!passwd root revisited

Steve Magee smagee at arb.ca.gov
Mon Dec 8 15:13:04 EST 2003


Running sudo 1.6.6-3, RH 9

Applied the following to my /etc/sudoers file...

Cmnd_Alias      PASSWD   = /usr/bin/passwd, !/usr/bin/passwd root
No "Defaults" used or implemented.
%webadmin  WEBNET=NOPASSWD: PASSWD

>From the command line, the "!/usr/bin/passwd root" prohibits
users in the %webadmin group to change root's password.

>From within a script or the command line in this contexts, it fails.

Logged in as myself and in the webadmin group, I issue the following...

$ password="yourallmine"
$ userid="root"
$ echo $password | sudo passwd --stdin $userid

Read just about every article and found nothing addressing the 
issue of using variables in the line instead of literials.  

Is there a way to restrict the sudo passwd command to just groups?

Thanks in advance,
Steve


More information about the sudo-users mailing list