch_mgr # -l <== --list
Last password change : Feb 14, 2023
Password expires : May 15, 2023
Password inactive : Jun 14, 2023
Account expires : never
Minimum number of days between password change : 7
Maximum number of days between password change : 90
Number of days of warning before password expires : 7
[root@server_name ~]# chage -M -1 batch_mgr
Notes: passing the number -1 as MAX DAYS (-M) will remove checking a password validity, which turns off the various password aging properties. Now batch_mgr can use its existing password to login.
[root@server_name ~]# chage -l batch_mgr
Last password change : Feb 14, 2023
Password expires : never
Password inactive : never <= never be deactivated due to inactivity
Account expires : never
Minimum number of days between password change : 7
Maximum number of days between password change : -1
Number of days of warning before password expires : 7
[root@server_name ~]# chage -l applmgr # b/c applmgr was originally created in AD
chage: user 'applmgr' does not exist in /etc/passwd
