On Fri, Feb 21, 2025 at 11:24:33AM -0500, Matt Barry wrote: > > adduser --unlock => just unlock, for system and non system accounts. > > Error if does not exist > > > Here again.. if "adduser lock" == "usermod lock and expire", then state > would still be necessary to restore the original expiry date (for > non-system users), even leaving the shell alone. (I was actually unclear > at first if regular user accounts could/should be locked at all..) From > what I have read, expiration hits pam and so enforces a genuine barrier, > but I still need to test this more fully.
With an expired account one will never get through the nice error message that /usr/*/nologin gives, right? Btw, /usr/*/nologin is not present on a minimal system that doesn't have login installed. I had to make the autopkgtests depend on login to avoid the warning from useradd. Did you try whether systemd/cron will execute timers/cronjobs/services with an expired account? > The frustrating thing, of course, is that this (expiry) likely affects very > few modern users, but we should document exactly what actions we are taking > (and reversible should mean exactly that, unless specified). Yes, at least there should be an info message documenting that. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
