[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Users finding out attributes of their own password

Posted on 1999-01-19
12
Medium Priority
?
205 Views
Last Modified: 2010-04-21
I am trying to write a script to use within a user's .profile to test when a password is due to expire.

I know about password -s but that needs to run as root which is not acceptable within our systems.
0
Comment
Question by:small
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2009290
make it a own script called from within .profile.
make this script setuid root (Note that most modern UNIX do not allow running setuid-root scripts by default, you have to change kernel settings).

I'm not shure if /etc/.profile is executed as root or as $user, you may try to call your script here.
0
 

Author Comment

by:small
ID: 2009291
Yeah, I thought of doing that way, however, I am trying to reduce the numebr of scripts that need to run as root.  Are there any other ways?

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2009292
You need a setuid-root program to do it.
Which UNIX do you have?
What does password do? can you post:  ls -l `which password` ?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:small
ID: 2009293
I need to do this on Solaris 2.5/2.6 and AIX.

Sorry I meant passwd not password.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2009294
Solaris and AIX? there are different behaviors for -s option !!
You also need to know if your passwd information is locally, or via NIS(+).
As I said: a setuid-root programm. no more ideas, sorry.
0
 

Author Comment

by:small
ID: 2009295
The passwords are always held locally.

OK its looks like a setuid program.

ahoffmann, answer back and I'll give you the points, unless someone has a better idea to solve the problem.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2009296
so I wait with an answer 'til my suggestion works, or someone gives a better one.
0
 

Expert Comment

by:sluggo662
ID: 2009297
You might want to use a perl script using the getpwnam operation. I don't think you have to be root to get it..but if you wanted to get a quota this is what I would use...or a variant of it.

#!/usr/bin/perl

($expire) = (getpwnam ("yourusernamehere"))[4]; #the 4 pulls the quota information
print "$expire \n";

Hope this helps you out
0
 

Author Comment

by:small
ID: 2009298
The perl didn't work because the expiry info is the shadow file not the passwd file.  I think the perl command only reads the passwd file.

Any other ideas?

0
 

Expert Comment

by:eranklonover
ID: 2009299
solaris as a passwd switch: -w <days>

which can be used to Set warn field for user.
the user will be notified by the system and
there is no need for any setuid scripts.
0
 

Author Comment

by:small
ID: 2009300
eranklonover,

Nice solution except those losers, sorry, users, usually ignore the os type messages.  What I want to do was to check the expiry time in their .profile and then force them to change it.

It looks like it will need to be a set-uid script.

ahoffmann step forward, answer and collect your points.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 300 total points
ID: 2009301
make it a own script called from within .profile.
make this script setuid root (Note that most modern UNIX do not allow running
setuid-root scripts by default, you have to change kernel settings).
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question