Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!uwm.edu!linac!mp.cs.niu.edu!rickert
From: rickert@mp.cs.niu.edu (Neil Rickert)
Newsgroups: comp.unix.admin
Subject: Re: chfn...can I??
Message-ID: <1991Apr4.131159.901@mp.cs.niu.edu>
Date: 4 Apr 91 13:11:59 GMT
References: <SHAHRYAR.91Mar29123159@sfsuvax1.sfsu.edu> <1991Apr3.161841.26270@ioe.lon.ac.uk> <1991Apr4.110459.26216@casbah.acns.nwu.edu>
Organization: Northern Illinois University
Lines: 26

In article <1991Apr4.110459.26216@casbah.acns.nwu.edu> navarra@casbah.acns.nwu.edu (John Navarra) writes:
>
>       Funny that I am seeing this subject cropping up everywhere. For some 
> reason people don't like bogus fullnames. Well first off if you want to 
> completely rid yourself of this fullname option you are going to have to do
> more than change the perms on chfn. As it has been pointed out, there is the
> esoteric passwd -f option. So the first thing you have to do is edit the 

 You are making it sound far too complex.

 All you need is a relatively simple program which does some simple
parameter checking, then does an execv() to the real 'chfn' and company.
Next move the real binary to a different directory, turn off its suid bit,
move the replacement in place and make it suid root.  (You could probably
make do with an suid perl script).  That way only root can
execute the real 'chfn' without first going through the front end.

 I suspect that the amount of abusive use is still too small to justify
doing even this.  The cost is not the programming, but the extra work it
imposes on administrators when a 'chfn' is appropriate.

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert@cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115                                   +1-815-753-6940