restricting within command

Burt Juda bjuda at
Wed May 17 16:18:06 EDT 2000

"julian.rogan" wrote:
> I plan on allowing our helpdesk to change users passwords using sudo as the
> means of allowing this privilege.
> However, as someone just pointed out to me, the helpdesk will also be able to
> change root's password.
> So is there anyway of tightening the privilege in this one respect.

I have the command listed as follows in /etc/sudoers:

	/bin/passwd [a-z]*,!/bin/passwd root,.........

The NOT (!) construction applies the exception needed.

   - Burt

More information about the sudo-users mailing list