SUMMARY: Setuid user accounts

From: <Chris.Young_at_edl.uk.eds.com>
Date: Tue Nov 12 2002 - 11:06:44 EST
Thanks to the following people who replied to my query about setuid user
accounts:

Johan Hartzenberg
Reginald Beavers
Andrew Sit
Greg Marsh
Thomas Steudten
Julie Peers
Deborah Santomauro
Galen Johnson
Gurcan Erim
Shriman Gurung
Marco Breedeveld


I seemed to cause some confusion about what I was actually asking, for which
I apologise. A number of people thought I was asking about setting the
setuid bit for a file or directory. What I actually wanted to know was
whether it's possible to set the 'No password --- setuid only' option for a
user account from the command line, as you can from AdminTool et al. 

The consensus seems to be no, or at least, not directly which is strange
since you seem to be able to do it for the other three password options
which AdminTool provides ('Account is cleared until next login', 'Account is
locked', 'Normal password').

Suggestions included the following:

[] set the shell to /bin/false to prevent logins to this account
[] use passwd -l <username> to lock the account
[] setfacl -m user:user1:rwx,user:user2:r-x filename
[] change the password field in /etc/shadow to 'NP' **
[] make the uid 0 and/or 14 depending on what the account is for
[] use useradd

** This is what I am trying to achieve but without having to do it manually.


I've solved the problem by implementing the following commands in a shell
script. It works but it's a bit messy so if anyone has a cleaner solution,
please let me know!

cat /etc/shadow | sed 's/^<username>:\*LK\*:/<username>:NP:/' >
/tmp/tmpfile.$$
mv /tmp/tmpfile.$$ /etc/shadow

This works since I can guarantee (in this instance) that the account will
have the *LK* flag set beforehand.

Thanks again for everyone's help,
Regards,
Chris



My original questions was:

Hello gurus,

This is probably a very simple question but I've been unable to find the
appropriate information anywhere else. Is it possible to make a user account
setuid only from the command line, without using AdminTool, AdminSuite or
any other such application?

Any help appreciated! I will summarise.
Thanks!
Chris

----------------------------------
Chris Young
EDS Defence Ltd.
Tel.  : +44 (0)1256 742235
Fax.  : +44 (0)1256 742727
E-mail: chris.young@edl.uk.eds.com
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Nov 12 11:11:08 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:57 EST