Password expiration email notifier
Shell
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
doc
mod
COPYING
ChangeLog
MANIFEST
Makefile.in
README
TODO
configure
configure.in
confvars.map.in
install-sh
install-trans-sh
mkinstalldirs
passwd_exp
passwd_exp-admin.cron
passwd_exp.conf
passwd_exp.cron

README

#! /usr/bin/less
################################################################################

Program		: passwd_exp
Version		: 1.2.11
Purpose		: Warn of password expiration via email
		  Check acount expiration status (admin mode)
License		: GNU GPL v2 (see file COPYING)
Author		: Samuel Behan <samkob(at)gmail.com> (c) 2000-2006
Requirements	: perl5.005 + Text-Tokenizer perl package,
		  mail program (ie. mailx) or MTA (sendmail/postfix/...)

################################################################################

---------
- ABOUT -
---------
	passwd_exp is a perl script that warns users of password/account 
  expiration via email. It extends similar function of login process, 
  that prints such a messages at login time, but many users does not login 
  for a long (long) time and only download/forward their email, so they
  have absolutely no chance to find out what's happening with their
  account.
  	This script will warn them (via email), and save you from request
  to re-enable users accounts that has been 'magicaly' disabled by that 
  BAD BAD man called Linux or whatever :) (And be sure there will be some if
  you have system with many users forcing them to change their passwords to
  get just a little more security).
  	Extra feature of this script is listing of expired user accounts
  so you will have some more info about your system.

  ********************************************************************************
  PLEASE, send me yours data modules/translations so i can add them to the 
	distribution tarball, and other users can use them without the need to 
	recreate them.
					Thanks
  ********************************************************************************

-----------------
- BUG REPORTING -
-----------------
  Well if you find a bug, and you want report it do this at first.

		$ make bug

	This will generate file BUG.REPORT containing some important informations about
  system you are building on. Please include this file in the message you send me.
  Thanks a lot.

---------------
- INSTALATION -
---------------
	For successfull instalation of this package you need to install Text-Tokenizer
  perl package, that can be found either on CPAN (www.cpan.org) or at my page 
		http://devel.dob.sk/Text-Tokenizer
	You can also auto-install them by typing
  
  $ make install-mod

  before executing `make install'.
  Script will try to install required modules via perl CPAN installer. You'll be propably
  asked for configuring CPAN source, but you can skip this and program defaults will be
  used.

	Then, all you need to do is to run the configure script program and make:
  
  $ tar -xzf passwd_exp-X.X.X.tar.gz
  $ cd passwd_exp-X.X.X
  $ ./configure
  $ make
  $ make install

  *** INSTALLING CRON FILES ***
	If installation of cron scripts fails, you should install them manualy either by
  copying them to crontab dirs or by adding them to crontab (via crontab -e):

	-- CUT
		5 0 * * *       /usr/local/share/passwd_exp/passwd_exp.cron		#daily check
		5 0 * * sun     /usr/local/share/passwd_exp/passwd_exp-admin.cron	#weekly check
	-- CUT

	Just reminding you, that cron scripts resides in /usr/local/share/passwd_exp directory.

  *** WARNING ****
  Versions > 1.0 are slightly incompatible with the previous one ( < 0.6.4 ). Placement of config file 
	has changed (now resides in /etc/passwd_exp directory) and also some config file directives 
	has been obsoleted (they will be ignored).


------------------------
- COMMAND LINE OPTIONS -
------------------------

               	-c FILE			config file
               	-u USERNAME		username to check
               	-l			list users, do not send mails
               	-f			override `run once per day' restriction
               	-t			test mode, print generated emails instead of sending them
               	-T			test configuration file validity
               	-v			verbose mode, more times for more verbosity
		-w DAYS			override minimum warn days for users
		-ws DAYS		increment minimum warn days for every user
               	-d var=value		define variable for message enviroment
               	-m MODULE		module to use (can be module name or program path)
               	-mi			print module informations
               	-mo option=value	set module option (argument)
               	-s  option=value	override config file option

--------------
- ADMIN MODE -
--------------
	In the admin mode you can get a list of expired, expiring...etc 
  accounts. Special variable %ustate% is defined in this mode that specifies 
  user settings/status:
	'D'		- user is 'date expired'
	'N'		- normal user (however, you can never be sure - this
				program isn't a psychiatrist ;-)

  Messages printed in admin mode can be also modified from config file.


