Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 18 Jul 1997 14:40:08 -0400
From:      "Troy Settle" <rewt@i-Plus.net>
To:        "Justin Ashworth" <ashworth@esus.cs.montana.edu>
Cc:        <questions@FreeBSD.ORG>
Subject:   Re: Change another user's password?
Message-ID:  <199707181836.OAA03111@radford.i-plus.net>

Next in thread | Raw E-Mail | Index | Archive | Help
From: Justin Ashworth <ashworth@esus.cs.montana.edu>
>  This is where I was unclear in my previous message. I know it's
possible
>to su to different users, but these users cannot change their own
>passwords because of their restricted shells, making the script also
>incapable of changing the user's password by logging in as that user.
>Ideally the script will be run as setuid chpasswd, a dummy user with
shell
>access (vs. running as nobody...who has no shell access), to change the
>password. Even if I have chpasswd su to root, when I run passwd I won't
be
>prompted for the old password before entering a new one. This is where I
>run into the problem of any user being able to change another user's
>password. So...if I can get the chpasswd user to change another user's
>password, I will be set. Can it be done?

What is the nature of these restricted shells?

At one time, I had a simple script as the shell, allowing users to do
simple things, or even run a regular shell.  Since then, I've grown a
little more paranoid, and have changed everyone's shell to /usr/bin/passwd.
 Now, when they telnet to the mail server, all they are able to do, is
change their password.  Shell access is provided on another machine that's
kept isolated from the rest of the network.

Troy Settle <st@i-Plus.net>
Network Administrator, iPlus Internet Services
http://www.i-Plus.net




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199707181836.OAA03111>