chfn...can I??

[John Navarra]

In article <1991Apr3.161841.26270 at ioe.lon.ac.uk> andrew at uxm.sm.ucl.ac.uk writes:
>In <SHAHRYAR.91Mar29123159 at sfsuvax1.sfsu.edu> shahryar at sfsuvax1.SFSU.EDU (Persian Nightmare) writes:
>
>>In chfn, could I turn off the ability to change the REAL name unless done
>>bye a superuser??  How is it possible??
>
>This may be a bit difficult without source code changes. You might be able to
>disable the chfn command entirely just by changing its permissions. Note,
>however, on some systems that chfn, chsh and passwd are all links to the same
>binary, so a user might still be able to use passwd -f if you disable chfn.

       Funny that I am seeing this subject cropping up everywhere. For some 
 reason people don't like bogus fullnames. Well first off if you want to 
 completely rid yourself of this fullname option you are going to have to do
 more than change the perms on chfn. As it has been pointed out, there is the
 esoteric passwd -f option. So the first thing you have to do is edit the 
 passwd.c file (if you don't have it, I know it is ftpable from somewhere.)
 and take out the -f option -- since you can't disable passwd!
	BUT even that is not enough. Some of the more ingenious users might
 figure this one out:
              ln -s /bin/chsh ~/chfn  !!!!!!

 Now you can execute chfn from your own directory and change your fullname!
 So, you are going to have to change some perms on chsh too! Now our sysadmin
 fixed passwd.c but not chsh (but is it worth all this trouble? Only a few
 users on the system are going to know about this anyway.)

>
>-- 
>Andrew Dawson, Computer Centre, University College London, Gower Street,
>London WC1E 6BT, England.
>JANET:    ccaaand at uk.ac.ucl                     EARN/BITNET: ccaaand at ucl.ac.uk
>INTERNET: ccaaand%ucl.ac.uk at nsfnet-relay.ac.uk  UUCP: ...!ukc!ucl.ac.uk!ccaaand


-- 
>From the Lab of the MaD ScIenTiST:
      
navarra at casbah.acns.nwu.edu