Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
06-24-2006, 02:38 PM
|
#16
|
Senior Member
Registered: Jun 2006
Location: Hyderabad, India
Distribution: Fedora
Posts: 1,191
Rep:
|
could you post your sudoers file, maybe you have a error there that you cannot spot. And the error message a user gets when trying to change a password.
These things would probably help...
|
|
|
06-24-2006, 08:15 PM
|
#17
|
Member
Registered: Jun 2006
Location: /dev/null
Distribution: Slackware 13.1, Slackware 13.37, aptosid, rhel
Posts: 547
Original Poster
Rep:
|
No I have not play with any thing else.... My knowladge is limited but enough to administrate the server.
Here is how my sudoers file looks like....
##################################################################################
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
Host_Alias SERVERS=servername_here
# User alias specification
User_Alias MIS=username_here, username_here, username_here, username_here
# Cmnd alias specification
Cmnd_Alias SHELLS=/usr/bin/sh, /usr/bin/ksh
Cmnd_Alias SU=/usr/bin/su
Cmnd_Alias KILL=/usr/bin/kill
Cmnd_Alias ADDUSER=/usr/sbin/adduser
Cmnd_Alias SHELL=/usr/sbin/usermod
Cmnd_Alias PTMKUSER=/pti/pt.profile/pt-shell/ptmkuser
Cmnd_Alias APDOSREAD=/pti/pt.profile/pt-shell/apdosread
# Defaults specification
Defaults syslog=auth
Defaults>root !set_logname
Defaults:username_here !authenticate
Defaults lecture
Defaults@SERVERS log_year, logfile=/var/log/sudo.log
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %MIS ALL=(ALL) ALL
MIS SERVERS=(ALL) KILL, ADDUSER, SHELL, PTMKUSER, APDOSREAD
#####################################################################################
I made some changes so I wont display the real usernames....
Hope the problem lies on my side not a bug...
Last edited by SeRi@lDiE; 06-24-2006 at 08:16 PM.
|
|
|
06-26-2006, 10:26 AM
|
#18
|
Member
Registered: Jun 2006
Location: /dev/null
Distribution: Slackware 13.1, Slackware 13.37, aptosid, rhel
Posts: 547
Original Poster
Rep:
|
Still with the same problem...
I am puzzled!
Not even tech support can figure this one out...
|
|
|
06-27-2006, 10:48 AM
|
#19
|
Moderator
Registered: May 2001
Posts: 29,415
|
Not even tech support can figure this one out
Interesting.
Please post:
- General package verification. If any result of the command lists /etc/pam.d config files, please post them here. If there's any binaries listed check the checksum, access rights and ownership:
rpm -Vv --noscripts passwd pam sudo | grep "[M5UG]\{1\}.*"
- Some PAM syslogging. Check syslog.conf for which logfile to grep and use zgrep on the compressed ones:
grep -e "(_pwdb|_unix).*(pass|acct)" /var/log/messages
- the *exact* steps you take to enable or disable users being able to run /usr/bin/passwd?
- the exact errors shown in the case where any regular user can't change his/her password? If there are none given: try to generate them yourself as regular user. If there still are none: run password as regular user like this: strace -v -o /tmp/passwd.strace /usr/bin/passwd and post the contents of /tmp/passwd.strace.
|
|
|
06-27-2006, 01:16 PM
|
#20
|
Member
Registered: Jan 2006
Posts: 37
Rep:
|
Out of curiosity, what are the properties on your password file. They should look something like this:
-rws--x--x 1 root bin 37880 2004-06-21 14:20 /usr/bin/passwd*
If it doesn't have -rws--x--x on the permissions, you need to do a 4711 on the file.
|
|
|
06-27-2006, 09:04 PM
|
#21
|
Member
Registered: Jun 2006
Location: /dev/null
Distribution: Slackware 13.1, Slackware 13.37, aptosid, rhel
Posts: 547
Original Poster
Rep:
|
Quote:
Originally Posted by unSpawn
Not even tech support can figure this one out
Interesting.
Please post:
- General package verification. If any result of the command lists /etc/pam.d config files, please post them here. If there's any binaries listed check the checksum, access rights and ownership:
rpm -Vv --noscripts passwd pam sudo | grep "[M5UG]\{1\}.*"
- Some PAM syslogging. Check syslog.conf for which logfile to grep and use zgrep on the compressed ones:
grep -e "(_pwdb|_unix).*(pass|acct)" /var/log/messages
- the *exact* steps you take to enable or disable users being able to run /usr/bin/passwd?
- the exact errors shown in the case where any regular user can't change his/her password? If there are none given: try to generate them yourself as regular user. If there still are none: run password as regular user like this: strace -v -o /tmp/passwd.strace /usr/bin/passwd and post the contents of /tmp/passwd.strace.
|
Will post the above info when I get to work...
|
|
|
All times are GMT -5. The time now is 09:18 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|