]> git.ipfire.org Git - thirdparty/shadow.git/commitdiff
*/: passwd(1): -n,--mindays: Remove option
authorAlejandro Colomar <alx@kernel.org>
Tue, 16 Dec 2025 19:53:31 +0000 (20:53 +0100)
committerAlejandro Colomar <foss+github@alejandro-colomar.es>
Sat, 11 Jul 2026 14:37:42 +0000 (16:37 +0200)
It makes no sense to limit the frequency of password change.  If one
changes its password, and 5 minutes later the password is leaked, one
should be able to change the password immediately.

Link: <https://github.com/shadow-maint/shadow/pull/1482>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
man/passwd.1.xml
src/passwd.c

index f05efab530ba03b81c3f961817b0e76b8d4606db..54da906c7186d5c9fa22bda3e4f7508d8894a8fb 100644 (file)
          </para>
        </listitem>
       </varlistentry>
-      <varlistentry>
-       <term>
-         <option>-n</option>, <option>--mindays</option>&nbsp;<replaceable>MIN_DAYS</replaceable>
-       </term>
-       <listitem>
-         <para>
-           Set the minimum number of days between password changes to
-           <replaceable>MIN_DAYS</replaceable>. A value of zero for this field
-           indicates that the user may change their password at any time.
-         </para>
-       </listitem>
-      </varlistentry>
       <varlistentry>
        <term>
          <option>-q</option>, <option>--quiet</option>
index 351252e0b5af4f5b687c7c14a25f3468fba2f9e9..7e9f63e6b4802e3f870b300d34824c305a9ecfbe 100644 (file)
@@ -79,7 +79,6 @@ static bool
     iflg = false,                      /* -i - set inactive days */
     kflg = false,                      /* -k - change only if expired */
     lflg = false,                      /* -l - lock the user's password */
-    nflg = false,                      /* -n - set minimum days */
     qflg = false,                      /* -q - quiet mode */
     Sflg = false,                      /* -S - show password status */
     uflg = false,                      /* -u - unlock the user's password */
@@ -93,7 +92,6 @@ static bool
  */
 static bool anyflag = false;
 
-static long age_min = 0;       /* Minimum days before change   */
 static long age_max = 0;       /* Maximum days until change     */
 static long warn = 0;          /* Warning days before change   */
 static long inact = 0;         /* Days without change before locked */
@@ -163,8 +161,6 @@ usage (int status)
        (void) fputs (_("  -i, --inactive INACTIVE       set password inactive after expiration\n"
                        "                                to INACTIVE\n"), usageout);
        (void) fputs (_("  -l, --lock                    lock the password of the named account\n"), usageout);
-       (void) fputs (_("  -n, --mindays MIN_DAYS        set minimum number of days before password\n"
-                       "                                change to MIN_DAYS\n"), usageout);
        (void) fputs (_("  -q, --quiet                   quiet mode\n"), usageout);
        (void) fputs (_("  -r, --repository REPOSITORY   change password in REPOSITORY repository\n"), usageout);
        (void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
@@ -692,9 +688,6 @@ static void update_shadow(bool process_selinux)
        if (xflg) {
                nsp->sp_max = age_max;
        }
-       if (nflg) {
-               nsp->sp_min = age_min;
-       }
        if (wflg) {
                nsp->sp_warn = warn;
        }
@@ -749,7 +742,7 @@ static void update_shadow(bool process_selinux)
                             ret ? SHADOW_AUDIT_SUCCESS : SHADOW_AUDIT_FAILURE);
        }
        /* Audit aging parameter changes if any were modified */
-       if (xflg || nflg || wflg || iflg) {
+       if (xflg || wflg || iflg) {
                char aging_msg[256];
                stprintf_a(aging_msg,
                           "changed-password-aging min=%ld max=%ld warn=%ld inact=%ld",
@@ -781,7 +774,6 @@ static void update_shadow(bool process_selinux)
  *     -i #    set sp_inact to # days (*)
  *     -k      change password only if expired
  *     -l      lock the password of the named account (*)
- *     -n #    set sp_min to # days (*)
  *     -r #    change password in # repository
  *     -S      show password status of named account
  *     -u      unlock the password of the named account (*)
@@ -849,7 +841,6 @@ main(int argc, char **argv)
                        {"inactive",    required_argument, NULL, 'i'},
                        {"keep-tokens", no_argument,       NULL, 'k'},
                        {"lock",        no_argument,       NULL, 'l'},
-                       {"mindays",     required_argument, NULL, 'n'},
                        {"quiet",       no_argument,       NULL, 'q'},
                        {"repository",  required_argument, NULL, 'r'},
                        {"root",        required_argument, NULL, 'R'},
@@ -899,18 +890,6 @@ main(int argc, char **argv)
                                lflg = true;
                                anyflag = true;
                                break;
-                       case 'n':
-                               if (a2sl(&age_min, optarg, NULL, 0, -1, LONG_MAX)
-                                   == -1)
-                               {
-                                       fprintf (stderr,
-                                                _("%s: invalid numeric argument '%s'\n"),
-                                                Prog, optarg);
-                                       usage (E_BAD_ARG);
-                               }
-                               nflg = true;
-                               anyflag = true;
-                               break;
                        case 'q':
                                qflg = true;    /* ok for users */
                                break;