chfn...can I??

Neil Rickert rickert at mp.cs.niu.edu
Thu Apr 4 23:11:59 AEST 1991


In article <1991Apr4.110459.26216 at casbah.acns.nwu.edu> navarra at casbah.acns.nwu.edu (John Navarra) writes:
>
>       Funny that I am seeing this subject cropping up everywhere. For some 
> reason people don't like bogus fullnames. Well first off if you want to 
> completely rid yourself of this fullname option you are going to have to do
> more than change the perms on chfn. As it has been pointed out, there is the
> esoteric passwd -f option. So the first thing you have to do is edit the 

 You are making it sound far too complex.

 All you need is a relatively simple program which does some simple
parameter checking, then does an execv() to the real 'chfn' and company.
Next move the real binary to a different directory, turn off its suid bit,
move the replacement in place and make it suid root.  (You could probably
make do with an suid perl script).  That way only root can
execute the real 'chfn' without first going through the front end.

 I suspect that the amount of abusive use is still too small to justify
doing even this.  The cost is not the programming, but the extra work it
imposes on administrators when a 'chfn' is appropriate.

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert at cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115                                   +1-815-753-6940



More information about the Comp.unix.admin mailing list