root password in a .py script

Cameron Laird claird at lairds.com
Sat Mar 13 13:52:43 EST 2004


In article <7xvfl9hgpz.fsf at ruckus.brouhaha.com>,
Paul Rubin  <http://phr.cx@NOSPAM.invalid> wrote:
>Bart Nessux <bart_nessux at hotmail.com> writes:
>> Well, it works. They change the password and the script changes it
>> back... try it yourself on Mac OSX 10.3.x, before claiming it doesn't
>> work.
>
>That script can only work if it's running as root, not just owned by
>root.  Why do you want to change the password anyway, if you can
>already run stuff as root?

Paul, I think I can answer that one.  He has users who appear to be
changing root password out from under him.  We all agree there ought
to be a policy against that.  Rathering than dealing with it on the
policy level, Mr. Nessux has alertly observed that cron can be a way
to armor the individual hosts against these troublesome users.  It's
not aesthetic, and most of us don't think we'd take that approach in
his situation, but cron-ing a back-to-before hack seems to meet his
needs.

So:  the short answer might be that the only thing he can run as
root in the situation under consideration is something he's set up
ahead of time, like a cron or at or such.
-- 

Cameron Laird <claird at phaseit.net>
Business:  http://www.Phaseit.net



More information about the Python-list mailing list