Wrapper - Block the root password change

sábado, 20 de outubro de 2012

For security reason is good dont give the "power" to change the root password for everyone :-)

Create a list of users that you want to deny the change of password.:
# vi /usr/local/etc/passwd_not_allowed
root

bin

Now create the wrapper:
# vi /tmp/passwd
file=/usr/local/etc/passwd_not_allowed
user=$1
grep -q ${user] ${file} && echo "${user} - You don't have access to change this passwd"  && exit
/usr/bin/passwd.dist ${User}


Set the right permissions:
# chmod 755 /tmp/passwd

Move the real passwd for another place:
# mv /usr/bin/passwd /usr/bin/passwd.dist

Put your wrapper in the place of passwd:
# mv /tmp/passwd /usr/bin/

Now you can configure a sudo for this script, if you don't want move the passwd bin you can create the wrapper in another place.