restricting within command
bjuda at lucent.com
Wed May 17 16:18:06 EDT 2000
> I plan on allowing our helpdesk to change users passwords using sudo as the
> means of allowing this privilege.
> However, as someone just pointed out to me, the helpdesk will also be able to
> change root's password.
> So is there anyway of tightening the privilege in this one respect.
I have the command listed as follows in /etc/sudoers:
/bin/passwd [a-z]*,!/bin/passwd root,.........
The NOT (!) construction applies the exception needed.
More information about the sudo-users