Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Password change 1
- Thread starter Consty
- Start date
-
1
- #2
The quick and easy way to do this is to use sudo.
If you want to do this in C there's a version on the Bull free software site but it only works for AIX 4.3. I tried to convert it to work under AIX 5.1 but gave up when I realised I was spending too much time when a sudo based answer was available.
Columb Healy
Living with a seeker after the truth is infinitely preferable to living with one who thinks they've found it.
If you want to do this in C there's a version on the Bull free software site but it only works for AIX 4.3. I tried to convert it to work under AIX 5.1 but gave up when I realised I was spending too much time when a sudo based answer was available.
Columb Healy
Living with a seeker after the truth is infinitely preferable to living with one who thinks they've found it.
- Thread starter
- #3
Sudo can control which users can run which commands down to a very fine level.
The sudo documentation describes, as an example, how to do exactly what you require. On our system a limited number of people (Help Desk operators) can only change passwords for user ids in the form b12345, g45678 etc. which stops them changing passwords for any power users.
Sudo is far more than that though. Since installing it I've become a big fan. Our help desk can not only change passwords but also manage printers in a way that is secure, strictly limited to listed users and, above all, logged.
Another example - our developers need to run topas to do performance monitoring. topas needs root priviledges to be able to read system memory. Using sudo a limited list of developers can run topas.
Check the web site - - It will repay you (and you can win points with your security team!)
Columb Healy
Living with a seeker after the truth is infinitely preferable to living with one who thinks they've found it.
The sudo documentation describes, as an example, how to do exactly what you require. On our system a limited number of people (Help Desk operators) can only change passwords for user ids in the form b12345, g45678 etc. which stops them changing passwords for any power users.
Sudo is far more than that though. Since installing it I've become a big fan. Our help desk can not only change passwords but also manage printers in a way that is secure, strictly limited to listed users and, above all, logged.
Another example - our developers need to run topas to do performance monitoring. topas needs root priviledges to be able to read system memory. Using sudo a limited list of developers can run topas.
Check the web site - - It will repay you (and you can win points with your security team!)
Columb Healy
Living with a seeker after the truth is infinitely preferable to living with one who thinks they've found it.
- Thread starter
- #5
- Thread starter
- #6
Please, just one precision, Colomb,
In you example, Help Desk Operators can change password of
users like b12345, g45678 and so on. In my case, I would
like a person to create new final users using their names and fix their password as root, without being able to change
root or any other administrative user password.
Thanks
In you example, Help Desk Operators can change password of
users like b12345, g45678 and so on. In my case, I would
like a person to create new final users using their names and fix their password as root, without being able to change
root or any other administrative user password.
Thanks
- Status