SUMMARY : Prevent users to change their passwords

From: Stephane Legrand (stephane@lituus.fr)
Date: Mon Dec 02 1996 - 09:31:16 CST

Hi.

First, much thanks to :

        Charles Gagnon <charles@Grafnetix.COM>
        Frank Mundinger <ffm@ezw.uni-freiburg.de>
        jbwendl@mtb.phil.mop.com (James Wendling)

The original question was :

>Is it possible with Sun OS 4.1.1 to prevent some users
>to change their passwords ?
>
>This is to prevent the users to change their e-mail
>passwords with some clients like Eudora.

There are two possibilities :

        - make /usr/bin/passwd not executable for the users
        (with groups)
        - write a wrapper script which check the uid

-------------------------------------------------------

Date: Fri, 15 Nov 1996 09:49:19 -0500 (EST)
From: Charles Gagnon <charles@Grafnetix.COM>
To: stephane@lituus.fr (Stephane Legrand)
Subject: Re: Prevent users to change their passwords

Make /usr/bin/passwd executable by a certain group like local_account. Put all
the users who are not allowed to change their passwd into remote_account. It's
one really simple way to do this.

You could also write a wrapper script that would check the uid and allow
running passwd based on that uid. You should move /usr/bin/passwd to
/usr/bin/xpasswd for exemple and move your wrapper script to /usr/bin/passwd.
This is even more simple but you need to write a script and it's not full
proof since users who know what you did can always run /usr/bin/xpasswd.

-------------------------------------------------------

Date: Fri, 15 Nov 1996 16:07:01 +0100 (MET)
From: Frank Mundinger <ffm@ezw.uni-freiburg.de>
To: Stephane Legrand <stephane@lituus.fr>
Subject: Re: Prevent users to change their passwords
MIME-Version: 1.0

Hi,

I would put these users in a different group. Make /usr/local/bin/passwd
only executable for the others.

Greetings,

-------------------------------------------------------

Date: Fri, 15 Nov 96 11:07:03 EST
From: jbwendl@mtb.phil.mop.com (James Wendling)
To: stephane@lituus.fr
Subject: Re: Prevent users to change their passwords

Its possible to do the reverse of what was down to add the password. It has to
be done at the "ok>" level. I'm not sure of the specific syntacs, but the
help at that level should lead you to it.

--------------------------------------------------------
--> http://www.lituus.fr/stephane
- #include "std-disclaimer.h"
- This message not to be sent over the Microsoft Network

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:17 CDT