Originally posted by: karthikraja

Hi ,

How to restrict the user from changing their passwd ? (ie should not able to execute passwd command)
i tried removing the setuid , but no luck.

Thanks,
Karthik

Originally posted by: hdkutz

Hello,
check the "minage" Option at the man Page of "chuser".
Unfortunatly the age of a password is restricted to 52 Weeks.

Cheers,
ku

Originally posted by: karthikraja

Hi zu,

The thing is User should not use the passwd command , minage the minimum number of weeks required for changing the password.

Thanks,
Karthik

Originally posted by: shargus

Your original question was "how to restrict the user from changing their password". If you set the minage to the maximum value, the system will not let the users change their password for that length of time, no matter what method they use.

Unfortunately, as karthikraja pointed out, the maximum value for minage is 52 weeks, or 1 year. You might be able to extend it by changing the lastupdate on the password for that account on a regular basis, say, doing a chsec in a cronjob.

Originally posted by: shargus

"Unfortunately, as karthikraja pointed out, "

Sorry - hdkutz.

Originally posted by: orphy

I don't know the exact requirements behind this but you could possibly use chmod 4550 passwd and no users would be able to execute the command unless they are root or are part of the security group. Should you choose to go this route, one thing you need to make sure is that this has to be done every time after you apply any AIX updates or that you have to put this in cron to have chmod done regularly.
Orphy

Originally posted by: shargus

Would probably need to do that to the chpasswd command as well.

Originally posted by: orphy

Actually, joe and jane users are not allowed to exec chpasswd...
Orphy