HPE Community
Operating System - HP-UX
1827809 Members
1944 Online
109969 Solutions
New Discussion

passwd in a script

 
SOLVED
Go to solution
Jim Tropiano_1
Frequent Advisor

‎07-25-2005 01:15 AM

‎07-25-2005 01:15 AM

passwd in a script

Wrote a sript for our helpdesk to use to add user to the system. I know this is not best practice, but we have the script set as user root and the security of the program set so it will run as root. chmod 4750 'name of script'

The script except when we run the part to add the password. We Permisiion denied. In the script the lines say:

passwd ?{newuser}
passwd -f ?{newuser}

according to the man pages on passwd - A superuser whose effective user ID is 0 is allowed to change password.
I inserted id with the right option and 0 was the uid.

I run the script as root and it works fine. I run as another user I get the error.
Any suggestion????
0 Kudos
8 REPLIES 8
Kasper Hedensted
Trusted Contributor

‎07-25-2005 01:27 AM

‎07-25-2005 01:27 AM

Re: passwd in a script

Hi Jim,

I haven't got the solution to your problem;
But I think you should take a look at using a restricted SAM for your helpdesk. This way you can grant them rights to add users / change passwords / unlock users among other things.

if this is not an option, then take a look at sudo

Cheers,
Kasper
0 Kudos
Simon Hargrave
Honored Contributor

‎07-25-2005 01:37 AM

‎07-25-2005 01:37 AM

Re: passwd in a script

Have your script run "id" before the passwd command - verify that the EUID is correctly set.

If it is not set, is the filesystem on which your script is stored mounted with nosuid option? Check /etc/fstab and output of mount command.
0 Kudos
Gavin Clarke
Trusted Contributor

‎07-25-2005 01:39 AM

‎07-25-2005 01:39 AM

Re: passwd in a script

Our helpdesk do passwords.

sam -r is the way we got it up and running.
0 Kudos
Gavin Clarke
Trusted Contributor

‎07-25-2005 01:44 AM

‎07-25-2005 01:44 AM

Re: passwd in a script

Yep, I've just added a user as a test using a normal user and sam access that was configured using sam -r.
0 Kudos
Mel Burslan
Honored Contributor

‎07-25-2005 04:53 AM

‎07-25-2005 04:53 AM

Solution

Re: passwd in a script

well, this may not be the answer you are looking for but instead of the help desk create a new password for each user, you can set few pre-expired passwords while you are running as root on some dummy accounts. Copy the hashed (encrypted) password strings into a secure file. And instead of running these two passwd commands, you can let the helpdesk rep select from these preset passwords and put their selection (in encrypted form of course) as the initial password to the newuse with command

/usr/sam/lbin/usermod.sam -p "Dx3zsaZS3q22." username

by changing the password hash to your own selected string.

hope this helps
________________________________
UNIX because I majored in cryptology...
0 Kudos
Tim Nelson
Honored Contributor

‎07-25-2005 07:10 AM

‎07-25-2005 07:10 AM

Re: passwd in a script

We have our help desk use restricted SAM to run a script. The script controlls the userids that can be reset or modified. i.e. limit the ids so ids like root or any others specified cannot be changed.
0 Kudos
Jim Tropiano_1
Frequent Advisor

‎07-28-2005 07:52 AM

‎07-28-2005 07:52 AM

Re: passwd in a script

Thanks for all the responses. I got it to work for waht we needed.


Thanks to all.
0 Kudos
Jim Tropiano_1
Frequent Advisor

‎07-28-2005 07:53 AM

‎07-28-2005 07:53 AM

Re: passwd in a script

Thanks the script works
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.