This has bothered me for a while... and it would be nice to see this as being a configurable option. I don't want my regular users to be able to change their name. They can contact root if they have a valid reason. But they should be able to change the rest of the info. Either way this is just a little documentation complaint. The file /etc/login.defs contains this option: # # Require password before chfn/chsh can make any changes. # CHFN_AUTH yes # Don't allow users to change their "real name" using chfn. # CHFN_RESTRICT yes But they do not work. Namely the problem is that /etc/login.defs comes from shadow-utils, whereas chfn comes from util-linux. So for now I guess removing these three lines would be OK. (The first should be on, all the time anyway.) [root@zarg /etc]# rpm -qf /etc/login.defs shadow-utils-980403-5a [root@zarg /etc]# rpm -qf /usr/bin/chfn util-linux-2.9-6c
We are not using the login.defs file to control the behavior of the chfn and chsh utilities
Ok, then can the references to chfn/chsh be removed from shadow-970616.login.defs (/etc/login.defs). If it is not used it just creates confusion if it is in the file.
fixed in shadow-utils-980403-8 and later.