https://community.hpe.com/t5/operating-system-hp-ux/script-to-change-users-passwords/m-p/5279654#M474176 Your question is not very clear. Are you trying to give root permissions to a a non-root user to change the password of any user on the system. If this is your intention, please note that, running any script with root privileges by a non-root user is inherently dangerous and open to exploitations that you could never imagine existed. Having said that, why don't you look into using sudo and giving root permissions to run the passwd command to this non-root user. BUt beware, they can change the password for root and gain access to the system without anyone else noticing it, unless you have a bullet-proof auditing system. Fri, 15 Apr 2011 14:29:57 GMT Mel Burslan 2011-04-15T14:29:57Z https://community.hpe.com/t5/operating-system-hp-ux/script-to-change-users-passwords/m-p/5279653#M474175 All, I am looking for a script that will allow users in a particular group to reset users passwords. I was thinking of using a SETGID on the script, but does anyone have such script?<BR /><BR />many thanks Fri, 15 Apr 2011 11:37:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/script-to-change-users-passwords/m-p/5279653#M474175 Dadski 2011-04-15T11:37:58Z https://community.hpe.com/t5/operating-system-hp-ux/script-to-change-users-passwords/m-p/5279654#M474176 Your question is not very clear. Are you trying to give root permissions to a a non-root user to change the password of any user on the system. If this is your intention, please note that, running any script with root privileges by a non-root user is inherently dangerous and open to exploitations that you could never imagine existed. Having said that, why don't you look into using sudo and giving root permissions to run the passwd command to this non-root user. BUt beware, they can change the password for root and gain access to the system without anyone else noticing it, unless you have a bullet-proof auditing system. Fri, 15 Apr 2011 14:29:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/script-to-change-users-passwords/m-p/5279654#M474176 Mel Burslan 2011-04-15T14:29:57Z https://community.hpe.com/t5/operating-system-hp-ux/script-to-change-users-passwords/m-p/5279655#M474177 Bulding off of what Mel has said, you can design a script that reads an "access rights file" that lists the users allowed to invoke "passwd", and for each such user lists the *other* users for whom they're allowed to invoke "passwd". This file should be readable and writeable ONLY by root, and no one else on the system.<BR /><BR />Have your script read this file, and if the invoking user "A" doesn't appear in the "access rights file" - or the user "A" doesn't have the right to change the password for user "B" - then exit the script with an error, else perform the "passwd" operation.<BR /><BR />Set up this Master Wrapper Script in sudo, and you then not only are allowing non-root users to change the passwords of other users on the system, but you (as root) get to control who gets to change who else's password. Needless to say, you would NOT list "root" in this "access rights file" and thus wouldn't need to worry about someone changing root's password. Fri, 15 Apr 2011 14:57:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/script-to-change-users-passwords/m-p/5279655#M474177 Michael Mike Reaser 2011-04-15T14:57:54Z https://community.hpe.com/t5/operating-system-hp-ux/script-to-change-users-passwords/m-p/5279656#M474178 Cheers Gents, I am aware of the issues with security and will lock the script down, unfortunately sudo is not a supported solution for security within our Infrastructure. I have written the script and will use ACLs or SETGID to run it.<BR /><BR />Thanks<BR /><BR />All Mon, 18 Apr 2011 07:42:50 GMT https://community.hpe.com/t5/operating-system-hp-ux/script-to-change-users-passwords/m-p/5279656#M474178 Dadski 2011-04-18T07:42:50Z https://community.hpe.com/t5/operating-system-hp-ux/script-to-change-users-passwords/m-p/5279657#M474179 thanks again Mon, 18 Apr 2011 07:56:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/script-to-change-users-passwords/m-p/5279657#M474179 Dadski 2011-04-18T07:56:33Z