Restricting changing passwd
Ritesh Raj Joshi
ritesh at mos.com.np
Thu Aug 3 04:45:59 EDT 2000
Thanks for the input Ray. Using "!/usr/bin/passwd root" in the Cmd_alias
does prevent a user from changing the root passwd.
When user tries this: "sudo /usr/sbin/passwd" only it changes the passwd
for himself though I know "sudo" runs as root.
Actually I also got suspicious after I read your mail but tried it out to
confirm it.
Please see below:
------------------------------
ritesh at chulu: {4} % sudo /usr/bin/passwd
Changing local password for ritesh.
New password (128 significant characters):
------------------------------
ritesh at chulu: {5} % sudo /usr/bin/passwd root
Sorry, user ritesh is not allowed to execute "/usr/bin/passwd root" as
root on chulu.mos.com.np.
------------------------------
I shall try to go through the archive for a wrapper for my purpose.
Though it would have been great if you could have provided me with one.
Once again a BIG "thanks" for all you helpers out there !
Rgds,
\\Ritesh
| r i t e s h r a j j o s h i
| system administrator
| MERCANTILE COMMUNICATIONS PVT. LTD
| www.mos.com.np
| hotline:240920
On Tue, 1 Aug 2000, Yocom, Ray wrote:
> Are you sure you have disabled the password change for root. Depending the
> flavor of UNIX,
> /usr/bin/passwd with no argument will use the "effective" user as opposed to
> the user logged in on your terminal. When you sudo /usr/bin/passwd the
> effective user is root thus changing the password for root. The only fix I
> know of in this case and the best fix for your other issue is to build a
> wrapper for the /usr/bin/passwd command. Several nice examples have been
> provided in previous threads. You could check against your "system" or
> "adm" group in /etc/group so that whenever you added a new admin to your
> system they would automatically be excluded from the sudo password change.
>
>
> -----Original Message-----
> From: Ritesh Raj Joshi [mailto:ritesh at mos.com.np]
> Sent: Tuesday, August 01, 2000 3:20 AM
> To: sudo-users at courtesan.com
> Subject: Restricting changing passwd
>
>
> HI all!
> I am using CU Sudo version 1.5.3 and trying to restrict users from
> changing passwd of other collegues.
> I have successfully done this for "root" with !/usr/bin/passwd root .
> But how do I restrict for a list of users without having to repeat the
> above mentioned command for each and every user.
> Is there some kind of wildcards or aliasing that can be employed here.
> Thanks in advance ...
>
> Rgds,
>
> \\Ritesh
>
> | r i t e s h r a j j o s h i
> | system administrator
> | MERCANTILE COMMUNICATIONS PVT. LTD
> | www.mos.com.np
> | hotline:240920
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at courtesan.com>
> For list information, options, or to unsubscribe, visit:
> http://www.courtesan.com/mailman/listinfo/sudo-users
> ____________________________________________________________
> sudo-users mailing list <sudo-users at courtesan.com>
> For list information, options, or to unsubscribe, visit:
> http://www.courtesan.com/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list