Creating users and changing their account's expiration date, password expiration date on FreeBSD.

There are many ways to create users on a FreeBSD box but the easiest way (to me) is using pw(8)


The following options apply to the useradd and usermod commands:

-n name Specify the user/account name. -u uid Specify the user/account numeric id. Usually, you only need to provide one or the other of these options, as the account name will imply the uid, or vice versa. However, there are times when you need to provide both. For example, when changing the uid of an existing user with usermod, or overriding the default uid when cre- ating a new account. If you wish pw to automatically allo- cate the uid to a new user with useradd, then you should not use the -u option. You may also provide either the account or userid immediately after the useradd, userdel, usermod or usershow keywords on the command line without using the -n or -u options. -c comment This field sets the contents of the passwd GECOS field, which normally contains up to four comma-separated fields containing the user's full name, office or location, and work and home phone numbers. These sub-fields are used by convention only, however, and are optional. If this field is to contain spaces, you need to quote the comment itself with double quotes `"'. Avoid using commas in this field as these are used as sub-field separators, and the colon `:' character also cannot be used as this is the field sep- arator for the passwd file itself. -d dir This option sets the account's home directory. Normally, you will only use this if the home directory is to be dif- ferent from the default determined from /etc/pw.conf - nor- mally /home with the account name as a subdirectory. -e date Set the account's expiration date. Format of the date is either a UNIX time in decimal, or a date in `dd-mmm-yy[yy]' format, where dd is the day, mmm is the month, either in numeric or alphabetic format ('Jan', 'Feb', etc) and year is either a two or four digit year. This option also accepts a relative date in the form `+n[mhdwoy]' where `n' is a decimal, octal (leading 0) or hexadecimal (leading 0x) digit followed by the number of Minutes, Hours, Days, Weeks, Months or Years from the current date at which the expiration date is to be set. -p date Set the account's password expiration date. This field is similar to the account expiration date option, except that it applies to forced password changes. This is set in the same manner as the -e option. -g group Set the account's primary group to the given group. group may be defined by either its name or group number. -G grouplist Set additional group memberships for an account. grouplist is a comma-separated list of group names or group numbers. The user's name is added to the group lists in /etc/group, and removed from any groups not specified in grouplist. Note: a user should not be added to their primary group with grouplist. Also, group membership changes do not take effect for current user login sessions, requiring the user to reconnect to be affected by the changes. -L class This option sets the login class for the user being cre- ated. See login.conf(5) and passwd(5) for more information on user login classes. -m This option instructs pw to attempt to create the user's home directory. While primarily useful when adding a new account with useradd, this may also be of use when moving an existing user's home directory elsewhere on the file system. The new home directory is populated with the con- tents of the skeleton directory, which typically contains a set of shell configuration files that the user may person- alize to taste. Files in this directory are usually named dot. where the dot prefix will be stripped. When -m is used on an account with usermod, existing configura- tion files in the user's home directory are not overwritten from the skeleton files. When a user's home directory is created, it will by default be a subdirectory of the basehome directory as specified by the -b option (see below), bearing the name of the new account. This can be overridden by the -d option on the command line, if desired. -k dir Set the skeleton directory, from which basic startup and configuration files are copied when the user's home direc- tory is created. This option only has meaning when used with the -d or -m flags. -s shell Set or changes the user's login shell to shell. If the path to the shell program is omitted, pw searches the shellpath specified in /etc/pw.conf and fills it in as appropriate. Note that unless you have a specific reason to do so, you should avoid specifying the path - this will allow pw to validate that the program exists and is exe- cutable. Specifying a full path (or supplying a blank "" shell) avoids this check and allows for such entries as /nonexistent that should be set for accounts not intended for interactive login. -h fd This option provides a special interface by which interac- tive scripts can set an account password using pw. Because the command line and environment are fundamentally insecure mechanisms by which programs can accept information, pw will only allow setting of account and group passwords via a file descriptor (usually a pipe between an interactive script and the program). sh, bash, ksh and perl all pos- sess mechanisms by which this can be done. Alternatively, pw will prompt for the user's password if -h 0 is given, nominating stdin as the file descriptor on which to read the password. Note that this password will be read only once and is intended for use by a script rather than for interactive use. If you wish to have new password confir- mation along the lines of passwd(1), this must be imple- mented as part of an interactive script that calls pw. If a value of `-' is given as the argument fd, then the password will be set to `*', rendering the account inacces- sible via password-based login. -H fd Read an encrypted password string from the specified file descriptor. This is like -h, but the password should be supplied already encrypted in a form suitable for writing directly to the password database.

Quick command for adding users:
pw useradd -n user_name -e 01-06-2008 -m -s /usr/local/bin/ksh93 -h 0
-e sets user's account expiration date
-p sets user's password expiration date
-n name of account (user_name)
-m automatically create /home/user_name
-s sets user's shell
-h 0 prompts for password

At this point we have user_name added to your system with the password chosen by us and we want this user to change his password as soon as possible (let's say tomorrow).

Quick command for changing expiration date for a user's account:
pw user mod user_name -e 23-11-2007 #Changes this account to expire on 23rd of November 2007

Quick command for changing expiration password for a user:
pw user mod user_name -p 22-11-2007 #Changes this account so that user_name's password will expire next day, in my case 22nd of november 2007.

After su - user_name I see:
Warning: your account expires on Fri Nov 23 00:00:00 2007
Warning: your password expires on Thu Nov 22 00:00:00 2007


Now that we have our users created and forced to change their passwords as soon as possible we need to implement the strong password policy for FreeBSD.

Also see: FreeBSD: Password expiry (aging policy) and FreeBSD add user command

Bookmarks:

Echo "Creating/Adding (temporary) users on FreeBSD 6 " around:

Test king offers up-to-date and modern testing services with tests like 156-215 which prepares students for 100% results. Test king is also known for preparing students for Microsoft certifications with test such as 70-553 and 70-272. Other popular Microsoft prep tests are 70-271 and 70-553. Test king is also training students for Cisco certifications with tests such as 310-055 and 310-055.