Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 20 Jul 1999 23:59:09 -0400 (EDT)
From:      "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To:        todd@wank.necropolis.org (Todd Backman)
Cc:        jonc@pinnacle.co.nz, questions@FreeBSD.ORG
Subject:   Re: passwd
Message-ID:  <199907210359.XAA07371@cc942873-a.ewndsr1.nj.home.com>
In-Reply-To: <Pine.BSF.4.10.9907191633090.26046-100000@wank.necropolis.org> from Todd Backman at "Jul 19, 99 04:35:37 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
Todd Backman wrote,
> 
> We can't. Reinstalling would take effort and we just don't want the
> customer to possibly "fat-finger" the passwd for 'toor'...
> 
> Thanks.
> 
> 
> On Tue, 20 Jul 1999, Jonathan Chen wrote:
> 
> > On Mon, 19 Jul 1999, Todd Backman wrote:
> > 
> > > 
> > > Is there any way to hack FreeBSD's passwd utility to dis-allow root from
> > > changing toor's passwd? I have approx. 15 boxen for external customers
> > > that I would like to passwd 'toor' so our NOC people do not have to know
> > > root for each customer. Customers can have thier own root passwd and the
> > > NOC folk can have 'toor' for reboots and such. We *do not* want root to be
> > > able to change toor's passwd... 
> > 
> > If they have root privileges, how can you prevent them from
> > reinstalling the original passwd program?

How about a really quick and dirty patch to the passwd.c program?

*** passwd.c.orig       Fri Aug  1 02:39:47 1997
--- passwd.c    Tue Jul 20 23:50:32 1999
***************
*** 172,177 ****
--- 172,180 ----
                usage();
        }
  
+       if (!strcmp(uname,"toor"))
+         err(2,"Cannot change toor's passwd");
+ 
  #ifdef YP
        /*
         * If NIS is turned on in the password database, use it, else punt.

As was mentioned, if they still have root, they can replace the
executable with the correct one. What's more likely is they muck up
the passwd files directly with vipw.
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907210359.XAA07371>