asroot passwd: not authorized

2 views
Skip to first unread message

Alex Barilo

unread,
Jun 18, 1999, 3:00:00 AM6/18/99
to
Hi,

OS: SCO OS 5.0.5
Patches: rs505a, oss497b (don't think it matters though)

Problem: when running asroot passwd I'm getting the following message:
Sorry, not authorized to run passwd.

I did read asroot man page and followed its directions:
- I copied passwd to /tcb/files/rootcmds
- I set up it's permissions: (it never complained about them)
moe:root# l /tcb/files/rootcmds/passwd
---x--s--x 1 bin auth 63300 Jun 9 12:09 /tcb/files/rootcmds/passwd
- I modified /etc/auth/system/authorize and now it looks like:
audit:audittrail
auth:su,passwd
backup:queryspace,create_backup,restore_backup
cron:
lp:printqueue,printerstat
mem:
sysadmin:
terminal:
uucp:
root:shutdown,passwd
- this user is allowed to execsuid (scoadmin account manager -> Users -> Privileges...)
- this user has passwd in his authorization list (scoadmin account manager -> Users -> Authorizations...)
and his tcb auth file looks like:

abarilo:u_name=abarilo:u_id#500:\
:u_pwd=XXXXXXXXXXXXX:\
:u_type=general:u_cmdpriv=audittrail,su,passwd,queryspace,printqueue,mem,terminal:u_succhg#929364699:u_unsucchg#928336242:\
:u_pswduser=abarilo:u_suclog#929721211:u_suctty=ttyp16:u_unsuclog#928858686:\
:u_unsuctty=ttyp19:u_lock@:chkent:

but I guess I'm missing something obvious. But WHAT???

Any ideas?

Thank you,

Alex.

PS I use traditional security.

Tony Lawrence

unread,
Jun 18, 1999, 3:00:00 AM6/18/99
to Alex Barilo
Alex Barilo wrote:
>
> Hi,
>
> OS: SCO OS 5.0.5
> Patches: rs505a, oss497b (don't think it matters though)
>
> Problem: when running asroot passwd I'm getting the following message:
> Sorry, not authorized to run passwd.
>

To run passwd, the user needs "auth" authorization (and
doesn't need "asroot" at all), which will let them run
passwd for any other user that does NOT have "auth"
authorization. The idea behind this is that this user can
change other users passwords, but not roo's, or that of any
other user who has been granted this power. It would be a
major danger to do this any other way.


See "man authorize"

--
Tony Lawrence (to...@aplawrence.com)
SCO articles, help, book reviews, tests,
job listings and more : http://www.aplawrence.com

Alex Barilo

unread,
Jun 18, 1999, 3:00:00 AM6/18/99
to
On Fri, 18 Jun 1999 18:33:55 GMT, Tony Lawrence <to...@aplawrence.com>
wrote:

> > Problem: when running asroot passwd I'm getting the following message:
> > Sorry, not authorized to run passwd.
> >
>
> To run passwd, the user needs "auth" authorization (and
> doesn't need "asroot" at all), which will let them run
> passwd for any other user that does NOT have "auth"
> authorization.

I realize that. The reason I want to use asroot passwd is to use
passwd -f to force user change their password under next logon. And
when I run passwd -f user_name as any user but root, I get:

passwd: Cannot specify -f, -n, or -x
Usage: passwd [ -r retries ] [ name ]
passwd -d [ name ]
passwd -s [ name ]


> The idea behind this is that this user can
> change other users passwords, but not roo's, or that of any
> other user who has been granted this power. It would be a
> major danger to do this any other way.

I realize that too, that's why this user will never have shell access
but only a menu and I do check user name they are trying to reset.

> See "man authorize"

I did - not much luck in full understanding... :( Where can I get more
detailed information on this? Prefferably with examples. Did I make
correct changes to authorize file (see my previous post)?

Thank you,

Alex.

Alex.
--------
Before the accident, I even could not spell UNIX

Tony Lawrence

unread,
Jun 18, 1999, 3:00:00 AM6/18/99
to
Alex Barilo wrote:


> I realize that. The reason I want to use asroot passwd is to use
> passwd -f to force user change their password under next logon. And
> when I run passwd -f user_name as any user but root, I get:

That's strange. I have a user here with "auth" set, and can
issue "passwd -f" for other users. Not for "root", of
course, but for other users. I just tested it again just
now, and forced my brother-in-law to change his password
when he logs in later. He'll appreciate that :-)

> I did - not much luck in full understanding... :( Where can I get more
> detailed information on this? Prefferably with examples. Did I make
> correct changes to authorize file (see my previous post)?

I do not believe you can do this (in any safe way) with
asroot. Just having "auth" should work. What
version/patches are you running?

Alex Barilo

unread,
Jun 21, 1999, 3:00:00 AM6/21/99
to
On Fri, 18 Jun 1999 19:22:03 GMT, Tony Lawrence <to...@aplawrence.com>
wrote:

> That's strange. I have a user here with "auth" set, and can

Tony,

Thanks for the idea - that was it. All I needed was to add 'auth'
authorization to this user.

Reply all
Reply to author
Forward
0 new messages