-----------------------------
- ACCOUNT EXPIRATION STAGES -
-----------------------------
	Little info, about stages that account goes when expiring.

		Expiration	- user password is expiring.
				  Program generates email using `warn subject/body/file'
				  values.
		Expired		- user password expired, ommiting inactivation phase.
				  User can not login anymore. Program sends no email.

		Inactivation	- user password has expired and account is being
				  inactivated. This means that user can login, but
				  he will be imediatelly prompted to change password.
				  Account goes trough this phase only if inactive days
				  are set for it, otherwise it gets Expired (see above).
				  Program generates email using `expired subject/body/file'
				  values.
		Inactivated	- user password has expired, and account was automaticaly
				  inactivated.
				  User can not login anymore. Program sends no email.

		Date Expiration	- user account is expiring (for example payed account can
				  have this set).
				  Program generates mails using `account subject/body/file'
				  values.
		Date Expired	- user account has expired (he doesn't pays bills ;).
				  User can not login anymore. Program sends no email.


---------------
- CONFIG FILE -
---------------
	You can customize program behavior by editing configuration
  file '/etc/passwd_exp/passwd_exp.conf'.

  NOTE: boolean value means anything from: yes,enable,true,1,ok,allow,oui,si,ano
	jo,hej,da to be TRUE any other value means FALSE.

  This configuration settings are supported:

        var[$name]
  	var[$name][$locale]
	variable[$name]
	variable[$name][$locale]
			You can define your own variables that will be 
			replaced by their real values when sending e-mail. 
			You can also this way override any of default
			variables program defines. In the var values you
			can use also any other variable.
			Example:
			   const[greeting]	= "Hi %user%"
			Supports LOCALIZATION and VARIABLES.

	locale		This version of program supports localization of
			e-mail messages. By setting this variable you
			can override your enviroment locale settings. If 
			no value set or value is "auto" then the $LC_ALL will
			be used as your current locale. Default is 'auto'.

	module		Module to use to gather user data. This can be a
			module name (name is executed from restricted PATH 
			prefering passwd_exp module dir: usualy 
			/usr/local/share/passwd_exp/mod ) or full path to
			executable. You can also specify it's arguments
			here. There is no restriction what can be executed.
			I.e. You can run simple scripts, that execute multiple
			modules...

	module opt[$name]
			Set module option that will passed to executed module
			as argument.

	direct mta	Boolean. If true script will use your MTA instead
			of using 'mailer' program. This can speedup a bit
			the script since it will call the MTA directly 
			and not 'via' your mail agent. If you are not using
			mta directly special configurable options can not
			be used, since they are valid only for sendmail mail
			via MTA.
			Default is true.

	mta
	mail agent	Path to your mail transport agent (sendmail compatible)
			that will be used (if 'direct mta' true) to send e-mails
			to users. This options obsoletes 'mailer' directive.
			Path to program has to be absolute else script will
			refuse to use it.

	mail
  	mailer
	mail sender	Path to program that will be used to send emails. 
			This program have to accept recipient(optionaly subject)
			on the command line and must read the body of
			the mail from the stdin (like mailx does).
			Example:
			  mailer = /bin/mail '%recipient%' -s '%subject%'
			String '%recipient%' is replaced by the email
			recipient and '%subject%' is replaced by the email
			subject. Be sure it is absolute path, else script
			will refuse to use it. Additionaly %user% variable is
			also replaced. Other variables are ignored.

