LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   User should be able to change password once in a day (https://www.linuxquestions.org/questions/linux-security-4/user-should-be-able-to-change-password-once-in-a-day-811453/)

vinuss 06-01-2010 06:46 AM
User should be able to change password once in a day
 
Hi,
I want to do setting in RHEL5 such that user should able to change his password only once in a day.
I have changed the fourth field (i.e. minimum number of days to change) in in "/etc/shadow" file for "root" to "1". But its not working. I am able to change the password of "root" using "passwd" command.
Any one can help me out on this issue?
Thanks in advance

Thanks
Vinu

pixellany 06-01-2010 07:49 AM
You say you changed the settings for root----I think you need to change them for each user.

tronayne 06-01-2010 07:54 AM
You won't be able to restrict root from doing anything; if you think about it, doing so could lead to some real trouble if something needs dealing with. Also, only a few people, all administrators, should have any access whatsoever to the root account; if you do have folk that require some access to some privileged commands, that's what sudo is for (minimum grants to non-root users).

Too, there really isn't much need to restricting users ability for changing their own passwords -- you may want to require periodic password changes (that's good practice), but there is no reason to not permit a user's changing their own password every hour if they feel like it (it's their password, why should anybody else give a hoot if they change it?). The root user can, at any time, change any password on the system so there really is no need to restrict users password changes.

If you have a situation where a group of users are working on a project, that's where you want to use group permissions (not group passwords though) to permit each member access to a common directory tree's content. You control who has what access by adding or deleting individual users to a group.

Hope this helps some.

vinuss 06-02-2010 01:51 AM
I have changed 4th field in /etc/shadow file to "1" for non-root users and its working fine. :) But is there any mechanism to restrict root from changing password in one day? (i want to know this just as a curiosity)

Thanks
Vinu

pixellany 06-02-2010 07:00 AM
If you can restrict root from doing something, then what user would be able to override that? Someone has to be at the top of the food chain.

mlnutt 06-02-2010 09:00 AM
Rewrite the "passwd" source to allow only one change per day. Of course, as root, you could always revert to the original source in order to allow more than one password change per day. So, you see, it is impossible to restrict root from changing their own password.

By the way, why would you want to do this?


All times are GMT -5. The time now is 03:49 PM.