restricting within command
Martin_Scott at compuware.com
Mon Mar 20 09:45:44 EST 2000
I have used the following, I am not aware of any significant security holes
that this will introduce (if you find one, please let me know):
# All accounts in this group **** MUST **** have an entry in the
# An entry ****MUST**** be made here for each account in the User_Alias for
Cmnd_Alias NO_PASSWD_CMNDS=/usr/bin/passwd root, /usr/bin/passwd
USER_ADMINS UNIX_HOSTS=USER_MAINT_CMNDS, !NO_PASSWD_CMNDS
My Unix's version of passwd will not prompt for a username, it will take the
name as a parameter or default to the username running the command.
From: Matthew Hannigan
[mailto:Matthew.Hannigan at nl.abnamro.com]
Sent: Monday, March 20, 2000 5:04 AM
Subject: Re: restricting within command
I think the standard thing to do is to write a small
which restricts the changes (by uid or group for instance).
Julian.Rogan at Unilever.com on 20/03/2000 10:44:00
To: sudo-users at courtesan.com
cc: (bcc: Matthew Hannigan/NL/ABNAMRO/NL)
Subject: restricting within command
I plan on allowing our helpdesk to change users passwords
using sudo as
means of allowing this privilege.
However, as someone just pointed out to me, the helpdesk
will also be
change root's password.
So is there anyway of tightening the privilege in this one
More information about the sudo-users