HP-UX Reference (11i v2 03/08) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

291

292

293

294

295

296

297

298

299

300

security(4) security(4)

PASSWORD_MAXDAYS=

N A new password is valid for up to N days, after which the

password must be changed.

Default value:

PASSWORD_MAXDAYS=-1

password aging is turned off.

PASSWORD_MINDAYS

This parameter controls the default minimum number of days before a password can be

changed. This value is used by the authentication subsystem during the password

change process in the case where aging restrictions do not already exist for the user. The

value is stored persistently and takes effect after the password change. This parameter

applies only to local users and does not apply to Trusted Systems. The

passwd -n

option can be used to override this value for a speciﬁc user.

PASSWORD_MINDAYS=

N A new password cannot be changed until at least N days

since it was last changed.

Default value:

PASSWORD_MINDAYS=0

PASSWORD_WARNDAYS

This parameter controls the default number of days before password expiration that a

user is to be warned that the password must be changed. This value, if speciﬁed, is used

by the authentication subsystem during the password change process in the case where

aging restrictions do not already exist for the given user. The value takes effect after the

password change. This parameter applies only to local users on Shadow Password sys-

tems. The passwd -w option can be used to override this value for a speciﬁc user.

PASSWORD_WARNDAYS=

N Users are warned N days before their password expires.

Default value:

PASSWORD_WARNDAYS=0

(no warning)

SU_DEFAULT_PATH

This parameter deﬁnes a new default PATH environment value to be set when su to a

non-superuser account is done. Refer to su(1).

SU_DEFAULT_PATH=

new_PATH

The

PATH environment variable is set to new_PATH when the

su command is invoked.

The path value is not validated. This parameter does not apply to a superuser account,

and is applicable only when the "-" option is not used with the

su command.

Default value: If this parameter is not deﬁned or if it is commented out,

PATH is not

changed.

SU_KEEP_ENV_VARS

This parameter forces su to propagate certain ’unsafe’ environment variables to its child

process despite the security risk of doing so. Refer to su(1).

By default,

su does not export the environment variables HOME, ENV, IFS,

SHLIB_PATH or LD_* because they could be maliciously misused. Any combination of

these can be speciﬁed in this entry, with a comma separating the variables. Currently,

no other environment variables may be speciﬁed in this way. This may change in future

HP-UX releases as security needs require.

SU_KEEP_ENV_VARS=var1,var2,...,varN

Default value: If this parameter is not deﬁned or if it is commented out, none of these

environment variables will be propagated by the

su command.

SU_ROOT_GROUP

This parameter deﬁnes the root group name for the su command. Refer to su(1).

SU_ROOT_GROUP=group_name The root group name is set to the speciﬁed symbolic

group name. The su command enforces the restriction that a non-superuser must be a

member of the speciﬁed root group to be allowed to su to root. This does not alter pass-

word checking.

Default value: If this parameter is not deﬁned or if it is commented out, there is no

default value. In this case, a non superuser is allowed to

su to root without being bound

by root group restrictions.

UMASK This parameter controls umask(2) of all sessions initiated via pam_unix (5). It accepts

values from 0 to 0777 as an unsigned octal integer (leading zero can be omitted).

Section 4−−280 Hewlett-Packard Company − 3 − HP-UX 11i Version 2: August 2003