weiji's questions

Is there a non-root shell command that can tell me if a user's account is disabled or not?

Please note that I make a distinction between LOCKING and DISABLED:

• LOCKING is where you prepend ! or * or !! to the password field of the /etc/passwd or /etc/shadow file. Password locking can be done (at a shell prompt) via password -l username (as root) to lock the account of username, and the use of the option -u will unlock it.
• DISABLING an account is done by setting the expiration time of the user account to some point in the past. This can be done with chage -E 0 username, which sets the expiration date to 0 days after the Unix epoch. Setting it to -1 will disable the use of the expiration date.

For my situation, the use of locking is not sufficient because a user might still be able to login, e.g. using ssh authentication tokens, and processes under that user can still spawn other processes. Thus, we have accounts that are enabled or disabled, not just locked. What I'm looking for is a way to check the enable/disable status of an account via a shell command, for use in a custom Java process. The Java process can parse the output or make use of the exit code, and it can execute complicated statements such as those including pipes between commands.

This is intended for use on a Red Hat Enterprise 5.4 system.

This question was previously asked on SuperUser.

Well... title says it all, actually. We've got a Scheduled Task set up on a windows server 2003 box running as the Network Service, and the batch file it runs will invoke "sc" to stop and then start a service on another windows box, however sc reports:

[SC] OpenService FAILED 5:

Access is denied.

Running the same batch file via the windows explorer has no issues, and my user account is part of the Administrators group so I believe this is why there are no issues when I try it manually. Is this a permissions thing I enable for Network Service on the first server? Or do I enable permissions for Network Service somehow on the target server?

This question (why sc query fails from one machine but works from another) touches on something similar, but I'm looking for enabling the Network Service to access the service via the scheduled task.

I have a DOS batch file which invokes sqlplus, which executes some basic SQL contained in another .sql file, and I want the last part of it to return a value back to the dos batch file. However, while there are many examples via Google on how to do this using a Unix shell, the closest I get for DOS batch files is something like this:

SELECT
  MAX(magicnumber)
INTO
  :ret_val
FROM
  ABCD.EFGH

exit :ret_val

However, this does not work for me - sqlplus just gives me a usage message for EXIT.

If I do "exit 15", for instance, the DOS batch file correctly reports the return code (using errorlevel), so that part is okay.

Is there some syntax thing I am missing out on? I should note that I am very new to SQL stuff so it might be some very obvious thing I'm not seeing... Thanks!