	reply-to	Email of the user, that should receive replys from
			expiration warnings mail. Default is it user running
			script (root). Script doesn't checks the validity
			of the value and it passes it in raw form to MTA,
			that will remove possibly buggy value.

	mail-from	Email of the user, that should script set to the
			From header of the sended email. Defaults to user
			running script (root).

	mail header[$name]
			Add special header to the mail head. Will be printed
			to mail as `$name: $value' in the header section.

	banner
	print banner	Boolean. Print program version banner to each 
			mail sended to user (GNU GPL extension ;-)
			Defalult is true.

	warn days	Digit. This option overrides warning days value 
			get from the user list.

	warn days step	Digit. This option increments warning days value 
			get from the user list for every user.

	mail days only	List of simple rules to match days, when mails can
			be sent. This setting is an alias for setting
			`warn/expired/account days' only setting to the same
			values.
			See DAYS MATCHING section.

	wo
	warn days only	List of simple rules to match days, when mail with
			warning mails should be sent only.
			See DAYS MATCHING section.
			Default is '*' (every day).

	warn subject
	warn subject[locale]
	ws
	ws[locale]	Subject of the email sended to the users that
			password/account is expiring. Please don't set it 
			longer than 50 character. Can't be epmty.
			Supports LOCALIZATION and VARIABLES.

	warn body
	warn body[locale]
	wb
	wb[locale]	Body of the email sended to users that password
			account is expiring. Can't be epmty.
			Supports LOCALIZATION and VARIABLES.

	warn file
	warn file[locale]
	wf
	wf[locale]	File used for definition of mail subject and body.
			See MAIL FILE for more informations.
			Supports LOCALIZATION and VARIABLES.

	warn expired	Boolean. Warn users if their password/account has 
			been already expired but is not inactived (yet).
			This is enabled by default.

	eo
	expired days only
			List of simple rules to match days, when mail with
			expired warning should be sent only.
			See DAYS MATCHING section.
			Default is '*' (every day).

	expired subject
	expired subject[locale]
	es
	es[locale]	Subject of the email sended to the users that
			password/account has expired but is not inactive 
			(yet). Please don't set it longer than 50 character.
			Supports LOCALIZATION and VARIABLES. Can't be epmty.

	expired body
	expired body[locale]
	eb
	eb[locale]	Body of the email sended to the users that password/
			account has expired but is not inactive (yet). 
			Supports LOCALIZATION and VARIABLES. Can't be epmty.

	expired file
	expired file[locale]
	ef
	ef[locale]	File used for definition of mail subject and body.
			See MAIL FILE for more informations.
			Supports LOCALIZATION and VARIABLES.

	date expired
	warn date expired
			Boolean. Warn users that have hard set expiration 
			date oftheir account. This is not enabled
			by default.

	ao
	account days only
			List of simple rules to match days, when mail with
			expired account warning should be sent only.
			See DAYS MATCHING section.
			Default is '*' (every day).

	account subject
	account subject[locale]
	as
	as[locale]	Subject of the email sended to the users that
			account will date expire.
			Please don't set it longer than 50 character.
			Supports LOCALIZATION and VARIABLES. Can't be epmty.

	account body
	account body[locale]
	ab
	ab[locale]	Body of the email sended to the users that will
			date expire.
			Supports LOCALIZATION and VARIABLES. Can't be epmty.

	account file
	account file[locale]
	af
	af[locale]	File used for definition of mail subject and body.
			See MAIL FILE for more informations.
			Supports LOCALIZATION and VARIABLES.

	mexpiring
	mexpiring[locale]
	meg
	meg[locale]	Message printed for expiring account in admin mode.
			Supports LOCALIZATION and VARIABLES.

	mexpired
	mexpired[locale]
	med
	med[locale]	Message printed for expired account in admin mode.
			Supports LOCALIZATION and VARIABLES.

