[K12OSN] OT - More scripting help

Dimitri Yioulos dyioulos at firstbhph.com
Tue Nov 6 17:09:24 UTC 2007 

Hi, Peter.

In fact, we use Webmin extensively here.  However, not on the particular 
machine in question.  Hence, the script.

Dimitri

As an aside to all - we've had a high scool intern at our site for the past 
four years now.  The previous intern was with us from his sophomore through 
his senior years.  He was a somewhat shy kid when he arrived, but both his 
social and technical skills were sharpened while he was with us.  He's now 
studying CS at Wentworth Institue of Technology.  We're proud.

Dimitri


On Tuesday 06 November 2007 11:01 am, you wrote:
> > Plus if your running
> > smbldap I have modified M. Oquist's slick bulk-user-add script to
> > output into a webmin CSV format if you want it.
>
> Come to think of it you don't need smbldap to take advantage of th
> script...I think I'll post it soon.
>
>
> Peter
>
> On 11/6/07, Peter Hartmann <ascensiontech at gmail.com> wrote:
> > Hey Dimitri,
> > I would have mentioned this if I had known your script was doing admin
> > tasks for non root users.  Have looked at webmin?  With it you can
> > offer specific tasks to specific webmin users.  Plus if your running
> > smbldap I have modified M. Oquist's slick bulk-user-add script to
> > output into a webmin CSV format if you want it.
> >
> >
> > Peter
> >
> > On 11/6/07, Dimitri Yioulos <dyioulos at firstbhph.com> wrote:
> > > Folks,
> > >
> > > Sincere apologies if I'm asking questions here that really veer away
> > > from L12LTSP, but I've always gotten great, timely responses from you
> > > extremely bright people, and so, I go back to the well :-)  . 
> > > Hopefully, the questions/responses are useful to others.
> > >
> > > As I noted in a previous post, I've created a script for our high
> > > school intern that allows him to do certain tasks, such as create
> > > accounts, change user passwords, etc.  I've given access to the
> > > appropriate commands via sudo, and have added the script path and
> > > "exit" to the intern's .bash_profile so that at login, he goes directly
> > > into a script-generated menu, and upon leaving the menu, he goes back
> > > to a login prompt.  It all works quite well.
> > >
> > > Well, almost.  A bugaboo that I found was that the intern could change
> > > root's password!  Not that I don't trust the lad, but I reckon it's
> > > just not good policy to allow that.  But, how to prevent?  I tried the
> > > following in his sudo profile (found the Cmnd_Alias "trick" on the
> > > Net):
> > >
> > > Cmnd_Alias      PWR=/usr/bin/passwd *root*
> > > Cmnd_Alias      PW=/usr/bin/passwd [!-]?*
> > >
> > > user ALL= NOPASSWD: /usr/sbin/useradd,
> > > PW, !PWR, /bin/mkdir, /bin/chown, /bin/chmod, /bin/sed, /bin/cp,
> > > /bin/rm, /etc/rc.d/init.d/httpd, /usr/local/test4.sh
> > >
> > > Didn't work - the intern could still change root's pw.  I
> > > tried "/usr/bin/passwd !root" - n.g.  I tried the follwing in my script
> > > (not sure about the if/elif/else construct):
> > >
> > >         2)
> > >
> > >                 read -p "Enter username: " USERNAME
> > >                 egrep "^$USERNAME" /etc/passwd >/dev/null
> > >                 if [ $? -ne 0 ]; then
> > >                         echo
> > >                         echo "User $USERNAME doesn't exist! Create the
> > > user first"
> > >                 elif [[ $? == "root" ]]; then
> > >                         echo
> > >                         echo "You're not allowed to change root's
> > > password" else
> > >                 sudo /usr/bin/passwd $USERNAME
> > >                 [ $? -eq 0 ] && echo "Password changed!"
> > >                 fi
> > >                 echo
> > >                 echo "Press Enter key" ; read ;;
> > >
> > > Still no joy - root's pw could be changed.  Arrrgh!
> > >
> > > How can I keep the intern from changing root's password?  Your help is
> > > most appreciated.
> > >
> > > Dimitri
> > >
> > > --
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean.
> > >
> > > _______________________________________________
> > > K12OSN mailing list
> > > K12OSN at redhat.com
> > > https://www.redhat.com/mailman/listinfo/k12osn
> > > For more info see <http://www.k12os.org>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the K12OSN mailing list