From owner-freebsd-questions  Fri Jul 18 11:44:43 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id LAA09289
          for questions-outgoing; Fri, 18 Jul 1997 11:44:43 -0700 (PDT)
Received: from super-g.inch.com (super-g.com [207.240.140.161])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA09280
          for <questions@FreeBSD.ORG>; Fri, 18 Jul 1997 11:44:38 -0700 (PDT)
Received: from localhost (spork@localhost)
	by super-g.inch.com (8.8.5/8.8.5) with SMTP id PAA25725;
	Fri, 18 Jul 1997 15:06:15 GMT
Date: Fri, 18 Jul 1997 15:06:15 +0000 (GMT)
From: spork <spork@super-g.com>
X-Sender: spork@super-g.inch.com
To: Justin Ashworth <ashworth@esus.cs.montana.edu>
cc: Troy Settle <rewt@i-Plus.net>, Doug White <dwhite@resnet.uoregon.edu>,
        questions@FreeBSD.ORG
Subject: Re: Change another user's password?
In-Reply-To: <Pine.OSF.3.95.970718112752.14892E-100000@esus.cs.montana.edu>
Message-ID: <Pine.BSF.3.95q.970718150553.25699A-100000@super-g.inch.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Try su -m on a user with no shell...

C

On Fri, 18 Jul 1997, Justin Ashworth wrote:

> On Fri, 18 Jul 1997, Troy Settle wrote:
> 
> > From: Justin Ashworth <ashworth@cs.montana.edu>
> > >Doug White wrote:
> > >> > Is there a way for one user to change another user's password?
> > >> The superuser can run 'passwd user' to change user's password.
> > >else's password without knowing the original password. I need a way for
> > >the passwd program to prompt the user for the old password before
> > >assigning a new one and as far as I know, that can't be done by running
> > >passwd as root.
> > 
> > su isn't just to gain root access.  You can also su to another user.  Do
> > this, then run passwd to change the user's password.
> 
>   This is where I was unclear in my previous message. I know it's possible
> to su to different users, but these users cannot change their own
> passwords because of their restricted shells, making the script also
> incapable of changing the user's password by logging in as that user. 
> Ideally the script will be run as setuid chpasswd, a dummy user with shell
> access (vs. running as nobody...who has no shell access), to change the
> password. Even if I have chpasswd su to root, when I run passwd I won't be
> prompted for the old password before entering a new one. This is where I
> run into the problem of any user being able to change another user's
> password. So...if I can get the chpasswd user to change another user's
> password, I will be set. Can it be done?
> 
> Thanks...
> 
> - Justin Ashworth
> -- ashworth@cs.montana.edu
> - http://www.cs.montana.edu/~ashworth
>