User's Manual
Solaris 9 Security CX-310-301 47
¾ After a specified time of inactivity
¾ On a specific date
¾ Immediately
You can also use a combination in that an account could be set to expire if it is not used for a specific
number of days, but also expire on a certain date.
To expire the account temptest if there has been no activity for 2 days:
# usermod –f 2 temptest
To expire the account temptest on April 20 2004:
# usermod –e 04/20/2004 temptest
To expire the account temptest immediately, lock the passwd:
# passwd –l temptest
Note that there is no immediate expiry option, you have to lock the account.
You can display the expiry information for a user account by running the logins program as shown here:
# logins –l temptest –a
temptest 8888 staff 10 Temporary test User
-1 000000
The fields are explained as follows:
¾ temptest – The user name
¾ 8888 – The UID
¾ staff – The primary group
¾ 10 – The primary group ID (GID)
¾ Temporary test User – The user comment from /etc/passwd
¾ -1 – The inactivity flag (-1 means that this flag is not set)
¾ 000000 – The expiry date (all zeros means the account will not expire)
If you run this again after setting the inactivity flag to 2 days and the account to expire on 20 April 2004,
the values will change:
# logins –l temptest –a
temptest 8888 staff 10 Temporary test User
2 042004
To set a user account so that it will no longer expire on the specified date, use a null string “”, and to turn
off the inactivity flag, set it to 0.