	minactiving
	minactiving[locale]
	mig
	mig[locale]	Message printed for inactivating account in admin mode.
			Supports LOCALIZATION and VARIABLES.

	minactived
	minactived[locale]
	mid
	mid[locale]	Message printed for inactivated account in admin mode.
			Supports LOCALIZATION and VARIABLES.

	mdinactiving
	mdinactiving[locale]
	mdig
	mdig[locale]	Message printed for date inactivating account in admin mode.
			Supports LOCALIZATION and VARIABLES.

	mdinactived
	mdinactived[locale]
	mdid
	mdid[locale]	Message printed for date inactivated account in admin mode.
			Supports LOCALIZATION and VARIABLES.

----------------
- LOCALIZATION -
----------------
	Each sended message can be localized from the config file.
  If you will use '[locale]' subscription, script will load value of
  such a subscripted option only if 'locale' matches current locale, else
  it will ignore it. You can also use wildcards (? and *) to match the locale.
  Example:
  	warn body[de] = warn body[de_AT] = warn body [de_*] = ....
     will match (any?) German locale. You can localize specialy for different
     countries speaking the same language, you only need to specialize
     locale (see example 'de_AT' will match german language in Austria).
  PLEASE IF YOU LOCALIZE YOUR CONFIG FILE, SEND IT TO ME AND I WILL ADD IT TO 
  THE TARBALL SO OTHER USERS CAN ALSO USE IT. Thanks.

-----------------
- DAYS MATCHING -
-----------------

	Using days matching you can define, when some action (like mail sending)
  should be taken. The pattern is usualy matched to day value represented by
  number. Multiple patterns can be defined split by gaps.
  Badly formed patterns will be silently ignored, try enabling verbose mode to
  se debug messages.

  Patterns:

	*	- match anything
	*/N	- match every N-th value
	N-M	- match values from N to M range
	N-	- match values grater then N
	N	- match N

  Examples:
	*/3	- matches every 3rd value (3,6,9,12,...)
	*/7	- matches every 7th day (7,14,21..)
	1-4	- matches 1,2,3,4
	5-	- matcher 5,6,7...infinite
	3	- matches 3


-------------
- VARIABLES -
-------------
	In some directives you can use internal variables that will be replaced 
  by their real value, that are specific for each user 
  NOTE: unknown/obsoleted variables will not be replaced !!!) 

  Including variables you've defined in config file via `define[]' directive
  script also recognizes these (system) vars:
  
    %recipient%, %user%		= recipient username
    %locale%			= current locale
    %user_name%, %username%,
	 %fullname%		= recipient full name or username if not set
    %email%, %mail_addr%,
	%email_addr%		= email of the user
    %data[n]%, 			= raw data from the data module where `n' is
					number of the record starting from 0
    %userdata[n]%, %udata[n]%	= special data from data module (see MODULES)
					that can be used for evaluting own user
					specific data in messages.
    %expire_in%, %expire_days%,
    	%edays%			= days account will/has been expired
    %expire_date%, %edate%	= date account will/has been expired
    %inactive_in%, %inactive_days%,	
    	%idays%			= days account will be/has been inactived
    %inactive_date%, %idate%	= date account will be/has been inactived
    %account_days%, %adays%	= days account will be/has been date inactivated
    %account_days%, %adate%	= date account will/has been expired
    %home_dir%, %homedir%	= user home directory (OBSOLETED)
    %deny_check%, %nocheck%,
    	%ignore_file%		= filename defined by 'no check' directive (OBSOLETED)
    %date%, %today%		= current date ( weekday day name_of_month year)
    %locale_date%, %ldate%,
	%ltoday%		= curent date as defines your locale
    %time%, %now%		= current time ( hour:minute:second )
    %locale_time%, %ltime%,
	%lnow%			= current time as defines yours locale
    %unix_time%, %utime%	= seconds since Epoch ( Jan 1. 1970 )
    %host%, %host_name%,			
    	%hostname%		= current host name (from uname)
    %host_domain%, %domain%	= host domain
    %host_os%, %os%		= your os (from uname, ie. Linux)
    %host_osver%, %osver%	= your os version (from uname, ie. 2.2.17)
    %host_machine%, %machine%,
	%host_arch%, %arch%	= your machine (from uname, ie. Pentium 10 == i1086 ;-)
    %agent%			= passwd_exp alias (Password expiration agent)
    %verion%, %ver%		= passwd_exp version
    %ustate%			= see ADMIN MODE

