[K12OSN] OT - More scripting help

Dimitri Yioulos dyioulos at firstbhph.com
Tue Nov 6 16:41:40 UTC 2007


On Tuesday 06 November 2007 11:18 am, Ray Garza wrote:
> Dimitri Yioulos wrote:
> > Folks,
> >
> > Sincere apologies if I'm asking questions here that really veer away from
> > L12LTSP, but I've always gotten great, timely responses from you
> > extremely bright people, and so, I go back to the well :-)  .  Hopefully,
> > the questions/responses are useful to others.
> >
> > As I noted in a previous post, I've created a script for our high school
> > intern that allows him to do certain tasks, such as create accounts,
> > change user passwords, etc.  I've given access to the appropriate
> > commands via sudo, and have added the script path and "exit" to the
> > intern's .bash_profile so that at login, he goes directly into a
> > script-generated menu, and upon leaving the menu, he goes back to a login
> > prompt.  It all works quite well.
> >
> > Well, almost.  A bugaboo that I found was that the intern could change
> > root's password!  Not that I don't trust the lad, but I reckon it's just
> > not good policy to allow that.  But, how to prevent?  I tried the
> > following in his sudo profile (found the Cmnd_Alias "trick" on the Net):
> >
> > Cmnd_Alias      PWR=/usr/bin/passwd *root*
> > Cmnd_Alias      PW=/usr/bin/passwd [!-]?*
> >
> > user ALL= NOPASSWD: /usr/sbin/useradd,
> > PW, !PWR, /bin/mkdir, /bin/chown, /bin/chmod, /bin/sed, /bin/cp, /bin/rm,
> > /etc/rc.d/init.d/httpd, /usr/local/test4.sh
> >
> > Didn't work - the intern could still change root's pw.  I
> > tried "/usr/bin/passwd !root" - n.g.  I tried the follwing in my script
> > (not sure about the if/elif/else construct):
> >
> >         2)
> >
> >                 read -p "Enter username: " USERNAME
> >                 egrep "^$USERNAME" /etc/passwd >/dev/null
> >                 if [ $? -ne 0 ]; then
> >                         echo
> >                         echo "User $USERNAME doesn't exist! Create the
> > user first"
> >                 elif [[ $? == "root" ]]; then
> >                         echo
> >                         echo "You're not allowed to change root's
> > password" else
> >                 sudo /usr/bin/passwd $USERNAME
> >                 [ $? -eq 0 ] && echo "Password changed!"
> >                 fi
> >                 echo
> >                 echo "Press Enter key" ; read ;;
> >
> > Still no joy - root's pw could be changed.  Arrrgh!
> >
> > How can I keep the intern from changing root's password?  Your help is
> > most appreciated.
> >
> > Dimitri
>
> The $? is numeric not alphnumeric. Change the the line
> elif [[ $? = "root" ]]; then
>
> to
>
> elif [[ $USERNAME = "root" ]]; then
>
> and it should work.
>
> Ray
>

And indeed it did!  I'm most grateful for your help.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the K12OSN mailing list