home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!pipex!bnr.co.uk!uknet!bcc.ac.uk!ccaaand
- From: ccaaand@ucl.ac.uk (Andrew Dawson)
- Newsgroups: comp.unix.aix
- Subject: Re: passwd -f not resseting uid before exec ? (3.2)
- Message-ID: <1993Jan05.092610.19232@bas-a.bcc.ac.uk>
- Date: 5 Jan 93 09:26:10 GMT
- References: <1i9vmoINNs7r@grasp1.univ-lyon1.fr>
- Sender: ccaaand@ucl.ac.uk (Andrew Dawson)
- Reply-To: ccaaand@ucl.ac.uk
- Organization: Bloomsbury Computing Consortium
- Lines: 26
-
- Christophe.Wolfhugel@grasp.insa-lyon.fr (Christophe Wolfhugel) writes:
-
- >It is our policy not to allow users to change their GECOS field.
- >But with 3.2, I did not find a solution to succeed.
- >I have modified access rights to chfn acordingly. A simple user can't
- >execute it anymore.
- >BUT... "passwd -f" does a call of chfn, and it succeeds. So I
- >guess that it does forget to reset the UIDs before calling the chfn.
-
- This does seem to be the case. Some Unix's actually have passwd, chfn and
- chsh linked to each other and look at argv[0] to see which was invoked, but
- AIX does actually seem to exec the alternative command.
-
- >Is there any usable solution ?
-
- If you're using NIS, then get rid of passwd and link it to yppasswd. Otherwise,
- set the permissions of chfn to 0000 or rename it to something other than chfn.
- The latter will let root run it by specifying the new name. The former will
- not.
-
- Andrew.
- --
- *+*+*+* Ziggy reports a 99.9% chance that these opinions are personal *+*+*+*
- ccaaand@ucl.ac.uk (reverse for JANET), UUCP: uunet!mcsun!uknet!ucl!ccaaand,
- X.400: /C=gb/ADMD=" "/PRMD=uk.ac/O=ucl/S=ccaaand (or just try typing "reply")
- *+*+*+*+*+ Leapers do it with assistance from neurological holograms *+*+*+*+*+
-