    + There are also `time' variables created on fly, via strftime() so you
      can using them create your owen time `definitions'. There are four
      groups of these variables, for:
      	1. Warning time (references time when user's password will/has expired)
		objects: w, warn, warning
	2. Expired time (references time when user's account will be inactivated)
		objects: e, expire
	3. Date expired time (references time when user's account will be date inactivated)
		objects: a, account
	4. Current time (references current time)
		objects: c, curr, current
      You can dereference their specific time representation using '_','.','->'
      or '=>' operators (it's just like objects ;-) and various conversion
      specifiers that uses strftime (without leading '%').
      Examples:
      	%warn->A%	- get full name of weekday when user's passwd. expires
	%expire->Y%	- (full) year when user's account inactivates.
	%c->c%		- preferred datetime presentation of now()
	.... (see `man 3 strftime' or `date --help')
    + it evalues backslash-escaped characters like perl does including wide
		char hex char (UNICODE)
		(ie. \t,\n,\r,\a, \xAB, \x{263a}...etc)
    + evalutes enviroment variables (ie. $USER, ${USER}...etc)


-------------
- MAIL FILE -
-------------

	Mail file can be used for defining subject and body of sended mail.
  Filename can be either absolute or relative. Relative files will be searched
  in these paths:
		/etc/passwd_exp/mail
		${prefix}/share/mail	(prefix is usualy /usr/local)
  Well. There is a little bonus. You can use any variable in filename defined for
  mail file. This way you can easily define dynamic filenames based on user name or
  day of week or anything...

  File format is very easy:
	- first line defines mail subject
	- rest of lines will be used for mail body. Dot only line (line with
      `.' dot only) will also be threated as end of body definition.


---------------------------------
- MODULES (for module creators) -
---------------------------------
	passwd_exp now uses external executable module to gather user list
  data. It should be a standard executable (no mather what is it, bash script
  C binary or whatever) that prints its record list to STDOUT (one record per
  line !!!). Distribution modules currently resides in ....share/passwd_exp/mod (or similar)
  directory (aka $MODULE_DIR).

  Here is record format (fields):
	u_name			- user name
	u_fullname		- user full name
	u_email			- user email (possibly here can be more recipients set)
	t_expire_date		- expire days
	t_disable_date		- date of dissable in days
	d_warn_days		- warning days
	d_inactive_days		- inactive days
	s_nosend		- user nosend bit (0/1)
	*			- special fields separator
	....			- your's fields

  Fields are separated by `:'. You can add your own fields that will be avaible in
	messages via `%userdata[n]%' or `%udata[n]%' arrays (where n is it's position
	from the special separator starting 0). Remember, these fields should be separated
	from the above ones by field containing '*' char, or you will get in trouble when
	format changes !!!
	You can also access all data via `%data[n]' array (almost for debuging purposes).
  
   NOTE: modules are searched in restricted PATH with passwd_exp module dir
	prefered. This also means you can use ie. `cat' as a module for 
	reading user list data from STDIN :)))

	PATH=$MODULE_DIR:/sbin:/usr/sbin:/usr/local/sbin:/usr/bin:/bin:/usr/local/bin
		-- path is defined like this purely for SECURITY REASONS



#EOF (c) by UN*X 1970-$EOD (End of Days) [ EOD (c) by God ]