[K12OSN] OT - More scripting help
Dimitri Yioulos
dyioulos at firstbhph.com
Tue Nov 6 17:09:24 UTC 2007
Hi, Peter.
In fact, we use Webmin extensively here. However, not on the particular
machine in question. Hence, the script.
Dimitri
As an aside to all - we've had a high scool intern at our site for the past
four years now. The previous intern was with us from his sophomore through
his senior years. He was a somewhat shy kid when he arrived, but both his
social and technical skills were sharpened while he was with us. He's now
studying CS at Wentworth Institue of Technology. We're proud.
Dimitri
On Tuesday 06 November 2007 11:01 am, you wrote:
> > Plus if your running
> > smbldap I have modified M. Oquist's slick bulk-user-add script to
> > output into a webmin CSV format if you want it.
>
> Come to think of it you don't need smbldap to take advantage of th
> script...I think I'll post it soon.
>
>
> Peter
>
> On 11/6/07, Peter Hartmann <ascensiontech at gmail.com> wrote:
> > Hey Dimitri,
> > I would have mentioned this if I had known your script was doing admin
> > tasks for non root users. Have looked at webmin? With it you can
> > offer specific tasks to specific webmin users. Plus if your running
> > smbldap I have modified M. Oquist's slick bulk-user-add script to
> > output into a webmin CSV format if you want it.
> >
> >
> > Peter
> >
> > On 11/6/07, Dimitri Yioulos <dyioulos at firstbhph.com> wrote:
> > > Folks,
> > >
> > > Sincere apologies if I'm asking questions here that really veer away
> > > from L12LTSP, but I've always gotten great, timely responses from you
> > > extremely bright people, and so, I go back to the well :-) .
> > > Hopefully, the questions/responses are useful to others.
> > >
> > > As I noted in a previous post, I've created a script for our high
> > > school intern that allows him to do certain tasks, such as create
> > > accounts, change user passwords, etc. I've given access to the
> > > appropriate commands via sudo, and have added the script path and
> > > "exit" to the intern's .bash_profile so that at login, he goes directly
> > > into a script-generated menu, and upon leaving the menu, he goes back
> > > to a login prompt. It all works quite well.
> > >
> > > Well, almost. A bugaboo that I found was that the intern could change
> > > root's password! Not that I don't trust the lad, but I reckon it's
> > > just not good policy to allow that. But, how to prevent? I tried the
> > > following in his sudo profile (found the Cmnd_Alias "trick" on the
> > > Net):
> > >
> > > Cmnd_Alias PWR=/usr/bin/passwd *root*
> > > Cmnd_Alias PW=/usr/bin/passwd [!-]?*
> > >
> > > user ALL= NOPASSWD: /usr/sbin/useradd,
> > > PW, !PWR, /bin/mkdir, /bin/chown, /bin/chmod, /bin/sed, /bin/cp,
> > > /bin/rm, /etc/rc.d/init.d/httpd, /usr/local/test4.sh
> > >
> > > Didn't work - the intern could still change root's pw. I
> > > tried "/usr/bin/passwd !root" - n.g. I tried the follwing in my script
> > > (not sure about the if/elif/else construct):
> > >
> > > 2)
> > >
> > > read -p "Enter username: " USERNAME
> > > egrep "^$USERNAME" /etc/passwd >/dev/null
> > > if [ $? -ne 0 ]; then
> > > echo
> > > echo "User $USERNAME doesn't exist! Create the
> > > user first"
> > > elif [[ $? == "root" ]]; then
> > > echo
> > > echo "You're not allowed to change root's
> > > password" else
> > > sudo /usr/bin/passwd $USERNAME
> > > [ $? -eq 0 ] && echo "Password changed!"
> > > fi
> > > echo
> > > echo "Press Enter key" ; read ;;
> > >
> > > Still no joy - root's pw could be changed. Arrrgh!
> > >
> > > How can I keep the intern from changing root's password? Your help is
> > > most appreciated.
> > >
> > > Dimitri
> > >
> > > --
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean.
> > >
> > > _______________________________________________
> > > K12OSN mailing list
> > > K12OSN at redhat.com
> > > https://www.redhat.com/mailman/listinfo/k12osn
> > > For more info see <http://www.k12os.org>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the K12OSN
mailing list