I have a remote server to which I login using ssh. Is there a way to be notified through email (using a bash script) when someone changes the user password using passwd including the new password?
I am guessing it has to do with /etc/pam/passwd, but not entirely sure what the trigger and flags should be.
This would be useful if for example I give my access to a “friend” and they decide to lock me out of my account. Of course I could create a new account for them etc, but this is more of a “it should be possible” task rather than a practical one.
Personal passwords are only supposed to be known by the user themselves. Not even the root user is supposed to know them, which is why they are stored encrypted. Of course, the root user has sufficient access to decrypt them, but the principle is the same.
If you are giving your “friend” access, them assign them proper privileges! Do not make them a root user, and you shouldn’t be a root user either. Then you’re “friend” won’t have access to change your password, let along muck about in areas they aren’t supposed to be in.
If you absolutely must monitor the passwd and shadow files, install iwatch. Then set it to watch the /etc/passwd and /etc/shadow files. If they change, it runs a script that decrypts the file and emails someone. If you keep a copy to diff against, you’ll even know who changed. You should probably also gpg the email, so that it does not go over the internet in plain text, since it has everyone’s password in it. Please note that any other users on the system will be upset by the dystopian world they find themselves in.
Just because root is the law of the land does not mean we want to be living in 1984.