Summary:password change with RBAC

From: UmanS <kedaran0504_at_yahoo.com.au> Date: Thu Nov 21 2002 - 00:34:23 EST · This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:58 EST

I have applied the patch 110386-02 and changed the
line to as Casper said:
User Security:suser:cmd:::/usr/bin/passwd:euid=0;uid=0

It worked like a champ.

Thanks again.
Uman

My Original question ========

I have received 3 responses so far, I write this
partial summary to say that I have tried everything as
said in the doco. Used User Security profile provided
by SUN. Steps taken:
1. User Security:suser:cmd:::/usr/bin/passwd:euid=0
This is already provided by SUN in
/etc/security/exec_attr
2. roleadd -m -P "User Security,All" passman && passwd
passman
3. usermod -R passman testuser
4. login as testuser
login: testuser
Password:
bash-2.03$ su - passman
Password:
$ passwd <user_id>
passwd (SYSTEM): Permission denied
passwd (SYSTEM): Can't change local passwd file
Permission denied
5. Tested profiles
$ profiles
User Security
All
Basic Solaris User

Then Stev send this message
"sandrewz" <sandrewz@yahoo.com>
This has to do with the EUID in one of the RBAC
authentication files under /etc/security/. This has
been fixed under Solaris 9. BTW, I haven't seen this
error posted anywhere, but discovered it myself.

stev

Therefore I have to assume that it's not going to work
in Sol 8. If anyone successfully implemented in Sol 8
I would like to hear from them.

Thanks to 
Schneider, Michael (empolis GT)   
Casper Dik 
and also to Stev.

Regards
Uman
 --- UmanS <kedaran0504@yahoo.com.au> wrote: > Hi
Managers,
> 
> We planning to handover unix passwd changes to our
> help desk and I am trying to do it through RBAC. I
> have followed the procedures from this "god send"
> list
> it working for snoop command (as in the SUMMARY) but
> it doesn't work for passwd command. When I test I
> get
> the following answer:
> passwd (SYSTEM): Permission denied
> passwd (SYSTEM): Can't change local passwd file
> 
> Has anyone implement this before?. I have a script
> in
> perl to change the password (also from this list)
> but
> that still require root user id.
> 
> Any suggestions/ideas welcome.

http://www.yahoo.promo.com.au/hint/ - Yahoo! Hint Dropper
- Avoid getting hideous gifts this Christmas with Yahoo! Hint Dropper!
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers