#!/usr/bin/less ################################################################################ Program name : passwd_exp Version : 0.5.9 Purpose : Warn of password expiration via email Check acount expiration status (admin mode) License : GNU GPL v2 or later (see file LICENSE) Author : Samuel Behan (c) 2000-2001 Requirements : perl5.003 + spent.pm and RcReader.pm perl packages, mail program (ie. mailx) or MTA (sendmail compatible) ################################################################################ ABOUT ----- passwd_exp is a perl script that warns of password/account expiration via email. It extends (and replaces) similar function of login program, that prints such a messages at login time, but many users does not login for a long (long) time and only download (or forward) their e-mails, so this script will warn them. Script can also list users that account is expiring (admin mode), has been expired but not inactived, bas been expired going to inactivate and has been inactivated (understood ???). <> RcReader.pm - (my) package for reading config file. Can be found at CPAN or http://frida.fri.utc.sk/~behan/devel/RcReader spent.pm - (my) package for readin shadow database. Can found at CPAN or http://frida.fri.utc.sk/~behan/devel/spent <> Bugs and tips how to make this script better send please to and i'll try to help you. I'll be also glad if you'll send my your localized config file, so i can add your localized messages to tarball. INSTALATION ----------- All you need to do is to unpack the program, run the configure program and make $ tar -xzf passwd_exp-xxx.tgz $ ./configure $ make These files will be installed (default installation) passwd_exp -> /sbin/passwd_exp passwd_exp.conf -> /etc/passwd_exp.conf passwd_exp.cron -> /etc/cron.daily/passwd_exp.cron You can modify install paths, by running configure with parameters to change the paths like --prefix=PATH, --sbindir=PATH... Install path of the passwd_exp.cron is hard set, but if the directory /etc/cron.daily doesn't exists it wont be installed. You have to do care yourself, to run the passwd_exp once a day (not more!) (ie. adding it to cron via crontab -e ). PERL PACKAGES: Perl packages required by this script are also shipped in this tarball. All you need to do is to unpack them and in each directory package dir to run $ perl Makefile.PL $ make install And the packages will be automatically added to your perl library. COMMAND LINE OPTIONS -------------------- -c file path to config file (default is /etc/passwd_exp.conf) -u user check only this user -l list all expired/inactivated acounts -i ignore nocheck file -t test mode, print e-mail(s) to stdout -T test mode, check config file only -v verbose mode -V print version information -h print this help ADMIN MODE ---------- Script provides simple 'admin' mode, when program prints a list of expired, expiring.. account. In this mode there is defined %ustate% variable, that can contain 4 characters: 'S' - username is defined in 'nosend' list 'C' - user has 'nocheck' file in his homedir 'D' - user is 'date expired' 'N' - normal user (however, you can never be sure - this program isn't psychiatrist ;-) CONFIG FILE ----------- You can customize program behavior by editing configuration file '/etc/passwd_exp.conf' (however this config file can be missing, in such a case script will warn you, but uses it's internal defaults). There is new configuration reader that allows you to use multiline values, use enviroment variables and backslash-escaped characters, more variables on one line... NOTE: boolean value means anything from: yes,enable,true,1,ok,allow to be the value TRUE any other value means FALSE. This configuration settings are supported: var[$name] var[$name][$locale] variable[$name] variable[$name][$locale] You can define your owen variables that will be replaced by their real values when sending e-mail. You can also this way override any of default variables program defines. In the var values you can use also default variables. Example: const[greeting] = "Hi %user%" Support LOCALIZATION + VARIABLES. locale This version of program supports localization of e-mail messages. By setting this variable you can override your enviroment locale settings. If no value set or value is "auto" then the $LC_ALL will be used as your current locale. Default is 'auto'. direct mta Boolean. If true script will use your MTA instead of using 'mailer' program. This can speedup a bit the script since it will call the MTA directly and not 'via' your mail agent. Default is true. mta mail agent Path to your mail transport agent (sendmail compatible) that will be used (if 'direct mta' true) to send e-mails to users. This options obsoletes 'mailer' directive. Path to program has to be absolute else script will refuse to use it. mail mailer mail sender Path to program that will be used to send emails. This program have to accept recipient(optionaly subject) on the command line and must read the body of the mail from the stdin (like mailx does). Example: mailer = /bin/mail %recipient% -s %subject% String '%recipient%' is replaced by the email recipient and '%subject%' is replaced by the email subject. Be sure it is absolute path, else script will refuse to use it. This has been obsoleted by 'mta' directive. banner print banner Boolean. Print program version banner to each mail sended to user (GNU GPL extension ;-) no warnings ignore users List of users that should not recieve warning emails, divided by gaps, commas or semicolons. You can use addition concate (.= or += ) operator to add values. Example: ignore users = root postgres ;informix ignore users += oracle, mysql ignore users .= interbase no check ignore file If filename specified by this option exists in user home dir, user will not be disturbed by warning emails. To disable this set this option no value or uncomment it (see -i program switch). warn days Digit. This option overrides warning days value set in the shadow database. date expired warn date expired Boolean. Warn users that have hard set expiration date oftheir account. This is not enabled by default. warn subject warn subject[locale] ws ws[locale] Subject of the email sended to the users that password/account is expiring. Please don't set it longer than 50 character. There are various variables recognized in this string (see VARIABLES section for more informations). Supports LOCALIZATION. warn body warn body[$locale] wb wb[$locale] Body of the email sended to users that password account is expiring. There are various variables recognized in this string (see VARIABLES section for more informations). Supports LOCALIZATION. warn expired Boolean. Warn users if their password/account has been already expired but is not inactived (yet). expired subject expired subject[$locale] es es[$locale] Subject of the email sended to the users that password/account has expired but is not inactive (yet). Please don't set it longer than 50 character. There are various variables recognized in this string (see VARIABLES section for more informations). Supports LOCALIZATION. expired body expired body[$locale] eb eb[$locale] Body of the email sended to the users that password/ account has expired but is not inactive (yet). There are various variables recognized in this string (see VARIABLES section for more informations). Supports LOCALIZATION. LOCALIZATION ------------ This version supports localization of messages sended to users. If you will use '[$locale]' subscription, script will load value of such a subscripted option only if '$locale' matches current locale, else it will ignore it. You can use wildcards (? and *) to match the locale. Example: warn body[de] = warn body[de_AT] = warn body [de_*] = .... will match (any) German locale. You can localize specialy for different countries speaking the same language, you only need to specialize locale (see example 'de_AT' will match german language in Austria). PLEASE IF YOU LOCALIZE YOUR CONFIG FILE, PLEASE SEND IT TO ME AND I WILL ADD IT TO THE DISTRIBUTION FOR OTHER USERS. VARIABLES --------- In some directives (warning subject, warning body, expired subject, expired body) you can use internal variables that will be replaced by their real value, that is specific for each user (NOTE: unknown variables will not be replaced !!!) Except the variables you've defined by 'define[]' directive program also recognizes these vars: %recipient%, %user% = recipient username %user_name%, %username% = recipient full name or username if not set %expire_in%, %expire_days%, %edays% = days account will expire/has been expired %expire_date%, %edate% = date account will expire/has been expired %inactive_in%, %inactive_days%, %idays% = days account will be inactived/has been inactived %inactive_date%, %idate% = date account will be inactived/has been inactived %home_dir%, %homedir% = user home directory %deny_check%, %nocheck%, %ignore_file% = filename defined by 'no check' directive %date% = current date ( weekday day name_of_month year) %locale_date% = curent date as defines your locale %time% = current time ( hour:minute:second ) %locale_time% = current time as defines yours locale %unix_time% = seconds since Epoch ( Jan 1. 1970 ) %host%, %host_name%, %hostname% = current host name (from uname) %host_domain%, %domain% = host domain %host_os%, %os% = your os (from uname, ie. Linux) %host_osver%, %osver% = your os version (from uname, ie. 2.2.17) %host_machine%, %machine% = your machine (from uname, ie. Pentium 10 == i1086 ;-) %agent% = passwd_exp alias (Password expiration agent) %verion%, %ver% = passwd_exp version %ustate% = see ADMIN MODE + There are also 'time' variables created on fly, via strftime so you can using them create your owen time 'definitions'. There are three groups of these varibles, for: 1. Warning time (references time when user's password will/hasb expired) w, warn, warning 2. Expired time (references time when user's account will be inactivated) e, expire 3. Current time (references current time) c, curr, current You can dereference their specific time representation using '_','.','->' or '=>' operators (it's just like objects ;-) and various conversion specifiers that uses strftime (without leading '%'). Example: %warn->A% - get full name of weekday when user's passwd. expires %expire->Y% - (full) year when user's account inactivates. %c->c% - preferred datetime presentation of now() .... (see `man 3 strftime' or `date --help') + it evalues backslash-escaped characters (ie. \t,\n,\r,\a...) + Script also evalutes enviroment variables (ie. $USER, ${USER})