opening accounts from a non-root account ..
    "lubkt at spectrum.CC.Lehigh.EDU" at vax1.cc.lehigh.edu 
    "lubkt at spectrum.CC.Lehigh.EDU" at vax1.cc.lehigh.edu
       
    Fri Jun 28 06:22:00 AEST 1991
    
    
  
Relay-Version: VMS News - V6.0-3 14/03/90 VAX/VMS; site vax1.cc.lehigh.edu
Path: spot.CC.Lehigh.EDU!lubkt
Newsgroups: comp.sys.sun
Subject: opening accounts from a non-root account ..
Message-ID: <LUBKT.91Jun12153124 at spectrum.CC.Lehigh.EDU>
From: lubkt at spectrum.CC.Lehigh.EDU (Binod K. Taterway)
Date: 12 Jun 91 15:31:24
Distribution: comp.sys.sun
Organization: Lehigh University, Bethlehem, PA
Nntp-Posting-Host: spectrum.cc.lehigh.edu
Lines: 51
I want an administrative staff to open Sun accounts for me. She will
have to change passwords, change shells, change quotas, and other
account-related items.  I have created an account for her, call it
'admin.'  The admin user belongs to the group 'admin.' All yp related
stuff are modifiable by this user. I have created /etc/passwd file
with write permission to admin.
When I (as root) create accounts, I never work on the actual password
file; instead, I work on its copy using the -F option of passwd(1).
Then I check its contents using cops and other locally written
packages for any error, then copy it to the proper location in /var/yp
and run a make to update the NIS password map.
All of this works fine for root; but -F option of passwd(1) does not
work with non-root. So, I thought I might get around by generating
encrypted password in the first place.
Here begins my journey to the wonderous land of crypt(3), login(1),
DES, and a host of other programs. I realize crypt cannot generate
initial encrypted password because it doesn't have the right seed. Let
EPW be the encrypted password of the clear-text password, PW. Then,
	EPW = crypt(PW, EPW)
The second parameter of crypt is the seed: if the seed is same as EPW,
then the result of crypt is same EPW. This is what is presumably used
by login programs to validate a user.
But, my problem is to generate EPW without initial seed.
So I thought, may be, I will create a dummy user, and get the EPW by
using the passwd(1) program directly (change password of this dummy
user, awk/grep the password field of this user, and use it in the EPW
field of the new user's password. But this means that I will working
on the password file directly, and I don't like to do that.
Perhaps there is simpler way. Sure, use setuid shell script. Being a
security advocate, I just don't write such scripts and I am not going
to start now. But I am dying to relieve myself of the burden of
day-to-day account management. Perhaps someone would like to share
her/his recipe on this issue if they have found a way of doing this
neatly from a non-root account.
--
---
Binod Taterway                     |    lubkt at spectrum.CC.Lehigh.EDU
Sr. User Consultant                |    bt00 at lehigh.BITNET
Lehigh University Computing Center |    (215) 758-3984 (off)
Bethlehem, PA 18015                |    (215) 758-4983 (fax)
    
    
More information about the Comp.sys.sun
mailing list