Logout at end of script / passwd resetter

[allywilson]

Hi all,
I'm making a script so that a helpdesk can login to a solaris 9 box, be presented with a prompt to enter someones username and it then runs "passwd -d -f $username" so that it essentially resets the password to nothing and requires the user to change at next logon.

I can do the above no problem. But I don't want them to login as the root user - is there a way I can give permissions to another user account so that it can reset the password of other users?

Also, at the end of the script I want it to log the user out, but I don't have the logout command available.

Any ideas?

Thanks,

Ally

 

[KenCunningham]

Have you considered sudo?

Some days are diamonds, some days are rocks - make sure most are the former.

 

[allywilson]

Yes, sudo was considered - but it's not available (and I can't modify this server by adding or removing anything).

We eventually got around the issue by creating a new account with:

useradd -o -u 0 USERNAME

And forcing the shell it uses to be the script (so that upon exiting the script, it exits the session).

Setup the authorized_keys file, published a putty session on our citrix farm - et voila. Servicedesk login to Citrix, click on the published putty session, authenticates with the private key, script pops up requesting a username, they enter a username, passwd command runs and it exits immediately.

 

[djr111]

how about rbac, create a role that only can do what you need.