Allow a password change to only specific accounts
Miles, Karl
Karl.Miles at littlewoods.co.uk
Fri Sep 21 02:36:55 EDT 2001
Ken,
Try the following command alias:
Cmnd_Alias ACCTS=/usr/sbin/usermod [!-]?*, /usr/sbin/usermod -D?*,
/usr/bin/passwd cdp*, /usr/bin/passwd cmk*
The first entry of ACCTS prevents any switches, the second allows only the
'-D' option. Third and fourth will allow only the
passwords to be reset for 'cdp*' and 'cmk*' accounts. Works for me!
Hope that helps !
Cheers
Karl Miles
Computer Security
Littlewoods Retail Limited
+44 (0) 151 235 2760
mailto:karl.miles at littlewoods.co.uk
-----Original Message-----
From: McCoy Ken - kmccoy [mailto:Ken.McCoy at acxiom.com]
Sent: 20 September 2001 19:48
To: 'sudo-users at courtesan.com'
Subject: Allow a password change to only specific accounts
Hi folks,
Kind of an unusual type change here.
I want to be able to allow a group to only change passwords for user
accounts that begin with the letters cdp and cmk. So far I haven/t figured
it out.
I've tried things like:
Cmnd_Alias ACCTS=/usr/sbin/usermod -D,/usr/bin/passwd c*
Cmnd_Alias ACCTS=/usr/sbin/usermod -D,/usr/bin/passwd [c][d][p]*
Cmnd_Alias ACCTS=/usr/sbin/usermod -D,/usr/bin/passwd c*?
but sudo come back requesting the password and will let me change the
password for any account that I specify.
Any Ideas?
Thanks,
Ken McCoy
Privacy Trailer
The information contained in this communication is confidential, is intended
only for the use of the recipient named above, and may be legally
privileged. If the reader of this message is not the intended recipient,
you are hereby notified that any dissemination, distribution or copying of
this communication is strictly prohibited. If you have received this
communication in error, please
re-send this communication to the sender and delete the original message or
any copy of it from your computer system.
Thank you.
____________________________________________________________
sudo-users mailing list <sudo-users at courtesan.com>
For list information, options, or to unsubscribe, visit:
http://www.courtesan.com/mailman/listinfo/sudo-users
***********************************************************************
Confidentiality: This e-mail and its attachments are intended for the
above named recipient(s) only and may be confidential and/or
privileged. If they have come to you in error you must take no action
based on them, nor must you copy or disclose them or any part of their
contents to any person or organisation; please reply to this e-mail
and highlight the error immediately and delete this e-mail and its
attachments from your computer system.
Security Warning: Please note that this e-mail has been created in the
knowledge that Internet e-mail is not a 100% secure communications
medium. We advise that you understand and observe this lack of
security when e-mailing us.
Viruses: Although we have taken steps to ensure that this e-mail and
its attachments are free from any virus, we advise that in keeping
with good computing practice the recipient should ensure they are
actually virus free
***********************************************************************
More information about the sudo-users
mailing list