Restricting changing passwd
Todd C. Miller
Todd.Miller at courtesan.com
Tue Aug 1 09:14:04 EDT 2000
Is there any reason to give people sudo for /usr/bin/passwd at all?
If not you can just say !/usr/bin/passwd. You can also use shell-style
wildcards. Beware, however, that if you are saying something like:
username machine=ALL, !/usr/bin/passwd
the user will be able to get around the '!/usr/bin/passwd' if he/she
really wants to via a root shell or copying the passwd program to
another name.
- todd
More information about the sudo-users
mailing list