Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Users finding out attributes of their own password

Posted on 1999-01-19
12
200 Views
Last Modified: 2010-04-21
I am trying to write a script to use within a user's .profile to test when a password is due to expire.

I know about password -s but that needs to run as root which is not acceptable within our systems.
0
Comment
Question by:small
12 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2009290
make it a own script called from within .profile.
make this script setuid root (Note that most modern UNIX do not allow running setuid-root scripts by default, you have to change kernel settings).

I'm not shure if /etc/.profile is executed as root or as $user, you may try to call your script here.
0
 

Author Comment

by:small
ID: 2009291
Yeah, I thought of doing that way, however, I am trying to reduce the numebr of scripts that need to run as root.  Are there any other ways?

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2009292
You need a setuid-root program to do it.
Which UNIX do you have?
What does password do? can you post:  ls -l `which password` ?
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:small
ID: 2009293
I need to do this on Solaris 2.5/2.6 and AIX.

Sorry I meant passwd not password.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2009294
Solaris and AIX? there are different behaviors for -s option !!
You also need to know if your passwd information is locally, or via NIS(+).
As I said: a setuid-root programm. no more ideas, sorry.
0
 

Author Comment

by:small
ID: 2009295
The passwords are always held locally.

OK its looks like a setuid program.

ahoffmann, answer back and I'll give you the points, unless someone has a better idea to solve the problem.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2009296
so I wait with an answer 'til my suggestion works, or someone gives a better one.
0
 

Expert Comment

by:sluggo662
ID: 2009297
You might want to use a perl script using the getpwnam operation. I don't think you have to be root to get it..but if you wanted to get a quota this is what I would use...or a variant of it.

#!/usr/bin/perl

($expire) = (getpwnam ("yourusernamehere"))[4]; #the 4 pulls the quota information
print "$expire \n";

Hope this helps you out
0
 

Author Comment

by:small
ID: 2009298
The perl didn't work because the expiry info is the shadow file not the passwd file.  I think the perl command only reads the passwd file.

Any other ideas?

0
 

Expert Comment

by:eranklonover
ID: 2009299
solaris as a passwd switch: -w <days>

which can be used to Set warn field for user.
the user will be notified by the system and
there is no need for any setuid scripts.
0
 

Author Comment

by:small
ID: 2009300
eranklonover,

Nice solution except those losers, sorry, users, usually ignore the os type messages.  What I want to do was to check the expiry time in their .profile and then force them to change it.

It looks like it will need to be a set-uid script.

ahoffmann step forward, answer and collect your points.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 100 total points
ID: 2009301
make it a own script called from within .profile.
make this script setuid root (Note that most modern UNIX do not allow running
setuid-root scripts by default, you have to change kernel settings).
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question