[Discuss] Dropping obsolete commands (Linux Pocket Guide)
Dan Ritter
dsr at randomstring.org
Wed Nov 18 14:30:27 EST 2015
On Wed, Nov 18, 2015 at 01:10:56PM -0500, Daniel Barrett wrote:
> On Tue, Nov 17, 2015 at 09:08:44PM -0500, Chuck Anderson wrote:
> >> Other than chfn, how do people usually change their Full Name in
> >> /etc/passwd?
>
> On November 18, 2015, Dan Ritter wrote:
> >usermod comes along with useradd and userdel. Being able to
> >supply everything on the command line (including a password
> >hash) is a great improvement over interactive commands.
>
> Dan is correct that "usermod -c" does the trick, e.g.,
>
> $ sudo usermod -c 'John Smith,,,' jsmith
>
> but unfortunately this command requires write access to /etc/passwd,
> so normal users can't change their own names. In contrast, chfn is
> setuid root, so anybody can change his/her own name. Hmm. Maybe chfn
> has to stay....
>
> [Insert your own horror story about chfn's setuid root status here.]
I would argue that changing your gecos name is a privileged
action for a reason, and that asking a sysadmin-privileged
person to do it for you is generally proper.
In situations where people get to muck with their own
/etc/passwd and /etc/shadow entries without root privs, there is
inevitably a wrapper which is specific to their place and time.
It might be LDAP or AD. It might be a hastily written shell
script invoked by an insecure CGI. Whatever it is, the entry for
chfn in a pocket guide should probably be:
If you have root privileges through su or sudo, use usermod. If you
only have user privileges, you might be able to use chfn, but check
with your local sysadmin first. They may have a completely different
system, or just do it for you.
-dsr-
More information about the Discuss
mailing list