From owner-freebsd-questions  Fri Jul 18 14:17:08 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id OAA16346
          for questions-outgoing; Fri, 18 Jul 1997 14:17:08 -0700 (PDT)
Received: from terra.oscs.montana.edu (terra.oscs.montana.edu [153.90.2.1])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id OAA16339
          for <questions@FreeBSD.ORG>; Fri, 18 Jul 1997 14:17:06 -0700 (PDT)
Received: from esus.cs.montana.edu by terra.oscs.montana.edu (5.65/Ultrix3.0-C)
	id AA28206; Fri, 18 Jul 1997 15:17:04 -0600
Received: from localhost by esus.cs.montana.edu (5.65v3.2/1.1.10.5/06Mar97-1051AM)
	id AA20590; Fri, 18 Jul 1997 15:17:03 -0600
Date: Fri, 18 Jul 1997 15:17:03 -0600 (MDT)
From: Justin Ashworth <ashworth@esus.cs.montana.edu>
To: Troy Settle <rewt@i-Plus.net>
Cc: questions@FreeBSD.ORG
Subject: Re: Change another user's password?
In-Reply-To: <199707181836.OAA03111@radford.i-plus.net>
Message-Id: <Pine.OSF.3.95.970718143125.14892F-100000@esus.cs.montana.edu>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Fri, 18 Jul 1997, Troy Settle wrote:
> 
> What is the nature of these restricted shells?

  They spit out a message letting the user know that they don't have shell
access on that machine.

> At one time, I had a simple script as the shell, allowing users to do
> simple things, or even run a regular shell.  Since then, I've grown a
> little more paranoid, and have changed everyone's shell to /usr/bin/passwd.
>  Now, when they telnet to the mail server, all they are able to do, is
> change their password.  Shell access is provided on another machine that's
> kept isolated from the rest of the network.

  Thanks for the suggestion. We considered this, but we keep independent
passwd files on all of our machines. The user would have to telnet to
several machines to keep their passwords consistent. We are not using NIS+
or rdist, just straight password files. It would be a huge support
headache for us if a user changed their password on the POP3 server then
tried to FTP their web page to our web server with that password. I have
come up with what I think is the best plan - a web interface. This is much
more comfortable to a user who doesn't know what telnet is.

- Justin Ashworth
-- ashworth@cs.montana.edu
- http://www.cs.montana.edu/~ashworth