Solved

Users finding out attributes of their own password

Posted on 1999-01-19
12
197 Views
Last Modified: 2010-04-21
I am trying to write a script to use within a user's .profile to test when a password is due to expire.

I know about password -s but that needs to run as root which is not acceptable within our systems.
0
Comment
Question by:small
12 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2009290
make it a own script called from within .profile.
make this script setuid root (Note that most modern UNIX do not allow running setuid-root scripts by default, you have to change kernel settings).

I'm not shure if /etc/.profile is executed as root or as $user, you may try to call your script here.
0
 

Author Comment

by:small
ID: 2009291
Yeah, I thought of doing that way, however, I am trying to reduce the numebr of scripts that need to run as root.  Are there any other ways?

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2009292
You need a setuid-root program to do it.
Which UNIX do you have?
What does password do? can you post:  ls -l `which password` ?
0
 

Author Comment

by:small
ID: 2009293
I need to do this on Solaris 2.5/2.6 and AIX.

Sorry I meant passwd not password.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2009294
Solaris and AIX? there are different behaviors for -s option !!
You also need to know if your passwd information is locally, or via NIS(+).
As I said: a setuid-root programm. no more ideas, sorry.
0
 

Author Comment

by:small
ID: 2009295
The passwords are always held locally.

OK its looks like a setuid program.

ahoffmann, answer back and I'll give you the points, unless someone has a better idea to solve the problem.

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 51

Expert Comment

by:ahoffmann
ID: 2009296
so I wait with an answer 'til my suggestion works, or someone gives a better one.
0
 

Expert Comment

by:sluggo662
ID: 2009297
You might want to use a perl script using the getpwnam operation. I don't think you have to be root to get it..but if you wanted to get a quota this is what I would use...or a variant of it.

#!/usr/bin/perl

($expire) = (getpwnam ("yourusernamehere"))[4]; #the 4 pulls the quota information
print "$expire \n";

Hope this helps you out
0
 

Author Comment

by:small
ID: 2009298
The perl didn't work because the expiry info is the shadow file not the passwd file.  I think the perl command only reads the passwd file.

Any other ideas?

0
 

Expert Comment

by:eranklonover
ID: 2009299
solaris as a passwd switch: -w <days>

which can be used to Set warn field for user.
the user will be notified by the system and
there is no need for any setuid scripts.
0
 

Author Comment

by:small
ID: 2009300
eranklonover,

Nice solution except those losers, sorry, users, usually ignore the os type messages.  What I want to do was to check the expiry time in their .profile and then force them to change it.

It looks like it will need to be a set-uid script.

ahoffmann step forward, answer and collect your points.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 100 total points
ID: 2009301
make it a own script called from within .profile.
make this script setuid root (Note that most modern UNIX do not allow running
setuid-root scripts by default, you have to change kernel settings).
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now