HPE Community
Operating System - HP-UX
1752707 Members
5408 Online
108789 Solutions
New Discussion юеВ

Re: Users other than root can change their own passwords

 
Avinash Lengure
Occasional Advisor

тАО02-13-2009 09:58 PM

тАО02-13-2009 09:58 PM

Users other than root can change their own passwords

hi

Users other than root can change their own passwords. The system is not the trusted host.
Password policy is set for the users like after 60 days the password will expire, length and special characters.

My requirement is user should not change their passwords and only root or admin user can change the password. How should I set this?

Please do suggest...
0 Kudos
Reply
7 REPLIES 7
Victor Fridyev
Honored Contributor

тАО02-13-2009 11:22 PM

тАО02-13-2009 11:22 PM

Re: Users other than root can change their own passwords

chmod 755 /etc/passwd
Entities are not to be multiplied beyond necessity - RTFM
0 Kudos
Reply
Victor Fridyev
Honored Contributor

тАО02-13-2009 11:29 PM

тАО02-13-2009 11:29 PM

Re: Users other than root can change their own passwords

Please don't pay attention on my previous post 8)))

If you really want to change the password policy, remove s-bit from the passwd command:

/usr/bin/passwd

The other way is to rename /usr/bin/passwd and to create a script /usr/bin/passwd which will check the username and call real passwd command when needed.

HTH
Entities are not to be multiplied beyond necessity - RTFM
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО02-14-2009 08:47 AM

тАО02-14-2009 08:47 AM

Re: Users other than root can change their own passwords

>> user should not change their passwords

Why on earth would you even think about doing something like this? Do you REALLY want to create more work for yourself?

Not allowing users to change their own passwords is one of the most ludicrous things I have ever heard!

That last thing **I** would want is **MORE** calls from users about passwords.
0 Kudos
Reply
Doug O'Leary
Honored Contributor

тАО02-14-2009 09:13 AM

тАО02-14-2009 09:13 AM

Re: Users other than root can change their own passwords

Hey;

On top of Patrick's response, this is a weakness in the security paradigm because now two people must know a user's password. This allows the user to disavow any culpability for their actions simply by saying "wasn't me, others know my password by policy"

There are ways to enforce password complexity using either the shadow password patch (< 11.31) or trusted by examining/updating the parameters in /etc/default/security.

If password complexity is not the end goal of this policy, mayhaps you could let us know what you're trying to solve to see if there might be a better way to accomplish that.

While hopefully more tactful :) I whole heartedly agree with Patrick and strongly urge you not to implement this.

Hope that helps.

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
Sani
Frequent Advisor

тАО02-16-2009 01:22 AM

тАО02-16-2009 01:22 AM

Re: Users other than root can change their own passwords


If you realy want to do this !!!

then remove "s" bit from /usr/bin/passwd


Sani
0 Kudos
Reply
OldSchool
Honored Contributor

тАО02-16-2009 06:38 AM

тАО02-16-2009 06:38 AM

Re: Users other than root can change their own passwords

users are *SUPPOSED* to change there own passwords...at least within the limitations of the policies regarding minimum time between changes, expiration times, min length and construction requirements defined by the admin.

As noted above, why on earth would you want to have to do it for them???????
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО02-16-2009 06:56 AM

тАО02-16-2009 06:56 AM

Re: Users other than root can change their own passwords

>>While hopefully more tactful :)

What?!?!?!? Are you saying I'm not tactful? :)

I just call 'em as I see 'em!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.