Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
When I try to login (in user mode, say as user abcde) to a remote linux system using SSH, and the password has expired, am rompted to change password. However, I cannot change the same as "abcde", though I can change it from the root mode.
Can anybody help?
What exactly do you need help with? It sounds like you are able to set it back with the root account. What else do you want to do? Turn off password history or expirations?
Thank you for the response. Two things regarding this solution:
1> With this solution, still a "root" interference is needed in order to change abcde's own password. Do you not think, that, a user, even if (s)he is an ordinary user, should have the permission to change his/ her own password?
2> With the command "passwd -d abcde", the root can offer to altogather remove the option from asking "abcde" for a password from next login. Is this not more vulnerable than allowing an user to change his password?
1> With this solution, still a "root" interference is needed in order to change abcde's own password. Do you not think, that, a user, even if (s)he is an ordinary user, should have the permission to change his/ her own password?
NO, giving sudo rights means, we enable a user to run few commands decided by us as root.
root interference is NOT needed. You might need this to implement sudo rights
Quote:
Originally Posted by sudarsh
2> With the command "passwd -d abcde", the root can offer to altogather remove the option from asking "abcde" for a password from next login. Is this not more vulnerable than allowing an user to change his password?
Dear, what you are saying is to have a password less user abcde. Do you think this is right ? Anyone, in you network can have access to this user and he would be delighted to have a password less access. If you are thinking to have a password less access, more suitable way is to implement ssh keys.
I would request you to give me you requirement, what exaclty are you looking :
1) A password less account
2) User can himself can change the password after it has expired (as mentioned in your earlier post).
Also, you can set abcde password as non-expiring. This password will never expire.
Code:
chage -d 99999 abcde
Last edited by vikas027; 09-07-2009 at 10:10 AM.
Reason: Added few more lines, entered something wrong by mistake
First of all, thank you very much for the sudoers' and the ssh keys links.
About my requirement:
you are right, I dont need a password less user, I need a user who can change his password himself whenever it expires, without involving the root in anyway. At present, every 45 days, the passwd expires. So, whenever the user tries to login through ssh after passwd expiry, he is informed so, but he cannot change the password himself.
Actually, I have checked the chage -l option too, and the values are:
lab-139:~ # chage -l "abacde"
Minimum: 0
Maximum: 10000
Warning: -1
Inactive: -1
Last Change: Apr 22, 2008
Password Expires: Never
Password Inactive: Never
Account Expires: Never
lab-139:~ #
However, it doesnot take effect, possibly because we seem to be using a customized version of linux. I think this is the root of all the problem.
First of all, thank you very much for the sudoers' and the ssh keys links.
About my requirement:
you are right, I dont need a password less user, I need a user who can change his password himself whenever it expires, without involving the root in anyway. At present, every 45 days, the passwd expires. So, whenever the user tries to login through ssh after passwd expiry, he is informed so, but he cannot change the password himself.
Actually, I have checked the chage -l option too, and the values are:
lab-139:~ # chage -l "abacde"
Minimum: 0
Maximum: 10000
Warning: -1
Inactive: -1
Last Change: Apr 22, 2008
Password Expires: Never
Password Inactive: Never
Account Expires: Never
lab-139:~ #
However, it doesnot take effect, possibly because we seem to be using a customized version of linux. I think this is the root of all the problem.
-Sudarshan
See, in any case it is not possible for a user to change his password after it expires.
BUT, what can be done is give him sudo rights so that he can change his pasword when while logging it starts giving him warning that his password is going to expire. As explained in earlier post, this command can be used.
You need to enable the warning period, so that he starts getting warnings eg 5 days before expiry. Once its expired and he's logged out, obviously he cannot login again, that's the point of expiring a passwd.
See the -W switch http://linux.die.net/man/1/chage
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
