Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

passwd command

0 views
Skip to first unread message

JT

unread,
Jun 19, 2002, 11:08:44 AM6/19/02
to
I've got a couple of people with access to root on my SCO boxes.
Every-now-and-then one of them will blunder the "passwd" command for our
users and actually change the root passwd. I've heard that in the actual
file that holds these passwords, a modification can be made to disallow
anyone from changing the root password with the "passwd" command but I can't
find the file. anyone know where it is? thanx

JT


John DuBois

unread,
Jun 19, 2002, 11:37:58 AM6/19/02
to

usermod -x '{passwdChooseOwn 0}' -x '{passwdRunGenerator 0}' root

To change root's password, you will have to undo at least one of these:

usermod -x '{passwdChooseOwn 1}' root

John
--
John DuBois spc...@armory.com KC6QKZ/AE http://www.armory.com/~spcecdt/

JT

unread,
Jun 19, 2002, 2:18:21 PM6/19/02
to
VERY VERY Nice John, it works great! Thank you!


"John DuBois" <spc...@deeptht.armory.com> wrote in message
news:3d10a556$0$79555$8ee...@newsreader.tycho.net...

Jeff Liebermann

unread,
Jun 20, 2002, 1:24:38 AM6/20/02
to
On 19 Jun 2002 15:37:58 GMT, spc...@deeptht.armory.com (John DuBois)
wrote:

>In article <aeq6kn$2qih$1...@newsreader.cetlink.net>, JT <j...@wnclnk.com> wrote:
>>I've got a couple of people with access to root on my SCO boxes.
>>Every-now-and-then one of them will blunder the "passwd" command for our
>>users and actually change the root passwd. I've heard that in the actual
>>file that holds these passwords, a modification can be made to disallow
>>anyone from changing the root password with the "passwd" command but I can't
>>find the file. anyone know where it is? thanx

>usermod -x '{passwdChooseOwn 0}' -x '{passwdRunGenerator 0}' root
>To change root's password, you will have to undo at least one of these:
>usermod -x '{passwdChooseOwn 1}' root
> John

Very nice and handy. However, I solved the same problem by having two
root level accounts. I leave the stock Bourne shell "root" login
alone so that all the shell scripts work as expected. I then add
"rootksh" (root login with Korn Shell), and sometimes "rootcsh" (if I
feel masochistic). Any of these logins will get me root level
permissions, but with different shells and environments.


--
Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
(831)421-6491 pgr (831)426-1240 fax (831)336-2558 home
http://www.LearnByDestroying.com WB6SSY
je...@comix.santa-cruz.ca.us je...@cruzio.com

0 new messages