From owner-freebsd-questions  Fri Jul 18 10:49:58 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id KAA06141
          for questions-outgoing; Fri, 18 Jul 1997 10:49:58 -0700 (PDT)
Received: from terra.oscs.montana.edu (terra.oscs.montana.edu [153.90.2.1])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id KAA06136
          for <questions@FreeBSD.ORG>; Fri, 18 Jul 1997 10:49:53 -0700 (PDT)
Received: from esus.cs.montana.edu by terra.oscs.montana.edu (5.65/Ultrix3.0-C)
	id AA08364; Fri, 18 Jul 1997 11:49:50 -0600
Received: from localhost by esus.cs.montana.edu (5.65v3.2/1.1.10.5/06Mar97-1051AM)
	id AA16164; Fri, 18 Jul 1997 11:49:48 -0600
Date: Fri, 18 Jul 1997 11:49:48 -0600 (MDT)
From: Justin Ashworth <ashworth@esus.cs.montana.edu>
To: Troy Settle <rewt@i-Plus.net>
Cc: Doug White <dwhite@resnet.uoregon.edu>, questions@FreeBSD.ORG
Subject: Re: Change another user's password?
In-Reply-To: <199707181725.NAA02089@radford.i-plus.net>
Message-Id: <Pine.OSF.3.95.970718112752.14892E-100000@esus.cs.montana.edu>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Fri, 18 Jul 1997, Troy Settle wrote:

> From: Justin Ashworth <ashworth@cs.montana.edu>
> >Doug White wrote:
> >> > Is there a way for one user to change another user's password?
> >> The superuser can run 'passwd user' to change user's password.
> >else's password without knowing the original password. I need a way for
> >the passwd program to prompt the user for the old password before
> >assigning a new one and as far as I know, that can't be done by running
> >passwd as root.
> 
> su isn't just to gain root access.  You can also su to another user.  Do
> this, then run passwd to change the user's password.

  This is where I was unclear in my previous message. I know it's possible
to su to different users, but these users cannot change their own
passwords because of their restricted shells, making the script also
incapable of changing the user's password by logging in as that user. 
Ideally the script will be run as setuid chpasswd, a dummy user with shell
access (vs. running as nobody...who has no shell access), to change the
password. Even if I have chpasswd su to root, when I run passwd I won't be
prompted for the old password before entering a new one. This is where I
run into the problem of any user being able to change another user's
password. So...if I can get the chpasswd user to change another user's
password, I will be set. Can it be done?

Thanks...

- Justin Ashworth
-- ashworth@cs.montana.edu
- http://www.cs.montana.edu/~ashworth