[rsbac] passwd

ghorvath at minolta.hu ghorvath at minolta.hu
Fri Jul 25 12:15:53 MEST 2003


Perhaps because of the inode change another method is preferred? E.g. 
LDAP, libpam_smb maybe sasl?

ghorvath at minolta.hu

Amon Ott <ao at rsbac.org>
Sent by: rsbac-bounces at rsbac.org
2003.07.25 09:24
Please respond to RSBAC Discussion and Announcements

        To:     RSBAC Discussion and Announcements <rsbac at rsbac.org>
        Subject:        Re: [rsbac] passwd

On Friday, 25. July 2003 08:43, polish wrote:
>   How did you resolve access to /etc/passwd and /etc/shadow. I would 
> to create new user X, who can change password to everyone. And root 
> change password. I find a some standard solution of this problem.

passwd and shadow are tricky, because they get deleted and recreated with 
every change. What I would do is make a wrapper script, which

- is the only one allowed to write access these files (RC initial role)
- may only be executed by the specified user (extra user role and 
- has a sensible default_fd_create_type, e.g. passwd-type
- corrects the types of the files after the change (because passwd and 
usually need different types)

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
rsbac mailing list
rsbac at rsbac.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://gateway.compuniverse.de/pipermail/rsbac/attachments/20030725/39214900/attachment.htm

More information about the rsbac mailing list