root password in a .py script
Cameron Laird
claird at lairds.com
Sat Mar 13 13:52:43 EST 2004
In article <7xvfl9hgpz.fsf at ruckus.brouhaha.com>,
Paul Rubin <http://phr.cx@NOSPAM.invalid> wrote:
>Bart Nessux <bart_nessux at hotmail.com> writes:
>> Well, it works. They change the password and the script changes it
>> back... try it yourself on Mac OSX 10.3.x, before claiming it doesn't
>> work.
>
>That script can only work if it's running as root, not just owned by
>root. Why do you want to change the password anyway, if you can
>already run stuff as root?
Paul, I think I can answer that one. He has users who appear to be
changing root password out from under him. We all agree there ought
to be a policy against that. Rathering than dealing with it on the
policy level, Mr. Nessux has alertly observed that cron can be a way
to armor the individual hosts against these troublesome users. It's
not aesthetic, and most of us don't think we'd take that approach in
his situation, but cron-ing a back-to-before hack seems to meet his
needs.
So: the short answer might be that the only thing he can run as
root in the situation under consideration is something he's set up
ahead of time, like a cron or at or such.
--
Cameron Laird <claird at phaseit.net>
Business: http://www.Phaseit.net
More information about the Python-list
mailing list