On Tue, Sep 11, 2012 at 10:23:13AM +0300, Eugene Yunak wrote: > On 11 September 2012 09:37, Antoine Jacoutot <ajacou...@bsdfrog.org> wrote: > > On Tue, Sep 11, 2012 at 09:33:56AM +0300, Eugene Yunak wrote: > >> On 10 September 2012 18:01, Antoine Jacoutot <ajacou...@bsdfrog.org> wrote: > >> > Hi. > >> > > >> > This diff adds 2 new options to usermod(8): > >> > -U to unlock a user's password > >> > -Z to lock a user's password > >> > > >> > In effect locking/unlocking the password means to add a '!' in front of > >> > the encrypted entry in master.passwd. > >> > Note that this disable the _password_ not the account of course (you > >> > could still connect using ssh+key for e.g.). > >> > > >> > That said, I have some use for it and would like to be able to have this > >> > if at all possible. > >> > Behavior is basically the same as Linux's usermod(8) except that I am > >> > using -Z for locking the password (-Z is for SElinux in Linux land and > >> > -L is used instead but we use it ourselves for the login class). > >> > > >> > Comments? > >> > >> Hi, > >> > >> Isn't think better placed in passwd? > >> At least Linux and Solaris (since 5.6 i believe) have this as -l and > >> -u in passwd(1), > >> so this might be a better option to keep it consistent with other > >> systems. HP-UX > >> only implements -l; I haven't checked others. > > > > It is consistent; this is how usermod works in linux as well. > > Isn't it better to be consistent with most Unix systems and not just Linux? > The world is Linux-centric enough already and an OpenBSD should know it > better than anyone else ;)
FreeBSD and NetBSD do the same (i.e. lock using usermod). I don't really care about HP-UX compatibility... and I don't understand your comment about "OpenBSD should know it better"; what is it you want exactly? As I said, I have a use for it using usermod(8). If you have a use for it with passwd(1) then provide a diff. Each Unix has a slightly different useradd/mod/del ... command you know. > >> OpenBSD passwd already uses -l to restrict passwd to local files only > >> though so > >> you would still need to use a different letter (as you do with > >> usermod) but at least > >> passwd(1) is where most unix admins would look for this option first. > > > > This diff is for the usermod part, not passwd; both are different things. > > I don't get it - how are they "different things"? Both manipulate shadow. And so does vipw(8). Look this is a diff for _usermod_. If you want to add flags to passwd(1), then just do so, I have no problem with it. -- Antoine