[rsbac] passwd
ghorvath at minolta.hu
ghorvath at minolta.hu
Fri Jul 25 12:15:53 MEST 2003
Hi,
Perhaps because of the inode change another method is preferred? E.g.
LDAP, libpam_smb maybe sasl?
Gabor
ghorvath at minolta.hu
Amon Ott <ao at rsbac.org>
Sent by: rsbac-bounces at rsbac.org
2003.07.25 09:24
Please respond to RSBAC Discussion and Announcements
To: RSBAC Discussion and Announcements <rsbac at rsbac.org>
cc:
Subject: Re: [rsbac] passwd
On Friday, 25. July 2003 08:43, polish wrote:
> How did you resolve access to /etc/passwd and /etc/shadow. I would
like
> to create new user X, who can change password to everyone. And root
can't
> change password. I find a some standard solution of this problem.
passwd and shadow are tricky, because they get deleted and recreated with
every change. What I would do is make a wrapper script, which
- is the only one allowed to write access these files (RC initial role)
- may only be executed by the specified user (extra user role and
passwd-exe
type)
- has a sensible default_fd_create_type, e.g. passwd-type
- corrects the types of the files after the change (because passwd and
shadow
usually need different types)
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
_______________________________________________
rsbac mailing list
rsbac at rsbac.org
http://www.rsbac.org/mailman/listinfo/rsbac
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://gateway.compuniverse.de/pipermail/rsbac/attachments/20030725/39214900/attachment.htm
More information about the rsbac
mailing list