Re: User Access Restriction

David Goza · ‎09-01-2000

Using HP-UX 10.20, what is the best way to allow help desk workers to have access to only change passwords. I do not want them to have any other access (Unix prompt, SAM, etc....). My boss wants them to only be able to reset/change passwords. We use Exceed, Go-Global and wIntegrate.

Rick Garland · ‎09-01-2000

sudo is a good package for this. Will keep logs of who did what and when.

Can be obtained from the porting archieve or from http://www.courtesan.com

Tom Danzig · ‎09-01-2000

You should be able to set up restricted SAM access for these users so they can do a specific task only and nothing else. See the man pages on sam or the online help.

Victor BERRIDGE · ‎09-01-2000

You could let them use RESTRICTED SAM
which you have configured only to let them change user passwd

James R. Ferguson · ‎09-01-2000

Hi:

Look at "restricted" SAM.

...JRF...

Victor BERRIDGE · ‎09-01-2000

the only other safe alternative would be as Rick mentionned: use sudo

Rita C Workman · ‎09-01-2000

Restricted SAM is a good option.
As root you can set this up for the person(s) you want to have certain functions.
Just enter 'sam -r'
It's fairly straightforward....you should be able to set them up for only the functions you want them to have access too.

Regards,

Antoanetta Naghiu · ‎09-01-2000

Restrictiv SAM (sam -r) for changing password give FULLY rights to the system! Give the right to change the root password as well!
If I was you, I better create a script under root ownership that replace the password field from /etc/password with a standard one (ex. encryption of password). Create a user that has the default shell this script and give permission to Help desk to execute it for normal user (not root, no bin, lp, and so one)...

Richard Mertz · ‎09-02-2000

restricted SAM also can be configured to disallow changing certain users (root, lp, bin...). So the issue of giving restricted SAM should not be an issue for these. I have given restricted SAM to our Help Desk technicians and it works very well.

What anybody thinks of me is none of my business.

Vincente Fernandes · ‎09-03-2000

User Restricted "sam -r". Also disallow password change for users like(root, daemon, bin, adm, lp ...) by your help desk users.
Create a script with suid bit and put the script path in the helpdesk users shell instead of normal shells like(/usr/sbin/sh, /usr/bin/ksh ....etc), thereby they can run the script/menu and wont have access to prompt nor to shell.

Philip Chan_1 · ‎09-04-2000

In the /etc/passwd file, instead of giving a shell program for your help desk staffs to work with just change that to the /sbin/passwd, so everytime they logged in then only the passwd command will be triggered.

Manju Kampli · ‎09-04-2000

you can write a simple shell program in which it shows a menu with two options passowrd and quit. and make this shell program as a default shell. So when a user logs in he gets this menu. If he wants he can change the password OR else he can quit the script which will logoff the user.
may be when the requirement changes, you can alter this shell program to add more options.

Never stop "LEARNING"

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: User Access Restriction

User Access Restriction