Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

help on /etc/security/user file

Status
Not open for further replies.

Edward1982

Technical User
Oct 1, 2008
15
US
We have applied a new password policy for our organization about 3 months ago. The problem is that we are now being prompted to change the Root password. Which line needs to be added or modified in the /etc/security/user file to avoid having to change the Root password? Thanks for your help.
 
It's a flag for root's password in /etc/security/passwd you're after:

[tt]root:
password = MGURSj.F056Dj
lastupdate = 623078865
flags = NOCHECK[/tt]

You can set that flag with

[tt]pwdadm -c root # clear all root password flags
pwdadm -f NOCHECK root # set NOCHECK flag for root password[/tt]

But it IS a good idea to periodically change passwords, including root's password.

HTH,

p5wizard
 
What p5wizard said is one way to do this but of course this will bypass any other restrictions applied by the /etc/security/user!

The best thing is to reset maxage attribute in the /etc/security/user for root to zero!

Code:
maxage
Defines the maximum age (in weeks) of a password. The password must be changed by this time. The value is a decimal integer string. The default is a value of 0, indicating no maximum age.

This will prevent the password from expiring!

Again i second p5wizard opinion into keeping this policy as it is a good idea to change the root password from time to time!

Regards,
Khalid
 
A full description of /etc/security/user can be found here:


It is recommended to change values inside the /etc/security/user using the chuser command as descriped here:


What you are after can be done using the following:

Code:
chuser maxage=0 root

Regards,
Khalid
 
Great guys, thanks for the help, I did not consider the passwd file. Yes, you are correct about changing the root password. We didn't want to change it as much as the users have to thiers.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top