Allow a password change to only specific accounts

Miles, Karl Karl.Miles at
Fri Sep 21 02:36:55 EDT 2001


Try the following command alias:

Cmnd_Alias	ACCTS=/usr/sbin/usermod [!-]?*, /usr/sbin/usermod -D?*,
/usr/bin/passwd cdp*, /usr/bin/passwd cmk*

The first entry of ACCTS prevents any switches, the second allows only the
'-D' option.  Third and fourth will allow only the
passwords to be reset for 'cdp*' and 'cmk*' accounts.  Works for me!

Hope that helps !


Karl Miles
Computer Security
Littlewoods Retail Limited
+44 (0) 151 235 2760
mailto:karl.miles at

-----Original Message-----
From: McCoy Ken - kmccoy [mailto:Ken.McCoy at]
Sent: 20 September 2001 19:48
To: 'sudo-users at'
Subject: Allow a password change to only specific accounts

Hi folks, 
Kind of an unusual type change here.

I want to be able to allow a group to only change passwords for user
accounts that begin with the letters cdp and cmk. So far I haven/t figured
it out.

I've tried things like:

Cmnd_Alias      ACCTS=/usr/sbin/usermod -D,/usr/bin/passwd c*

Cmnd_Alias      ACCTS=/usr/sbin/usermod -D,/usr/bin/passwd [c][d][p]*

Cmnd_Alias      ACCTS=/usr/sbin/usermod -D,/usr/bin/passwd c*?

but sudo come back requesting the password and will let me change the
password for any account that I specify.

Any Ideas?

Ken McCoy

Privacy Trailer

The information contained in this communication is confidential, is intended
only for the use of the recipient named above, and may be legally
privileged.  If the reader of this message is not the intended recipient,
you are hereby notified that any dissemination, distribution or copying of
this communication is strictly prohibited.  If you have received this
communication in error, please 
re-send this communication to the sender and delete the original message or
any copy of it from your computer system.
Thank you. 

sudo-users mailing list <sudo-users at>
For list information, options, or to unsubscribe, visit:

Confidentiality: This e-mail and its attachments are intended for the
above named recipient(s) only and may be confidential and/or
privileged. If they have come to you in error you must take no action 
based on them, nor must you copy or disclose them or any part of their 
contents to any person or organisation; please reply to this e-mail 
and highlight the error immediately and delete this e-mail and its 
attachments from your computer system.

Security Warning: Please note that this e-mail has been created in the 
knowledge that Internet e-mail is not a 100% secure communications 
medium. We advise that you understand and observe this lack of 
security  when e-mailing us.

Viruses: Although we have taken steps to ensure that this e-mail and 
its attachments are free from any virus, we advise that in keeping 
with  good computing practice the recipient should ensure they are 
actually  virus free

More information about the sudo-users mailing list