HP-UX Reference (11i v2 04/09) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

301

302

303

304

305

306

307

308

309

310

security(4) security(4)

Default value: The default for each of these parameters is zero.

PASSWORD_MAXDAYS

This parameter controls the default maximum number of days that passwords are valid. This

value, if speciﬁed, is used by the authentication subsystem during the password change pro-

cess in the case where aging restrictions do not already exist for the given user. The value

takes effect after the password change. This parameter applies only to local users and does not

apply to trusted systems. The passwd -x option can be used to override this value for a

speciﬁc user.

PASSWORD_MAXDAYS=

A new password is valid for up to N days, after which the password must be changed.

Default value:

PASSWORD_MAXDAYS=-1

(password aging is turned off)

PASSWORD_MINDAYS

This parameter controls the default minimum number of days before a password can be

changed. This value is used by the authentication subsystem during the password change pro-

cess in the case where aging restrictions do not already exist for the user. The value is stored

persistently and takes effect after the password change. This parameter applies only to local

users and does not apply to Trusted Systems. The

passwd -n option can be used to override

this value for a speciﬁc user.

PASSWORD_MINDAYS=

A new password cannot be changed until at least N days since it was last changed.

Default value:

PASSWORD_MINDAYS=0

PASSWORD_WARNDAYS

This parameter controls the default number of days before password expiration that a user is

to be warned that the password must be changed. This value, if speciﬁed, is used by the

authentication subsystem during the password change process in the case where aging restric-

tions do not already exist for the given user. The value takes effect after the password change.

This parameter applies only to local users on Shadow Password systems. The

passwd -w

option can be used to override this value for a speciﬁc user.

PASSWORD_WARNDAYS=

Users are warned N days before their password expires.

Default value:

PASSWORD_WARNDAYS=0

(no warning)

SU_DEFAULT_PATH

This parameter deﬁnes a new default PATH environment value to be set when su

to a non-

superuser account is done. Refer to su(1).

SU_DEFAULT_PATH=

new_PATH

The

PATH environment variable is set to new_PATH when the

su command is invoked.

The path value is not validated. This parameter does not apply to a superuser account,

and is applicable only when the "-" option is not used with the

su command.

Default value: If this parameter is not deﬁned or if it is commented out,

PATH is not changed.

SU_KEEP_ENV_VARS

This parameter forces su to propagate certain ’unsafe’ environment variables to its child pro-

cess despite the security risk of doing so. Refer to su(1).

By default,

su does not export the environment variables HOME, ENV, IFS, SHLIB_PATH or

LD_* because they could be maliciously misused. Any combination of these can be speciﬁed in

this entry, with a comma separating the variables. Currently, no other environment variables

may be speciﬁed in this way. This may change in future HP-UX releases as security needs

require.

SU_KEEP_ENV_VARS=var1,var2,...,varN

Default value: If this parameter is not deﬁned or if it is commented out, none of these environ-

ment variables will be propagated by the

su command.

SU_ROOT_GROUP

This parameter deﬁnes the root group name for the su command. Refer to su(1).

HP-UX 11i Version 2: September 2004 − 3 − Hewlett-Packard Company Section 4−−293