From owner-freebsd-questions Wed Sep 4 18:56:27 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC21337B400 for ; Wed, 4 Sep 2002 18:56:22 -0700 (PDT) Received: from smtp2.southeast.rr.com (smtp2.southeast.rr.com [24.93.67.83]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA91D43E4A for ; Wed, 4 Sep 2002 18:56:16 -0700 (PDT) (envelope-from bts@fake.com) Received: from mail8.nc.rr.com (fe8 [24.93.67.55]) by smtp2.southeast.rr.com (8.12.5/8.12.2) with ESMTP id g851uqts000530; Wed, 4 Sep 2002 21:56:52 -0400 (EDT) Received: from this.is.fake.com ([24.162.238.30]) by mail8.nc.rr.com with Microsoft SMTPSVC(5.5.1877.757.75); Wed, 4 Sep 2002 21:56:15 -0400 Received: by this.is.fake.com (Postfix, from userid 111) id A7C76BA14; Wed, 4 Sep 2002 21:56:04 -0400 (EDT) Content-Type: text/plain; charset="iso-8859-1" From: "Brian T. Schellenberger" To: Matthew Seaman Subject: Re: passwd: Permission denied Date: Wed, 4 Sep 2002 21:56:03 -0400 User-Agent: KMail/1.4.2 Cc: freebsd-questions@freebsd.org References: <200209041755.24531.bts@babbleon.org> <20020904231555.GC28529@happy-idiot-talk.infracaninophi> In-Reply-To: <20020904231555.GC28529@happy-idiot-talk.infracaninophi> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200209042156.04364.bts@babbleon.org> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thanks . . . On Wednesday 04 September 2002 07:15 pm, Matthew Seaman wrote: | On Wed, Sep 04, 2002 at 05:55:24PM -0400, Brian T. Schellenberger wrote: | > I have a user account that can't change its own password. If it | > tries, it gets: | > | > passwd: Permission denied | | That usually indicates an attempt by an ordinary non-privileged user | to change the password of another user. Ah! Your guess below wasn't it, but that was my clue. I was trying to change the password from an xterm where I had done an su - baduser to change to the userid. I thought that with the - option su acted "just like" a login, but I was wrong. When I actually logged in from a console window, it worked just fine. Live and learn. Does anybody know how su - differs from a "real" login, exactly? Is there a way to "log in" for real in an X window? If I try "login" it says "not a login shell" and if I try telnet, I am reminded that I chose not to set up a local telnet server--and it seems like a pretty significant security comprimise if I have to set up a telnet server just to allow local login in an X window. Not that it's that big a deal, really--I only rarely need to do "real" login things and for that I *can* switch to a console--but I would like to know on general principles . . . | When you cloned the account did you perhaps not give it a unique UID | number? This snippet will print out how often each UID number is | mentioned in the master.passwd file: | | awk -F: '{ print $3 }' < /etc/master.passwd | sort -n | uniq -c | | It can also occur if you remove the SUID bit from /usr/bin/passwd or | mount /usr nosuid, but then no one other than root would be able to | change passwords. | | Cheers, | | Matthew -- Brian, the man from Babble-On . . . . bts@babbleon.org (personal) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message