Reporter Packet Storm
`Date: Thu, 10 Jun 1999 11:16:32 -0500
From: Chad Price <cprice@MOLBIO.UNMC.EDU>
Subject: Sun Useradd program expiration date bug
This has been tested and verified only on Solaris 7.
Sun has provided a useradd binary as well as the gui (admintool) for adding
new users. This program (it's a binary in Solaris 7) allows the "-e"
parameter which purports to set the expiration date for a new account. The
man page for it says:
-e expire Specify the expiration date for a login. After
this date, no user will be able to access this
login. expire is a date entered in any format you
like (except a Julian date). If the date format
that you choose includes spaces, it must be
quoted. For example, you may enter 10/6/90 or
"October 6, 1990". A null value (" ") defeats the
status of the expired date. This option is useful
for creating temporary logins.
The key here is that is says: "in any format you like".
Using the system as it ships and using the parameter as (for example)
(in a vain attempt to avoid Y2K confusion) results in an expiration date of
June 30, 2020, so if you are expecting the user accounts to expire soon,
you will be a little disappointed. If expiration dates are critical, you
have a real problem - users can login for 20 years after you thought you
had expired them!
Workaround (supplied by Sun): replace /etc/datemsk with:
%m/%d/%y %I:%M:%S %p
%m/%d/%Y %I:%M:%S %p
%m/%d/%y %I:%M %p
%m/%d/%Y %I:%M %p
%b %d, %Y %I:%M:%S %p
%b %d, %Y %H:%M:%S
%B %d, %Y %I:%M:%S %p
%B %d, %Y %H:%M:%S
%b %d, %Y %I:%M %p
%b %d, %Y %H:%M
%B %d, %Y %I:%M %p
%B %d, %Y %H:%M
%b %d, %Y
%B %d, %Y
Your mileage may vary. I have not tested this to make sure it works
correctly with 2-digit years (lower case 'y' in the mask above.)
Sun has been notified of this and of the posting to BUGTRAQ.
University of Nebraska Medical Center
600 S 42nd St
Omaha, NE 68506-6495
(402) 559-4077 (FAX)