From owner-freebsd-questions  Wed Jan 20 07:12:42 1999
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA09460
          for freebsd-questions-outgoing; Wed, 20 Jan 1999 07:12:42 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from finsco.com (ns1.finsco.com [216.0.231.2])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id HAA09454
          for <freebsd-questions@FreeBSD.ORG>; Wed, 20 Jan 1999 07:12:37 -0800 (PST)
          (envelope-from billh@finsco.com)
Received: from finsco.com by finsco.com (SMI-8.6/SMI-SVR4)
	id JAA21663; Wed, 20 Jan 1999 09:08:50 -0600
Message-ID: <36A5F1F8.E54A6413@finsco.com>
Date: Wed, 20 Jan 1999 09:10:48 -0600
From: Bill Hamilton <billh@finsco.com>
X-Mailer: Mozilla 4.5 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Peihan Wang <peihanw@mx.cei.gov.cn>
CC: freebsd-questions@FreeBSD.ORG
Subject: Re: howto prevent password from been changed?
References: <36A5D54D.234631CB@mx.cei.gov.cn>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

How about putting a dummy passwd program in their path, ahead of
/sbin/passwd?
Give them execute permission but no write permission on it. 
The program could just exit or log a message for YOU and tell them that
they
are stepping into deep doo-doo and then exit.
Of course, they could still type /sbin/passwd, or wherever it is (oops).
Peihan Wang wrote:
> 
>
> But I do not want them to execute passwd for that will
> cause extra sys-admin tasks.
> 
> The default permission of passwd is -r-sr-xr-x.
> Change permission or hide passwd is unwise for other
> users will feel discomfort.
> 
> Any suggestions?
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message