Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Dropping obsolete commands (Linux Pocket Guide)



On Wed, Nov 18, 2015 at 01:10:56PM -0500, Daniel Barrett wrote:
> On Tue, Nov 17, 2015 at 09:08:44PM -0500, Chuck Anderson wrote:
> >> Other than chfn, how do people usually change their Full Name in
> >> /etc/passwd?
> 
> On November 18, 2015, Dan Ritter wrote:
> >usermod comes along with useradd and userdel. Being able to
> >supply everything on the command line (including a password
> >hash) is a great improvement over interactive commands.
> 
> Dan is correct that "usermod -c" does the trick, e.g.,
> 
> $ sudo usermod -c 'John Smith,,,' jsmith
> 
> but unfortunately this command requires write access to /etc/passwd,
> so normal users can't change their own names. In contrast, chfn is
> setuid root, so anybody can change his/her own name. Hmm. Maybe chfn
> has to stay....
> 
> [Insert your own horror story about chfn's setuid root status here.]

I would argue that changing your gecos name is a privileged
action for a reason, and that asking a sysadmin-privileged
person to do it for you is generally proper.

In situations where people get to muck with their own
/etc/passwd and /etc/shadow entries without root privs, there is
inevitably a wrapper which is specific to their place and time.
It might be LDAP or AD. It might be a hastily written shell
script invoked by an insecure CGI. Whatever it is, the entry for
chfn in a pocket guide should probably be:

   If you have root privileges through su or sudo, use usermod. If you
   only have user privileges, you might be able to use chfn, but check
   with your local sysadmin first. They may have a completely different
   system, or just do it for you.

-dsr-



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org