System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Script for non root user to reset passwords. Use UID 0? sudo? Or is there another way?

John Jimenez
Super Advisor

Script for non root user to reset passwords. Use UID 0? sudo? Or is there another way?

We want our help desk to be able to reset passwords in one of production UNIX servers and also reset password in the application on top of it.      Help desk currently does not use UNIX or this application.... so teaching them restricted SAM or teaching them password screen in our application is not an option.  .

 

I already have script  that root can use to achieve this. but I do not want give root password to help desk personnel      I have some ideas on how to achieve this.   I can se up:

 

1)  logins for each help desk personnel.    Modify the script to use sudo.    Put script in .profile?  

2)  a new user with UID 0.   Put script in .profile.     Have all help desk personnel use this login.

 

Which is a bettor and safer way? Or is there a better solution?     I am leaning towards #1, but want to get some feedback for you guys on why I should or not do this.

 

Thanks again,

Hustle Makes things happen
2 REPLIES
Dennis Handly
Acclaimed Contributor

Re: Script for non root user to reset passwords. Use UID 0? sudo? Or is there another way?

Using sudo safer since you can lock in exactly what script to use.

For UID 0, you would have to make sure the user doesn't get out of your .profile script.

(A better way would be to change that user's shell to your script.)

ManojK_1
Valued Contributor

Re: Script for non root user to reset passwords. Use UID 0? sudo? Or is there another way?

Hi,

 

As per my experience the best method is RBAC (Role based access control). Through RBAC you can assign privilage to normal users to execute root only allowed commands.It is the best and safer methods.

 

If audit service is enabled. You can track the executed commands.

 

Following url will provide you better understanding.

http://h21007.www2.hp.com/portal/download/files/unprot/hpux/RBACv1_HP-UX11i.pdf

 

Thanks and Regards,

Manoj K

Thanks and Regards,
Manoj K