From owner-freebsd-doc@FreeBSD.ORG Sat Jun 23 16:30:12 2012 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 374DA1065672 for ; Sat, 23 Jun 2012 16:30:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 09F6D8FC16 for ; Sat, 23 Jun 2012 16:30:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q5NGUBw2065243 for ; Sat, 23 Jun 2012 16:30:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q5NGUB2N065239; Sat, 23 Jun 2012 16:30:11 GMT (envelope-from gnats) Resent-Date: Sat, 23 Jun 2012 16:30:11 GMT Resent-Message-Id: <201206231630.q5NGUB2N065239@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-doc@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Devin Teske Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CB603106564A for ; Sat, 23 Jun 2012 16:29:24 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id B5CBB8FC0C for ; Sat, 23 Jun 2012 16:29:24 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q5NGTOCC064550 for ; Sat, 23 Jun 2012 16:29:24 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id q5NGTOm3064549; Sat, 23 Jun 2012 16:29:24 GMT (envelope-from nobody) Message-Id: <201206231629.q5NGTOm3064549@red.freebsd.org> Date: Sat, 23 Jun 2012 16:29:24 GMT From: Devin Teske To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: docs/169354: passwd(5) manual incorrectly documents password-change/account-expire features X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jun 2012 16:30:12 -0000 >Number: 169354 >Category: docs >Synopsis: passwd(5) manual incorrectly documents password-change/account-expire features >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sat Jun 23 16:30:11 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Devin Teske >Release: FreeBSD 9.0-RELEASE i386 >Organization: FIS Global, Inc. >Environment: FreeBSD scribe9.vicor.com 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:15:25 UTC 2012 root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: In the passwd(5) manual it states: The change field is the number of seconds from the epoch, UTC, until the password for the account must be changed. This field may be left empty to turn off the password aging feature. The expire field is the number of seconds from the epoch, UTC, until the account expires. This field may be left empty to turn off the account aging feature. This, however, is an incomplete description. The FreeBSD operating system uses a value of zero by-default (for both password-change and account-expire fields) for all default users on a vanilla/freshly-installed system. Meanwhile, the manual says nothing about a value of zero (0) being functionally equivalent to NULL (experienced behavior). Rather, if one takes the manual literally (given above), a value of zero is taken as "number of seconds from the epoch, UTC" and therefore, one would expect that all accounts in a default install are both (a) expired (account-wise) and (b) have expired passwords. The manual should likely be updated to say that zero is functionally equivalent to NULL. >How-To-Repeat: Read passwd(5). Now execute the following to see the password-change and account-expire fields for all users: sudo awk -F: '{print $1 ":" $6 ":" $7}' /etc/master.passwd Notice how all (or nearly all) users have a value of zero, including root and all privilege-separation users. >Fix: Update passwd(5) manual to mention that a value of zero is functionally equivalent to NULL. >Release-Note: >Audit-Trail: >Unformatted: