allowed to managing users
Miles, Karl
Karl.Miles at littlewoods.co.uk
Wed Jun 27 04:49:38 EDT 2001
Roman,
No problem, here's a snip from a sudoers file I have that works well:
Cmnd_Alias PW=/usr/bin/passwd [!-]?*, /usr/bin/passwd -f?*
Cmnd_Alias PWR=/usr/bin/passwd *root*
MAILACC ALL=NO PASSWD: PW,!PWR
The PW command alias allows the user to change passwords but with no
switches apart from -f (which on Solaris forces a change at next logon),
and PWR allows the user to change the root password.
MAILACC can run PW but not PWR ! I think this is what you are trying to
achieve. You could do the same for the other commands.
Cheers
Karl Miles
Computer Security
Littlewoods Retail Limited
+44 (0) 151 235 2760
mailto:karl.miles at littlewoods.co.uk
-----Original Message-----
From: Roman Terleev [mailto:lost at infonet.uz]
Sent: 27 June 2001 09:32
To: sudo-users at courtesan.com
Subject: allowed to managing users
Hello sudo-users,
I have a question regarding sudoers file.
When I define sudoers as the following:
User_Alias MAILACC = honor
Cmnd_Alias MAIL = /usr/sbin/sendmail
Cmnd_Alias MANAGING = /usr/sbin/adduser, /usr/sbin/useradd, \
/usr/sbin/userdel, /usr/bin/passwd
MAILACC ALL = NOPASSWD: MAIL, MANAGING, /var/log/
I only want add permission for adding, deleting and change password
for any users, but the user "honor" should not change root account.
Any idea?
p.s. sorry for my bad english. =;)
--
==============================================================
System Administrator || mailto:lost at infonet.uz
-=InfoNET ISP=- || http://www.InfoNET.uz
(c) 2001 -=InfoNET=- || Tashkent/Uzbekistan
==============================================================
____________________________________________________________
sudo-users mailing list <sudo-users at courtesan.com>
For list information, options, or to unsubscribe, visit:
http://www.courtesan.com/mailman/listinfo/sudo-users
***********************************************************************
Confidentiality: This e-mail and its attachments are intended for the
above named recipient(s) only and may be confidential and/or
privileged. If they have come to you in error you must take no action
based on them, nor must you copy or disclose them or any part of their
contents to any person or organisation; please reply to this e-mail
and highlight the error immediately and delete this e-mail and its
attachments from your computer system.
Security Warning: Please note that this e-mail has been created in the
knowledge that Internet e-mail is not a 100% secure communications
medium. We advise that you understand and observe this lack of
security when e-mailing us.
Viruses: Although we have taken steps to ensure that this e-mail and
its attachments are free from any virus, we advise that in keeping
with good computing practice the recipient should ensure they are
actually virus free
***********************************************************************
More information about the sudo-users
mailing list