[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Problem with Passwd (Suse 8.2)



Hello,

i have the following setup on my server:

Suse 8.2 Professional as operating system and RSBAC and Pax as security enhancements. As server programs I have apache, mysql and samba installed and RSBAC configured accordingly. So far the system works fine.

In order to prevent that some bad guy - who has somehow acquired root privileges - from changing the password of the RSBAC "security-officer", logging in as him and deactivating RSBAC, I wanted to "move" the right of changing password to a seperate user, creating a "password officer". For that I created a seperate "RC_FD" (filetype definition in the role based access model) for /etc/passwd and /etc/shadow, so I can define, which user shall have read-write access on them. Up to that point I have got it working.
The problem is now, that passwd only allows root to change passwords from other users. With the tools of RSBAC I could persuade passwd to accept an other user as system administrator, as substitute for root.

Is there a way, to get passwd accepting an other user as entitled to changing other users passwords ?

Thank you very much in advance.

With best regards.
    Patrique Wolfrum