Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 4 Sep 2002 21:56:03 -0400
From:      "Brian T. Schellenberger" <bts@babbleon.org>
To:        Matthew Seaman <m.seaman@infracaninophile.co.uk>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: passwd: Permission denied
Message-ID:  <200209042156.04364.bts@babbleon.org>
In-Reply-To: <20020904231555.GC28529@happy-idiot-talk.infracaninophi>
References:  <200209041755.24531.bts@babbleon.org> <20020904231555.GC28529@happy-idiot-talk.infracaninophi>
next in thread | previous in thread | raw e-mail | index | archive | help 


Thanks . . .

On Wednesday 04 September 2002 07:15 pm, Matthew Seaman wrote:
| On Wed, Sep 04, 2002 at 05:55:24PM -0400, Brian T. Schellenberger 
wrote:
| > I have a user account that can't change its own password.  If it
| > tries, it gets:
| >
| > passwd: Permission denied
|
| That usually indicates an attempt by an ordinary non-privileged user
| to change the password of another user.


Ah!  Your guess below wasn't it, but that was my clue.

I was trying to change the password from an xterm where I had done an

su - baduser

to change to the userid.  I thought that with the - option su acted 
"just like" a login, but I was wrong.  When I actually logged in from a 
console window, it worked just fine.

Live and learn.

Does anybody know how su - differs from a "real" login, exactly?

Is there a way to "log in" for real in an X window?  If I try "login" it 
says "not a login shell" and if I try telnet, I am reminded that I 
chose not to set up a local telnet server--and it seems like a pretty 
significant security comprimise if I have to set up a telnet server 
just to allow local login in an X window.

Not that it's that big a deal, really--I only rarely need to do "real" 
login things and for that I *can* switch to a console--but I would like 
to know on general principles  . . .





| When you cloned the account did you perhaps not give it a unique UID
| number?  This snippet will print out how often each UID number is
| mentioned in the master.passwd file:
|
|     awk -F: '{ print $3 }' < /etc/master.passwd | sort -n | uniq -c
|
| It can also occur if you remove the SUID bit from /usr/bin/passwd or
| mount /usr nosuid, but then no one other than root would be able to
| change passwords.
|
| 	Cheers,
|
| 	Matthew

-- 
Brian, the man from Babble-On . . . .   bts@babbleon.org (personal)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209042156.04364.bts>