not to change root password
Miles, Karl
Karl.Miles at littlewoods.co.uk
Thu Jun 28 03:16:19 EDT 2001
Ronald,
I posted something similar yesterday... Here it is again:
Cmnd_Alias PW=/usr/bin/passwd [!-]?*, /usr/bin/passwd -f?*
Cmnd_Alias PWR=/usr/bin/passwd *root*
HELPDESK ALL=NO PASSWD: PW,!PWR
The PW command alias allows the user to change passwords but with no
switches apart from -f (which on Solaris forces a change at next logon),
and PWR allows the user to change the root password.
MAILACC can run PW but not PWR ! I think this is what you are trying to
achieve. You could do the same for the other commands.
Karl Miles
Computer Security
Littlewoods Retail Limited
+44 (0) 151 235 2760
mailto:karl.miles at littlewoods.co.uk
-----Original Message-----
From: Ronald Warner [mailto:cscrw at mail.dlsu.edu.ph]
Sent: 28 June 2001 02:25
To: sudo-users at courtesan.com
Subject: not to change root password
in /etc/sudoers, we have the following for helpdesk users:
HELPDESK ALL = /root/data/, /usr/bin/passwd, !/usr/bin/passwd root
it seems that though i have specified that they can't run "sudo
passwd root", they can still change root password by running
"sudo passwd". how do i fix this? i want helpdesk to be able to
change other user's passwords but not root's.
thanks.
____________________________________________________________
sudo-users mailing list <sudo-users at courtesan.com>
For list information, options, or to unsubscribe, visit:
http://www.courtesan.com/mailman/listinfo/sudo-users
***********************************************************************
Confidentiality: This e-mail and its attachments are intended for the
above named recipient(s) only and may be confidential and/or
privileged. If they have come to you in error you must take no action
based on them, nor must you copy or disclose them or any part of their
contents to any person or organisation; please reply to this e-mail
and highlight the error immediately and delete this e-mail and its
attachments from your computer system.
Security Warning: Please note that this e-mail has been created in the
knowledge that Internet e-mail is not a 100% secure communications
medium. We advise that you understand and observe this lack of
security when e-mailing us.
Viruses: Although we have taken steps to ensure that this e-mail and
its attachments are free from any virus, we advise that in keeping
with good computing practice the recipient should ensure they are
actually virus free
***********************************************************************
More information about the sudo-users
mailing list