Do I understand sudo correctly?
eric_forgette at vapower.com
eric_forgette at vapower.com
Tue Feb 22 15:18:09 EST 2000
Hey Chris.
I don't suggest ever giving someone super user access to run a script, too
big of a security hole.
If you get creative with the students' user names, you wont need a a script. If
you start your student's user names with stud, you could allow your teachers to
use the following alias:
Cmnd_Alias UNIXPASS=/usr/bin/passwd stud????
Cmnd_Alias SAMBAPASS=/usr/bin/smbpasswd stud????
They could then do...
sudo passwd studmary
Hope this helps!
Eric
eric_forgette at vapower.com
From: Chris Hobbs at chobbs on 02/22/2000 02:28 PM
To: sudo users at sudo-users@courtesan.com at SMTP@Exchange
cc:
Subject: Do I understand sudo correctly?
I'm new :-)
I want to give certain teachers the ability to change students'
passwords, without giving them full access to passwd, smbpasswd, etc.
If I write a Perl script which verifies that they're attempting to deal
with a student's account, have that script call passwd, smbpasswd, etc,
and give the teachers the ability to use sudo to run that script as
root, that will have the desired effect, correct? And they still won't
be able to run passwd, smbpasswd, etc directly as root, right?
As a PS, would anyone be willing to take a look at the script to verify
that I haven't left any gaping holes in it once it is done?
Thanks!
--
Chris Hobbs Silver Valley Unified School District
Head geek: Technology Services Coordinator
webmaster: http://www.silvervalley.k12.ca.us/chobbs/
postmaster: chobbs at silvervalley.k12.ca.us
-------------------------------------------------------
PGP Key is available:
http://www.silvervalley.k12.ca.us/chobbs/pubkey.txt
More information about the sudo-users
mailing list