HPE Community
Operating System - HP-UX
1832651 Members
2744 Online
110043 Solutions
New Discussion

Password Changes

 
Andy Haigh_1
Frequent Advisor

‎12-09-2005 12:15 PM

‎12-09-2005 12:15 PM

Password Changes

I would like to setup a script/program to allow a group of users the ability to change other users passwords. What I was looking at doing was to have a detached program running as root that the users submit the requests to. I have been told that you can't submit pasword change commands from a detached process. Is this true? Is their a better way to do this?

Thanks

Andy
0 Kudos
Reply
6 REPLIES 6
Raj D.
Honored Contributor

‎12-09-2005 12:24 PM

‎12-09-2005 12:24 PM

Re: Password Changes

Hi Andy ,

For changing other users password you need root privilege , and you can do this with help of sudo utility .

Sudo is a program designed to allow a sysadmin to give limited root privileges
to users and log root activity. The basic philosophy is to give as few
privileges as possible but still allow people to get their work done.


You can check this link:
http://www.courtesan.com/sudo/

The access rights kept in sudoers file, if you are using sudo.

You can create a group and give access to passwd command . And hope that will do the trick.

Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Andy Haigh_1
Frequent Advisor

‎12-09-2005 12:33 PM

‎12-09-2005 12:33 PM

Re: Password Changes

Hi Raj,
There is a twist to the requirements, that I should have explained, this server is shared amongst a number of companies. Therefore we need to be a bit more granular, and only allow certain users the rights to change their users passwords.

Thanks for the heads up on sudo though.

Andy
0 Kudos
Reply
Sยภเl Kย๓คг
Respected Contributor

‎12-09-2005 12:33 PM

‎12-09-2005 12:33 PM

Re: Password Changes

Hi,

As Raj said, implementing sudoers will be right solution for this. You need to download the suoders package and install, as it doesn't come intehrated with the standard HPUX OS.

Then customise /etc/sudoers file, create a user group, include those users in that group(This is not unix gorup-but sudoers group mentioning in the sudoers file iteself) and give lists of commands needed for that user group

Regards,
Sunil
Your imagination is the preview of your life's coming attractions
0 Kudos
Reply
Sivakumar TS
Honored Contributor

‎12-09-2005 06:43 PM

‎12-09-2005 06:43 PM

Re: Password Changes


Dear Andy,

I have a HAPPY NEWS for you !



HP-UX RBAC Integration
The HP-UX RBAC feature on HP-UX 11iv2 is an alternative to the traditional "all-or-nothing" root user model, which grants permissions to the root user for all operations, and denies permissions to non-root users for certain operations. HP-UX RBAC allows you to distribute administrative responsibilities by creating appropriate authorizations for HP-UX 11iv2 applications and assigning them to non-root users and groups. The acpm_sa authorization module delivered in HP-UX 11i IdMI A.01.00 allows Select Access to control HP-UX RBAC authorizations based access rights defined in the Select Access Policy Builder GUI.

Checkout this page :

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=IdMIntegration

Its really good.

With Regards,

Siva.

Nothing is Impossible !
0 Kudos
Reply
Andy Haigh_1
Frequent Advisor

‎12-09-2005 06:52 PM

‎12-09-2005 06:52 PM

Re: Password Changes

Siva,
Won't this allow a user to change the passwords of all users? I don't want them to be able to do this. I want to allow certain users to be able to change passwords of a subset of users. This is why I was going to use a detached program that I can control this through but I don't believe you can change passwords from within a detached process.

Thanks

Andy
0 Kudos
Reply
Chan 007
Honored Contributor

‎12-09-2005 10:44 PM

‎12-09-2005 10:44 PM

Re: Password Changes

Andy,

As suggested use sudoers, you can create groups and users. It can be edited and very simply.

Create a menu driven script for user who will change passwd and add his ID to the sudoers. Very simple...

007
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.