docs/169354: passwd(5) manual incorrectly documents password-change/account-expire features

Devin Teske dteske at FreeBSD.org
Sat Jun 23 16:30:12 UTC 2012 

>Number:         169354
>Category:       docs
>Synopsis:       passwd(5) manual incorrectly documents password-change/account-expire features
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun 23 16:30:11 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Devin Teske
>Release:        FreeBSD 9.0-RELEASE i386
>Organization:
FIS Global, Inc.
>Environment:
FreeBSD scribe9.vicor.com 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:15:25 UTC 2012     root at obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
In the passwd(5) manual it states:

     The change field is the number of seconds from the epoch, UTC, until the
     password for the account must be changed.  This field may be left empty
     to turn off the password aging feature.

     The expire field is the number of seconds from the epoch, UTC, until the
     account expires.  This field may be left empty to turn off the account
     aging feature.

This, however, is an incomplete description.

The FreeBSD operating system uses a value of zero by-default (for both password-change and account-expire fields) for all default users on a vanilla/freshly-installed system.

Meanwhile, the manual says nothing about a value of zero (0) being functionally equivalent to NULL (experienced behavior). Rather, if one takes the manual literally (given above), a value of zero is taken as "number of seconds from the epoch, UTC" and therefore, one would expect that all accounts in a default install are both (a) expired (account-wise) and (b) have expired passwords.

The manual should likely be updated to say that zero is functionally equivalent to NULL.
>How-To-Repeat:
Read passwd(5). Now execute the following to see the password-change and account-expire fields for all users:

sudo awk -F: '{print $1 ":" $6 ":" $7}' /etc/master.passwd

Notice how all (or nearly all) users have a value of zero, including root and all privilege-separation users.
>Fix:
Update passwd(5) manual to mention that a value of zero is functionally equivalent to NULL.

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-doc mailing list