Gary Winiger wrote:
>>> suid binary in /usr/bin:
>>> - allows users to change their own shell
>>> - via RBAC allows users with the solaris.admin.usermgr.write privilege
>>> to change anyone's shell
>>>
>>> I have some code that works here: http://cr.opensolaris.org/~error404/chsh/
>>>
>> I wouldn't use a setuid binary in /usr/bin/ - originally I planned to
>> have a plugin system which support more than /etc/passwd, e.g. have
>> plugins which are selected per /etc/nsswitch.conf and then allow setting
>> the shell+gcos information for { /etc/passwd, NIS+, YP, LDAP } and allow
>> deployment of 3rd-party plugins, too (the plugin for /etc/passwd would
>> be setuid to access /etc/passwd r/w but the /usr/bin/chsh and
>> /usr/bin/chgcos wouldn't be setuid).
>>
>
> Independent of what the command(s) are called, or what policy
> they enforce, the current smc(1m), and smuser(1m) do allow
> changing shell and finger info. Anything else really needs
> to be linked to $SRC/cmd/passwd/passwd.c and the implementation
> done there as it has internal interfaces designed to properly
> deal with the various name service repositories for the passwd
> map.
>
> Gary..
>
The code I posted earlier was written after reading
useradd/usermod/userdel . They only modify the local password database (
via passmgmt ) so that is what I did.
Presumably places that use ldap/NIS/what have you already have methods
in place of modifying the databases, so I thought it alright, given the
behavior of user${foo} to ignore that particular problem.
