allowed to managing users

Wed Jun 27 04:49:38 EDT 2001

Roman,

No problem, here's a snip from a sudoers file I have that works well:

Cmnd_Alias      PW=/usr/bin/passwd [!-]?*, /usr/bin/passwd -f?*
Cmnd_Alias      PWR=/usr/bin/passwd *root*

MAILACC          ALL=NO PASSWD: PW,!PWR

The PW command alias allows the user to change passwords but with no
switches apart from -f (which on Solaris forces a change at next logon),
and PWR allows the user to change the root password.

MAILACC can run PW but not PWR !  I think this is what you are trying to
achieve.  You could do the same for the other commands.

Cheers

Karl Miles
Computer Security
Littlewoods Retail Limited
+44 (0) 151 235 2760
mailto:karl.miles at littlewoods.co.uk

-----Original Message-----
From: Roman Terleev [mailto:lost at infonet.uz]
Sent: 27 June 2001 09:32
To: sudo-users at courtesan.com
Subject: allowed to managing users

Hello sudo-users,

  I have a question regarding sudoers file.
  When I define sudoers as the following:

  User_Alias     MAILACC = honor

  Cmnd_Alias     MAIL = /usr/sbin/sendmail
  Cmnd_Alias     MANAGING = /usr/sbin/adduser, /usr/sbin/useradd, \
                 /usr/sbin/userdel, /usr/bin/passwd

  MAILACC        ALL = NOPASSWD: MAIL, MANAGING, /var/log/

  I only want add permission for adding, deleting and change password
  for any users, but the user "honor" should not change root account.

  Any idea?

  p.s. sorry for my bad english. =;)

-- 
==============================================================
System Administrator      ||            mailto:lost at infonet.uz
  -=InfoNET ISP=-         ||             http://www.InfoNET.uz
(c) 2001 -=InfoNET=-      ||               Tashkent/Uzbekistan
==============================================================

____________________________________________________________ 
sudo-users mailing list <sudo-users at courtesan.com>
For list information, options, or to unsubscribe, visit:
http://www.courtesan.com/mailman/listinfo/sudo-users

***********************************************************************
Confidentiality: This e-mail and its attachments are intended for the
above named recipient(s) only and may be confidential and/or
privileged. If they have come to you in error you must take no action 
based on them, nor must you copy or disclose them or any part of their 
contents to any person or organisation; please reply to this e-mail 
and highlight the error immediately and delete this e-mail and its 
attachments from your computer system.

Security Warning: Please note that this e-mail has been created in the 
knowledge that Internet e-mail is not a 100% secure communications 
medium. We advise that you understand and observe this lack of 
security  when e-mailing us.

Viruses: Although we have taken steps to ensure that this e-mail and 
its attachments are free from any virus, we advise that in keeping 
with  good computing practice the recipient should ensure they are 
actually  virus free
***********************************************************************