Password
mlh at zip.com.au
mlh at zip.com.au
Fri Feb 1 05:08:20 EST 2002
That's not enough for many unices, as you'll
need to prevent the changing of passwords
for some accounts such as "bin". These system
type accounts can often be leveraged into root
access.
I think you need a wrapper.
-Matt
Quoting Tim Olson <tim at 5000feet.com>:
> Here's an example I used:
>
> Cmnd_Alias PASSWORD = /usr/bin/passwd [A-z]*, !/usr/bin/passwd
> root, \
> !/usr/bin/passwd someone, !/usr/bin/passwd
> thatguy, \
> !/usr/bin/passwd superman
>
> It allows you to change anyones password, but doesn't allow you to
> change "root", "someone", "thatguy", or "superman".
>
> Tim
>
> "Sheahan, Tram Hoang (DIS)" wrote:
> >
> > Is there a way to configure one user in the sudo file to be able to
> change
> > passwords for only SPECIFIC users? I want this user to change
> passwords for
> > a group of users, but I don't want this user to be able to change root
> or
> > any other users that are not specified for this user to change. Can
> sudo do
> > this?
> >
> > Thank you
> >
> > Tram Hoang
> > Tramh at dis.wa.gov
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list