From owner-freebsd-questions Thu Apr 1 10:47:16 1999 Delivered-To: freebsd-questions@freebsd.org Received: from linda.pomona.edu (linda.pomona.edu [134.173.72.215]) by hub.freebsd.org (Postfix) with ESMTP id 09B76154D4 for ; Thu, 1 Apr 1999 10:47:14 -0800 (PST) (envelope-from disowned@linda.pomona.edu) Received: from localhost (disowned@localhost) by linda.pomona.edu (8.9.2/8.9.2) with ESMTP id KAA19030; Thu, 1 Apr 1999 10:45:31 -0800 (PST) (envelope-from disowned@linda.pomona.edu) Date: Thu, 1 Apr 1999 10:45:31 -0800 (PST) From: dissonant To: Mike Tancsa Cc: questions@FreeBSD.ORG Subject: Re: making /usr/bin/passwd the 'shell' In-Reply-To: <3.0.5.32.19990401130517.00cc6410@staff.sentex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 1 Apr 1999, Mike Tancsa wrote: > I dont want to give some of my users shell access, but I want them to be > able to change their password. What would be the implications of setting > their shell to /usr/bin/passwd ? Are there any more prefered/safer ways of > doing this ? I use the following file (I think I put it in /usr/local/shells/nonuser and make that the user's default shell) for this, to make it a little less unfriendly, trap out escape characters, etc. There may be a better way of doing it. ========================================/usr/local/shells/nonuser #!/bin/sh trap "" 2 18 echo -n " You currently may not connect to this host via the Unix shell. Although you may access servers, your shell has been disabled as a security precaution. If you want to to use your Unix account for anything other than connecting to a server, visit the administrators (in person) or send e-mail to root, and we'll be glad to enable it. You can, however, change your server password here. Would you like to change your password? [y/n] " read RESP if [ "$RESP" = "y" ]; then echo " +++++++++++++++++++++++++Changing Your Password+++++++++++++++++++++++++++ A good password is six to eight characters long and made up of upper and lower case letters, numbers and symbols. It must not be a real word in _any_ language. You should combine random numbers and letters in a way that you'll remember. One idea is to take the first letter from each word of a phrase that's significant to you. An example of a good phrase for me: 'I love my dog Sniffles a lot.' would translate into 'IlmdSal.' (without the quotes) and would be a very good password. Here we go... " if /usr/bin/passwd then echo " * Congratulations! You've changed your password. It may take a few minutes to an hour for the changes to propagate through the system. If the change is not immediately evident, please be patient. :)" else echo " * If you see \"Couldn't change password\" it probably means that you typed in your \"Old NIS password\" (ie. your current password) wrong. Please log in and try again. If it doesn't work after that, please send mail to root and we'll see what we can do about it. * If you see \"Mismatch - password unchanged\" you misspelled your password or its verification. Please log in and try again." fi echo " Thanks - the Management. " read RET echo "" exit 0 else echo " Thanks - the Management. " read RET echo "" exit 0 fi ========================================/usr/local/shells/nonuser ...hopefully that's slightly helpful.. [[ M i c h a e l L i e b e r m a n ]] [[ d i s o w n e d @ l i n d a . p o m o n a . e d u ]] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message