Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Cronjob for root password change.
Top Forums Shell Programming and Scripting Cronjob for root password change. Post 302903556 by Perderabo on Wednesday 28th of May 2014 11:27:53 AM
Old 05-28-2014
There are quite a few objections to this entire approach. It is possible the the ap team will need to install a job in root's crontab. This would guarantee that they see your code. It also it means your "crontab -r" could be dangerous. If you must go down this path you can partially address your own objection. Switch to "usermod -p" and hard code the encrypted password. This is still terrible for security but it does beat hard coding the plaintext password.

But here is another approach for your consideration. Define a group called, perhaps, "bigshots". Add a line to /etc/group putting the ap team in the bigshots group. Now add a line like this:
Code:
%bigshots ALL=(ALL) NOPASSWD: ALL

to /etc/sudoers. Show the ap team how to use sudo to gain root power. And finally write a script to remove the bigshots line from both /etc/sudoers and /etc/group. This should be easy because we are using a screwy word like "bigshots" which probably will not collide with any other line in either file.

And the final touch: use the "at" command rather than "cron" to schedule the script at the appropiate time.
 

9 More Discussions You Might Find Interesting

1. HP-UX

How to change root password on HP UX

Hello, I try to make a change on the root password on HP UX. I use sam but it didn't work here. I try to login as root but I failed however, I login to my name and then change to su and su password then it is o.k There is not much different from root and su but how do we use root? Thanks so... (4 Replies)
Discussion started by: mle06
4 Replies

2. Solaris

change root password

Hi, please advise me what is the simplest way to change root password on Sun Sparc 64 bit with Solaris 9 on it. Thanks in advance. (3 Replies)
Discussion started by: duke0001
3 Replies

3. HP-UX

Change root password?

Hello! I forget the root password and I need to change it. I've read others threads about it in this forum, but it seems it's necessary to modify /etc/passwd file. In my HPUX Systems this passwd file have only "read" permissions ant its owner is the root user, so how can i modify this file, if I... (4 Replies)
Discussion started by: kaugrs
4 Replies

4. HP-UX

How to change ROOT password.

Hi, we have a HP-UX server of model 9000/800/rp4440. We have been trying to reset the root password but are in vain.I used the following command and also are the outputs which i have received. # passwd Changing password for root New password: Re-enter new password: Unexpected failure.... (3 Replies)
Discussion started by: angelofhell
3 Replies

5. Solaris

Root Password change

Hi All, I would like to find out when the root password changed last time..! :p Please guys help me Out (2 Replies)
Discussion started by: bullz26
2 Replies

6. Shell Programming and Scripting

how to change root password using shell script with standard password

Hi Friends. I am new to scripting now i want to change the root password using the script with standard password. which is the easy scripting to learn for the beginner, Thanks in advance. (2 Replies)
Discussion started by: kurva
2 Replies

7. Solaris

Solaris 8 - Asks for current root password when trying to change root password.

Hello All, I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Discussion started by: tferrazz
8 Replies

8. Ubuntu

Root access that can't change root password?

We are having a little problem on a server. We want that some users should be able to do e.g. sudo and become root, but with the restriction that the user can't change root password. That is, a guarantee that we still can login to that server and become root no matter of what the other users will... (2 Replies)
Discussion started by: 244an
2 Replies

9. UNIX for Beginners Questions & Answers

Can a root role change the root password in Solaris 10?

i do not have root on a solairs 10 server , however i do have the root role, i was wondering if I can change the root password as a a role with the passwd command? I have not tried yet. and do i have to use the # chgkey -p afterwards? i need to patch is why i am asking. thanks (1 Reply)
Discussion started by: goya
1 Replies

LEARN ABOUT POSIX

gshadow

GSHADOW(5)						   File Formats and Conversions 						GSHADOW(5)

NAME

       gshadow - shadowed group file

DESCRIPTION

       /etc/gshadow contains the shadowed information for group accounts.

       This file must not be readable by regular users if password security is to be maintained.

       Each line of this file contains the following colon-separated fields:

       group name
	   It must be a valid group name, which exist on the system.

       encrypted password
	   Refer to crypt(3) for details on how this string is interpreted.

	   If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, users will not be able to use a
	   unix password to access the group (but group members do not need the password).

	   The password is used when a user who is not a member of the group wants to gain the permissions of this group (see newgrp(1)).

	   This field may be empty, in which case only the group members can gain the group permissions.

	   A password field which starts with an exclamation mark means that the password is locked. The remaining characters on the line
	   represent the password field before the password was locked.

	   This password supersedes any password specified in /etc/group.

       administrators
	   It must be a comma-separated list of user names.

	   Administrators can change the password or the members of the group.

	   Administrators also have the same permissions as the members (see below).

       members
	   It must be a comma-separated list of user names.

	   Members can access the group without being prompted for a password.

	   You should use the same list of users as in /etc/group.

FILES

       /etc/group
	   Group account information.

       /etc/gshadow
	   Secure group account information.

SEE ALSO

       gpasswd(5), group(5), grpck(8), grpconv(8), newgrp(1).

shadow-utils 4.5						    01/25/2018								GSHADOW(5)
All times are GMT -4. The time now is 05:57 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy