..::Eduardo Fraga's HP-UX blog: Wrapper - Block the root password change::..

Wrapper - Block the root password change

sábado, 20 de outubro de 2012

For security reason is good dont give the "power" to change the root password for everyone :-)

Create a list of users that you want to deny the change of password.:
# vi /usr/local/etc/passwd_not_allowed
root
bin

Now create the wrapper:
# vi /tmp/passwd
file=/usr/local/etc/passwd_not_allowed
user=$1
grep -q ${user] ${file} && echo "${user} - You don't have access to change this passwd" && exit
/usr/bin/passwd.dist ${User}

Set the right permissions:
# chmod 755 /tmp/passwd

Move the real passwd for another place:
# mv /usr/bin/passwd /usr/bin/passwd.dist

Put your wrapper in the place of passwd:
# mv /tmp/passwd /usr/bin/

Now you can configure a sudo for this script, if you don't want move the passwd bin you can create the wrapper in another place.

Bem vindo
Welcome
Benvenute

Blog brasileiro que tem seu conteúdo composto basicamente por HP-UX mas não esta livre de postagens de outros sabores de unix.
Sintam-se livre a enviar duvidas e sugestões.

Brazilian blog that has content consisting basically of HP-UX but not free of posts from other flavors of Unix.
Feel free to send questions and suggestions.

Blog brasiliano che ha un contenuto che consistono principalmente di HP-UX, ma non privo di messaggi da altri tipi di Unix.
Sentitevi liberi di inviare domande e suggerimenti.

Eduardo Fraga da Silva | EGONDD

Eduardo Fraga's HP-UX blog

Wrapper - Block the root password change

Archives

Useful links

Categories

Access counter