Date: Thu, 1 Apr 1999 10:45:31 -0800 (PST) From: dissonant <disowned@linda.pomona.edu> To: Mike Tancsa <mike@sentex.net> Cc: questions@FreeBSD.ORG Subject: Re: making /usr/bin/passwd the 'shell' Message-ID: <Pine.BSF.4.05.9904011041390.18657-100000@linda.pomona.edu> In-Reply-To: <3.0.5.32.19990401130517.00cc6410@staff.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 1 Apr 1999, Mike Tancsa wrote:
> I dont want to give some of my users shell access, but I want them to be
> able to change their password. What would be the implications of setting
> their shell to /usr/bin/passwd ? Are there any more prefered/safer ways of
> doing this ?
I use the following file (I think I put it in /usr/local/shells/nonuser
and make that the user's default shell) for this, to make it a little
less unfriendly, trap out escape characters, etc. There may be a better
way of doing it.
========================================/usr/local/shells/nonuser
#!/bin/sh
trap "" 2 18
echo -n "
You currently may not connect to this host via the Unix shell.
Although you may access servers, your shell has been disabled as a
security precaution. If you want to to use your Unix account for anything
other than connecting to a server, visit the administrators (in person) or
send e-mail to root, and we'll be glad to enable it.
You can, however, change your server password here. Would you like to
change your password? [y/n] "
read RESP
if [ "$RESP" = "y" ]; then
echo "
+++++++++++++++++++++++++Changing Your Password+++++++++++++++++++++++++++
A good password is six to eight characters long and made up of
upper and lower case letters, numbers and symbols. It must not be a real
word in _any_ language. You should combine random numbers and letters in
a way that you'll remember. One idea is to take the first letter from
each word of a phrase that's significant to you. An example of a good
phrase for me: 'I love my dog Sniffles a lot.' would translate into
'IlmdSal.' (without the quotes) and would be a very good password. Here
we go...
"
if /usr/bin/passwd
then
echo "
* Congratulations! You've changed your password. It may take a few
minutes to an hour for the changes to propagate through the system. If
the change is not immediately evident, please be patient. :)"
else
echo "
* If you see \"Couldn't change password\" it probably means that you typed
in your \"Old NIS password\" (ie. your current password) wrong. Please
log in and try again. If it doesn't work after that, please send mail to
root and we'll see what we can do about it.
* If you see \"Mismatch - password unchanged\" you misspelled your password
or its verification. Please log in and try again."
fi
echo "
Thanks - the Management.
<please press return when done>"
read RET
echo ""
exit 0
else
echo "
Thanks - the Management.
<please press return when done>"
read RET
echo ""
exit 0
fi
========================================/usr/local/shells/nonuser
...hopefully that's slightly helpful..
[[ M i c h a e l L i e b e r m a n ]]
[[ d i s o w n e d @ l i n d a . p o m o n a . e d u ]]
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9904011041390.18657-100000>