chfn...can I??
John Navarra
navarra at casbah.acns.nwu.edu
Thu Apr 4 21:04:59 AEST 1991
In article <1991Apr3.161841.26270 at ioe.lon.ac.uk> andrew at uxm.sm.ucl.ac.uk writes:
>In <SHAHRYAR.91Mar29123159 at sfsuvax1.sfsu.edu> shahryar at sfsuvax1.SFSU.EDU (Persian Nightmare) writes:
>
>>In chfn, could I turn off the ability to change the REAL name unless done
>>bye a superuser?? How is it possible??
>
>This may be a bit difficult without source code changes. You might be able to
>disable the chfn command entirely just by changing its permissions. Note,
>however, on some systems that chfn, chsh and passwd are all links to the same
>binary, so a user might still be able to use passwd -f if you disable chfn.
Funny that I am seeing this subject cropping up everywhere. For some
reason people don't like bogus fullnames. Well first off if you want to
completely rid yourself of this fullname option you are going to have to do
more than change the perms on chfn. As it has been pointed out, there is the
esoteric passwd -f option. So the first thing you have to do is edit the
passwd.c file (if you don't have it, I know it is ftpable from somewhere.)
and take out the -f option -- since you can't disable passwd!
BUT even that is not enough. Some of the more ingenious users might
figure this one out:
ln -s /bin/chsh ~/chfn !!!!!!
Now you can execute chfn from your own directory and change your fullname!
So, you are going to have to change some perms on chsh too! Now our sysadmin
fixed passwd.c but not chsh (but is it worth all this trouble? Only a few
users on the system are going to know about this anyway.)
>
>--
>Andrew Dawson, Computer Centre, University College London, Gower Street,
>London WC1E 6BT, England.
>JANET: ccaaand at uk.ac.ucl EARN/BITNET: ccaaand at ucl.ac.uk
>INTERNET: ccaaand%ucl.ac.uk at nsfnet-relay.ac.uk UUCP: ...!ukc!ucl.ac.uk!ccaaand
--
>From the Lab of the MaD ScIenTiST:
navarra at casbah.acns.nwu.edu
More information about the Comp.unix.admin
mailing list