[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Need users to change other users's passwords



> Date: Sun, 25 May 1997 22:33:04 +1000 (EST)
> From: A Bruce in the Land of the Bruces <brucec@humbug.org.au>

> > On occasion, we need one user (one of our techsupport people) to be able
> > to change another user's password, but without having root access.  I was
> > wondering if someone had written a pam module to do this. 
> 
> *laugh*  giving people is root access - I still have nightmares from 'but
>          why shouldn't accounts people have root?'
> 
> Anyway, two solutions to that... you could either hack a version of passwd
> which is only executable by the account group (or TS or whatever), or
> shove them in a menu which has certain priveledges.
> 
> Don't think this is actually a PAM problem persay.

This sounds like a classic application for sudo.  You can specify that
one particular account is allowed to execute the passwd command as
root, and nothing else.  It's not quite secure: ideally, you would
like them not to be able to change root's password, but at least you
get the basic functionality and a log of what they do.  And funny
messages when they get their passwd wrong.

I'm not aware of a PAMified version of sudo, but you can download an
RPM from sunsite.  Easy to setup.

-- 
  Martin Pool, Pharos Business Solutions      <m.pool@pharos.com.au>
  bless my $self = {id => $_[1]}, $_[0];	          # hi bruce



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []