> >the root command (since it's not a single person who does this).
> Around "the root command"? Personally, I'd write a wrapper around the
> _passwd_ command, partly _because_ more than one person keeps making this
> mistake.
god damn, jump down my throat why don't you?
People miss my humor so much I sometimes think I'm not funny.
Main Entry: 1root
Pronunciation: 'r|t, 'rut
Function: noun
3 a : something that is an origin or source (as of a condition or
quality) <the love of money is the root of all evil -- 1 Tim 6:10
(Authorized Version)> b : one or more progenitors of a group of
descendants -- usually used in plural c : an underlying support : BASIS
d : the essential core : HEART -- often used in the phrase at root e :
close relationship with an environment : TIE -- usually used in plural
3(d)
Ok, so it was a poor choice of words. I thought it was clever.
> My preferred wrapper would either prompt when called with no argument
> ("Change the password for the foobar account?"), or perhaps force the user
> to specify an account no matter what ("You must provide an account name!").
> However, another possibility would be to simply have the wrapper get the
> real UID and pass that to passwd as an arg, thus changing the password on
> the account the person su'd from. This means that only those who know how
> to get around the wrapper can change the root password. (Of course, if they
> routinely log in as root from the console, that wouldn't work.)
You're right! That is so much easier than another copy of the
original root password in the /etc/passwd (/etc/shadow) file.
> Either way, if your users keep screwing up with root power, some kind of
> safeguards need to be put in place.
My safeguard is another copy of the original root password in the
/etc/password (or /etc/shadow) file. I really didn't see it
as a major foopah.
Scott
