Date: Sat, 23 Jun 2012 16:29:24 GMT From: Devin Teske <dteske@FreeBSD.org> To: freebsd-gnats-submit@FreeBSD.org Subject: docs/169354: passwd(5) manual incorrectly documents password-change/account-expire features Message-ID: <201206231629.q5NGTOm3064549@red.freebsd.org> Resent-Message-ID: <201206231630.q5NGUB2N065239@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 169354
>Category: docs
>Synopsis: passwd(5) manual incorrectly documents password-change/account-expire features
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: doc-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Jun 23 16:30:11 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Devin Teske
>Release: FreeBSD 9.0-RELEASE i386
>Organization:
FIS Global, Inc.
>Environment:
FreeBSD scribe9.vicor.com 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:15:25 UTC 2012 root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
In the passwd(5) manual it states:
The change field is the number of seconds from the epoch, UTC, until the
password for the account must be changed. This field may be left empty
to turn off the password aging feature.
The expire field is the number of seconds from the epoch, UTC, until the
account expires. This field may be left empty to turn off the account
aging feature.
This, however, is an incomplete description.
The FreeBSD operating system uses a value of zero by-default (for both password-change and account-expire fields) for all default users on a vanilla/freshly-installed system.
Meanwhile, the manual says nothing about a value of zero (0) being functionally equivalent to NULL (experienced behavior). Rather, if one takes the manual literally (given above), a value of zero is taken as "number of seconds from the epoch, UTC" and therefore, one would expect that all accounts in a default install are both (a) expired (account-wise) and (b) have expired passwords.
The manual should likely be updated to say that zero is functionally equivalent to NULL.
>How-To-Repeat:
Read passwd(5). Now execute the following to see the password-change and account-expire fields for all users:
sudo awk -F: '{print $1 ":" $6 ":" $7}' /etc/master.passwd
Notice how all (or nearly all) users have a value of zero, including root and all privilege-separation users.
>Fix:
Update passwd(5) manual to mention that a value of zero is functionally equivalent to NULL.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206231629.q5NGTOm3064549>