Shell for only changing password

Question

I need to restrict all access to a user on a RHEL 8 system and allow them to only change their own password. I thought that I could do

[root]$ usermod <username> -s /bin/passwd

but this is not working. What am I missing?

Update:

To be clear, the behavior is that, once the machine boots (multi-user.target) and you see that screen where you enter first your user name and then the prompt changes to ask for the password, if you enter the user for which I set the shell to either /bin/passwd or /usr/bin/passwd (and either via vipw straight into /etc/passwd or via usermod), the screen resets and in a split second it's back again to ask for a user name, as if nothing had happened. Everything else is unchanged; with root, it just continues to work as normal.

Are you trying to login with a GUI or text console? What happens if you try to `ssh` in as that user? — Stephen Harris, Oct 28 '20 at 01:01

score 0 · Answer 1 · answered Oct 28 '20 at 00:26

0

What you need to do is to replace the shell in /etc/passwd file with /usr/bin/passwd or whatever is the path to your passwd command. You can do that by using the command vipw. I am not sure if chsh will allow you to change to a non-shell binary in that field.

usermod -s is also looking for an approved shell and /bin/passwd is obviously not an approved shell.

answered Oct 28 '20 at 00:26

unxnut

5,908
2
19
27

btw what's an "approved" shell? – Katerl3s Oct 28 '20 at 00:44
1

An approved shell is one that the user can change to. You can get a list by using the command `chsh -l`. – unxnut Oct 28 '20 at 02:48

Shell for only changing password

1 Answers1