From owner-freebsd-questions Tue Jul 20 13:46:19 1999 Delivered-To: freebsd-questions@freebsd.org Received: from shasta.eclipse.net (shasta.eclipse.net [207.207.193.17]) by hub.freebsd.org (Postfix) with ESMTP id 85DD3153DC for ; Tue, 20 Jul 1999 13:45:58 -0700 (PDT) (envelope-from chrismar@shasta.eclipse.net) Received: from localhost (chrismar@localhost) by shasta.eclipse.net (8.9.2/8.9.2) with ESMTP id QAA32872; Tue, 20 Jul 1999 16:54:25 -0400 (EDT) (envelope-from chrismar@shasta.eclipse.net) Date: Tue, 20 Jul 1999 16:54:22 -0400 (EDT) From: Chris To: Ilia Chipitsine Cc: Todd Backman , questions@FreeBSD.ORG Subject: Re: passwd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -----BEGIN PGP SIGNED MESSAGE----- Depending on how much the root holders know you might be able to fool them by writing a simple wrapper shell script. Something like #!/bin/sh if [ $1 = toor ]; then echo "Cannot change password for toor." else passwd.real $1 fi You would rename the real passwd to passwd.real and put the shell script in as passwd. Oh, and I haven't verified the above script to work, its just an idea. Chris On Tue, 20 Jul 1999, Ilia Chipitsine wrote: > On Mon, 19 Jul 1999, Todd Backman wrote: > > > > > Is there any way to hack FreeBSD's passwd utility to dis-allow root from > > root has UID equal to 0. once it happened you can do whatever you want. > > > changing toor's passwd? I have approx. 15 boxen for external customers > > that I would like to passwd 'toor' so our NOC people do not have to know > > root for each customer. Customers can have thier own root passwd and the > > NOC folk can have 'toor' for reboots and such. We *do not* want root to be > > just enable sudo for them. well, root is still able to change their > passwords. but they are _restricted_ ! > > (not sudo for toor :-), just sudo for regular user with > UID different from 0) > > > able to change toor's passwd... > > > > Any input? > > > > Thanks. > > > > - Todd > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBN5TiAfbh8rV07zbRAQG/OwL/dtCilBoL7LBIlc+DHCnD7g5Zb/JZUpRF aEeGV+u3pT7BdsThEv66kkWMMMeqGNr+VotzotZDUcgDHY+i1pVWOQK/7WTuOHJe OnQ3wMKwx5NvESoI+HRqt1Xw/4RkGW9M =TRAA -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message