smbldap-passwd fun.
Vlad
shiwan-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Jul 4 05:02:49 UTC 2006
I'm trying to get users to be able to change their passwords
(LDAP + SAMBA in one go) with smbldap-passwd; this works, but the
command has to read a file that contains the admin password to the
LDAP tree - this is a slight problem.
SETUIDing it doesn't work, because further file-open calls are
done as the user, so permissions are an issue. sudoing doesn't work,
either, because then the user could change anyone else's password.
Annoyingly enough, I can't chmod 711 it, as the shell
complains that it can't read it; so much for being able to execute a
file without having to read it.
Further, I can't just set the users' shell to that command,
because they need to be able to ssh in and run other commands.
About the only thing I can think of is making a custom shell
that only allows a few commands to be run (nothing that could
open/read/cat a file), or using a web-based frontend - I've heard
phpldapadmin or somesuch mentioned.
Has anyone ever ran into such a situation/requirement?
Thanks in advance,
-- Vlad
--
end
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list