Restricting changing passwd

Todd C. Miller Todd.Miller at
Tue Aug 1 09:14:04 EDT 2000

Is there any reason to give people sudo for /usr/bin/passwd at all?
If not you can just say !/usr/bin/passwd.  You can also use shell-style
wildcards.  Beware, however, that if you are saying something like:
    username	machine=ALL, !/usr/bin/passwd
the user will be able to get around the '!/usr/bin/passwd' if he/she
really wants to via a root shell or copying the passwd program to
another name.

 - todd

More information about the sudo-users mailing list