Do I understand sudo correctly?

eric_forgette at eric_forgette at
Tue Feb 22 15:18:09 EST 2000

Hey Chris.
     I don't suggest ever giving someone super user access to run a script, too
big of a security hole.
If you get creative with the students' user names, you wont need a a script.  If
you start your student's user names with stud, you could allow your teachers to
use the following alias:

Cmnd_Alias      UNIXPASS=/usr/bin/passwd stud????
Cmnd_Alias      SAMBAPASS=/usr/bin/smbpasswd stud????

They could then do...

sudo passwd studmary

Hope this helps!

eric_forgette at

From: Chris Hobbs at chobbs on 02/22/2000 02:28 PM

To:   sudo users at at SMTP@Exchange

Subject:  Do I understand sudo correctly?

I'm new :-)

I want to give certain teachers the ability to change students'
passwords, without giving them full access to passwd, smbpasswd, etc.

If I write a Perl script which verifies that they're attempting to deal
with a student's account, have that script call passwd, smbpasswd, etc,
and give the teachers the ability to use sudo to run that script as
root, that will have the desired effect, correct? And they still won't
be able to run passwd, smbpasswd, etc directly as root, right?

As a PS, would anyone be willing to take a look at the script to verify
that I haven't left any gaping holes in it once it is done?


Chris Hobbs       Silver Valley Unified School District
Head geek:              Technology Services Coordinator
postmaster:               chobbs at
PGP Key is available:

More information about the sudo-users mailing list