Archive for March 23rd, 2017

Linux restricting user access

User administration: restricting access

1. With the chage command, an account expiration can be set. Once that date is reached, the user cannot log into the system interactively.
Let us run ‘chage’ interactively to set user’s account expiry –

[root@kauai /]# chage sshtest
Changing the aging information for sshtest
Enter the new value, or press ENTER for the default

	Minimum Password Age [0]: 
	Maximum Password Age [99999]: 
	Last Password Change (YYYY-MM-DD) [2015-11-04]: 
	Password Expiration Warning [7]: 
	Password Inactive [-1]: 
	Account Expiration Date (YYYY-MM-DD) [-1]: 2017-03-30

[root@kauai /]# chage -l sshtest
Last password change					: Nov 04, 2015
Password expires					: never
Password inactive					: never
Account expires						: Mar 30, 2017
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

2. In addition to this, the usermod command can “lock” an account with the -L option. Say when a user is no longer with a company, the administrator may lock and expire an account with a single usermod command. The date must be given as the number of days since January 1, 1970. Setting the expiredate to 1 will immediately lock the account –

[student@serverX ~]$ sudo usermod -L -e 1 elvis

[student@serverX ~]$ sudo usermod -L elvis
[student@serverX ~]$ su - elvis
Password: elvis
su: Authentication failure

Locking the account prevents the user from authenticating with a password to the system. It is the recommended method of preventing access to an account by an employee who has left the company. If the employee returns, the account can later be unlocked with

usermod -U USERNAME

. If the account was also expired, be sure to also change the expiration date.

3. The nologin shell. Sometimes a user needs an account with a password to authenticate to a system, but does not need an interactive shell on the system.
For example, a mail server may require an account to store mail and a password for the user to authenticate with a mail client used to retrieve mail.
That user does not need to log directly into the system.

A common solution to this situation is to set the user’s login shell to /sbin/nologin. If the user attempts to log into the system directly,
the nologin “shell” will simply close the connection.

[root@serverX ~]# usermod -s /sbin/nologin student
[root@serverX ~]# su - student
Last login: Tue Feb  4 18:40:30 EST 2014 on pts/0
This account is currently not available.

References –

Sort IP addresses numerically

Linux – Sort IPv4 addresses numerically

A novice user’s first attempt to sort a list of IP addresses would be to use ‘sort -n’, that is a numeric-sort option for sort command. Unfortunately, this will sort only the first quadrant of the IP address preceding the initial dot(‘.’). Definitely the GNU sort command does support sorting IPv4 addresses in numeric order, we just have to specify the right options.

Question to answer –

1. What is our delimiter for IPv4? dot.
2. What type of sorting? numeric.
3. How many fields? four.

Reading the man page for sort provides an option for each – 1) -t. 2) -n 3)-k
The third part might need clarification – since we have dot as a separator, the IP address will have four fields. We need to give sort a key specification (-k), with start and stop positions i.e to story by first quadrant(-k1,1), followed by second(-k2,2), followed by third(-k3,3) and finally by fourth(-k4,4).

The full command looks like this –

sort -t. -n -k1 -k2 -k3 -k4 /tmp/ipv4_file.txt

Let us use ForgeryPy to generate random Ipv4 addresses, we will write a simple python script to generate these random IPs to a file.

First install ForgeryPY –

pip install ForgeryPY

Script to generate IPv4 addresses –


#!/usr/bin/env python

import forgery_py

for i in range(50):

with open('/tmp/ipv4_addresses.txt', 'w') as fp:
     for line in uniq_ipv4:

Output –

daniel@linubuvma:/tmp$ cat /tmp/ipv4_addresses.txt
cat: /tmp/ipv4_addresses.txt: No such file or directory
daniel@linubuvma:/tmp$ python
daniel@linubuvma:/tmp$ cat /tmp/ipv4_addresses.txt

Let us sort it –

daniel@linubuvma:/tmp$ sort -n -t. -k1,1 -k2,2 -k3,3 -k4,4 /tmp/ipv4_addresses.txt

Hope this help.