LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-24-2006, 02:38 PM   #16
w3bd3vil
Senior Member
 
Registered: Jun 2006
Location: Hyderabad, India
Distribution: Fedora
Posts: 1,191

Rep: Reputation: 49

could you post your sudoers file, maybe you have a error there that you cannot spot. And the error message a user gets when trying to change a password.
These things would probably help...
 
Old 06-24-2006, 08:15 PM   #17
SeRi@lDiE
Member
 
Registered: Jun 2006
Location: /dev/null
Distribution: Slackware 13.1, Slackware 13.37, aptosid, rhel
Posts: 547

Original Poster
Blog Entries: 7

Rep: Reputation: 55
No I have not play with any thing else.... My knowladge is limited but enough to administrate the server.

Here is how my sudoers file looks like....


##################################################################################
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification
Host_Alias SERVERS=servername_here
# User alias specification
User_Alias MIS=username_here, username_here, username_here, username_here

# Cmnd alias specification
Cmnd_Alias SHELLS=/usr/bin/sh, /usr/bin/ksh
Cmnd_Alias SU=/usr/bin/su
Cmnd_Alias KILL=/usr/bin/kill
Cmnd_Alias ADDUSER=/usr/sbin/adduser
Cmnd_Alias SHELL=/usr/sbin/usermod
Cmnd_Alias PTMKUSER=/pti/pt.profile/pt-shell/ptmkuser
Cmnd_Alias APDOSREAD=/pti/pt.profile/pt-shell/apdosread
# Defaults specification
Defaults syslog=auth
Defaults>root !set_logname
Defaults:username_here !authenticate
Defaults lecture
Defaults@SERVERS log_year, logfile=/var/log/sudo.log
# User privilege specification
root ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %MIS ALL=(ALL) ALL
MIS SERVERS=(ALL) KILL, ADDUSER, SHELL, PTMKUSER, APDOSREAD
#####################################################################################


I made some changes so I wont display the real usernames....

Hope the problem lies on my side not a bug...

Last edited by SeRi@lDiE; 06-24-2006 at 08:16 PM.
 
Old 06-26-2006, 10:26 AM   #18
SeRi@lDiE
Member
 
Registered: Jun 2006
Location: /dev/null
Distribution: Slackware 13.1, Slackware 13.37, aptosid, rhel
Posts: 547

Original Poster
Blog Entries: 7

Rep: Reputation: 55
Still with the same problem...
I am puzzled!
Not even tech support can figure this one out...
 
Old 06-27-2006, 10:48 AM   #19
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Not even tech support can figure this one out
Interesting.

Please post:
- General package verification. If any result of the command lists /etc/pam.d config files, please post them here. If there's any binaries listed check the checksum, access rights and ownership:
rpm -Vv --noscripts passwd pam sudo | grep "[M5UG]\{1\}.*"
- Some PAM syslogging. Check syslog.conf for which logfile to grep and use zgrep on the compressed ones:
grep -e "(_pwdb|_unix).*(pass|acct)" /var/log/messages
- the *exact* steps you take to enable or disable users being able to run /usr/bin/passwd?
- the exact errors shown in the case where any regular user can't change his/her password? If there are none given: try to generate them yourself as regular user. If there still are none: run password as regular user like this: strace -v -o /tmp/passwd.strace /usr/bin/passwd and post the contents of /tmp/passwd.strace.
 
Old 06-27-2006, 01:16 PM   #20
katayamma
Member
 
Registered: Jan 2006
Posts: 37

Rep: Reputation: 15
Out of curiosity, what are the properties on your password file. They should look something like this:

-rws--x--x 1 root bin 37880 2004-06-21 14:20 /usr/bin/passwd*

If it doesn't have -rws--x--x on the permissions, you need to do a 4711 on the file.
 
Old 06-27-2006, 09:04 PM   #21
SeRi@lDiE
Member
 
Registered: Jun 2006
Location: /dev/null
Distribution: Slackware 13.1, Slackware 13.37, aptosid, rhel
Posts: 547

Original Poster
Blog Entries: 7

Rep: Reputation: 55
Quote:
Originally Posted by unSpawn
Not even tech support can figure this one out
Interesting.

Please post:
- General package verification. If any result of the command lists /etc/pam.d config files, please post them here. If there's any binaries listed check the checksum, access rights and ownership:
rpm -Vv --noscripts passwd pam sudo | grep "[M5UG]\{1\}.*"
- Some PAM syslogging. Check syslog.conf for which logfile to grep and use zgrep on the compressed ones:
grep -e "(_pwdb|_unix).*(pass|acct)" /var/log/messages
- the *exact* steps you take to enable or disable users being able to run /usr/bin/passwd?
- the exact errors shown in the case where any regular user can't change his/her password? If there are none given: try to generate them yourself as regular user. If there still are none: run password as regular user like this: strace -v -o /tmp/passwd.strace /usr/bin/passwd and post the contents of /tmp/passwd.strace.

Will post the above info when I get to work...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 04:20 PM
sudo kaplan71 SUSE / openSUSE 4 09-26-2005 11:42 AM
About sudo alnreddy Linux - Security 3 06-13-2005 01:53 PM
need help with sudo mla Linux - Software 4 10-02-2003 12:05 PM
sudo? nabil Linux - Security 1 02-12-2001 02:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration