not to change root password

Miles, Karl Karl.Miles at littlewoods.co.uk
Thu Jun 28 03:16:19 EDT 2001


Ronald,

I posted something similar yesterday... Here it is again:

Cmnd_Alias      PW=/usr/bin/passwd [!-]?*, /usr/bin/passwd -f?*
Cmnd_Alias      PWR=/usr/bin/passwd *root*

HELPDESK       ALL=NO PASSWD: PW,!PWR

The PW command alias allows the user to change passwords but with no
switches apart from -f (which on Solaris forces a change at next logon),
and PWR allows the user to change the root password.

MAILACC can run PW but not PWR !  I think this is what you are trying to
achieve.  You could do the same for the other commands.

Karl Miles
Computer Security
Littlewoods Retail Limited
+44 (0) 151 235 2760
mailto:karl.miles at littlewoods.co.uk



-----Original Message-----
From: Ronald Warner [mailto:cscrw at mail.dlsu.edu.ph]
Sent: 28 June 2001 02:25
To: sudo-users at courtesan.com
Subject: not to change root password


in /etc/sudoers, we have the following for helpdesk users:

HELPDESK  ALL = /root/data/, /usr/bin/passwd, !/usr/bin/passwd root

it seems that though i have specified that they can't run "sudo 
passwd root", they can still change root password by running 
"sudo passwd".  how do i fix this?  i want helpdesk to be able to 
change other user's passwords but not root's.

thanks.
____________________________________________________________ 
sudo-users mailing list <sudo-users at courtesan.com>
For list information, options, or to unsubscribe, visit:
http://www.courtesan.com/mailman/listinfo/sudo-users


***********************************************************************
Confidentiality: This e-mail and its attachments are intended for the
above named recipient(s) only and may be confidential and/or
privileged. If they have come to you in error you must take no action 
based on them, nor must you copy or disclose them or any part of their 
contents to any person or organisation; please reply to this e-mail 
and highlight the error immediately and delete this e-mail and its 
attachments from your computer system.

Security Warning: Please note that this e-mail has been created in the 
knowledge that Internet e-mail is not a 100% secure communications 
medium. We advise that you understand and observe this lack of 
security  when e-mailing us.

Viruses: Although we have taken steps to ensure that this e-mail and 
its attachments are free from any virus, we advise that in keeping 
with  good computing practice the recipient should ensure they are 
actually  virus free
***********************************************************************



More information about the sudo-users mailing list