HPE Community
Operating System - HP-UX
1834463 Members
3244 Online
110067 Solutions
New Discussion

Re: Setting user up to reset others passwords

 
SOLVED
Go to solution
JohnMuir
Occasional Advisor

‎08-06-2003 08:14 AM

‎08-06-2003 08:14 AM

Setting user up to reset others passwords

I am running on v10.20 on a system that is not set up as a trusted system and is not running pseudo. I need to set up one paticular user to reset other users passwords. Can anyone tell me how I need to configure this users account to accomplish this?
:-)
0 Kudos
Reply
5 REPLIES 5
Brian Bergstrand
Honored Contributor

‎08-06-2003 08:20 AM

‎08-06-2003 08:20 AM

Solution

Re: Setting user up to reset others passwords

man sam

Specifically you want to use:

# sam -r

From the man page:

-r Invoke the Restricted SAM Builder. This enables the system administrator to provide limited nonsuperuser access to SAM functionality. You must be a superuser to use this option. See "Restricted SAM" below for more information.


HTH.
Reply
Zeev Schultz
Honored Contributor

‎08-06-2003 08:20 AM

‎08-06-2003 08:20 AM

Re: Setting user up to reset others passwords

Install sudo http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/ , create special hp-ux user that can do
this (run passwd as root) and others (if needed) tasks.
So computers don't think yet. At least not chess computers. - Seymour Cray
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎08-06-2003 08:22 AM

‎08-06-2003 08:22 AM

Re: Setting user up to reset others passwords

Hi James,

There are 2 ways to do this:

1) Install & configure sudo so that this user can run the passwd command. (Preferred)

2) Give the user a restricted SAM session (sam -r) so that they can reset PWs through SAM.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Kevin O'Donovan
Regular Advisor

‎08-06-2003 08:23 AM

‎08-06-2003 08:23 AM

Re: Setting user up to reset others passwords

As far as I know only a root user can reset other users passwords...

You could maybe do something like create a shell script that takes a username as an argument and resets that users password, make it executable (but NOT writeable) by owner and group, owned by root, and setuid set. Create a group that only that user you want to setup the password is in, and chgrp the file to that group.

Then, only that user and root should be able to execute the shell script, and you have a user which can reset passwords!

Maybe as extra security put it in a directory that only that user can access, but has no write access to (r-x the directory).

Setuid isn't generally recommended because there's a security issue with using it (must start a thread asking about that actually) but if you take the precautions above it should be fine I'd imagine!

hope that helps,
Kevin.
0 Kudos
Reply
JohnMuir
Occasional Advisor

‎08-06-2003 09:21 AM

‎08-06-2003 09:21 AM

Re: Setting user up to reset others passwords

Thanks for the help everyone. Setting up the restricted sam for the user is what I needed. Now I just have to instruct the user on how to use this feature.
:-)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.