HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Users other than root can change their own passwords

 
Avinash Lengure
Occasional Advisor

Users other than root can change their own passwords

hi

Users other than root can change their own passwords. The system is not the trusted host.
Password policy is set for the users like after 60 days the password will expire, length and special characters.

My requirement is user should not change their passwords and only root or admin user can change the password. How should I set this?

Please do suggest...
7 REPLIES
Victor Fridyev
Honored Contributor

Re: Users other than root can change their own passwords

chmod 755 /etc/passwd
Entities are not to be multiplied beyond necessity - RTFM
Victor Fridyev
Honored Contributor

Re: Users other than root can change their own passwords

Please don't pay attention on my previous post 8)))

If you really want to change the password policy, remove s-bit from the passwd command:

/usr/bin/passwd

The other way is to rename /usr/bin/passwd and to create a script /usr/bin/passwd which will check the username and call real passwd command when needed.

HTH
Entities are not to be multiplied beyond necessity - RTFM
Patrick Wallek
Honored Contributor

Re: Users other than root can change their own passwords

>> user should not change their passwords

Why on earth would you even think about doing something like this? Do you REALLY want to create more work for yourself?

Not allowing users to change their own passwords is one of the most ludicrous things I have ever heard!

That last thing **I** would want is **MORE** calls from users about passwords.
Doug O'Leary
Honored Contributor

Re: Users other than root can change their own passwords

Hey;

On top of Patrick's response, this is a weakness in the security paradigm because now two people must know a user's password. This allows the user to disavow any culpability for their actions simply by saying "wasn't me, others know my password by policy"

There are ways to enforce password complexity using either the shadow password patch (< 11.31) or trusted by examining/updating the parameters in /etc/default/security.

If password complexity is not the end goal of this policy, mayhaps you could let us know what you're trying to solve to see if there might be a better way to accomplish that.

While hopefully more tactful :) I whole heartedly agree with Patrick and strongly urge you not to implement this.

Hope that helps.

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
Sani
Frequent Advisor

Re: Users other than root can change their own passwords


If you realy want to do this !!!

then remove "s" bit from /usr/bin/passwd


Sani
OldSchool
Honored Contributor

Re: Users other than root can change their own passwords

users are *SUPPOSED* to change there own passwords...at least within the limitations of the policies regarding minimum time between changes, expiration times, min length and construction requirements defined by the admin.

As noted above, why on earth would you want to have to do it for them???????
Patrick Wallek
Honored Contributor

Re: Users other than root can change their own passwords

>>While hopefully more tactful :)

What?!?!?!? Are you saying I'm not tactful? :)

I just call 'em as I see 'em!