!passwd root revisited
Steve Magee
smagee at arb.ca.gov
Mon Dec 8 15:13:04 EST 2003
Running sudo 1.6.6-3, RH 9
Applied the following to my /etc/sudoers file...
Cmnd_Alias PASSWD = /usr/bin/passwd, !/usr/bin/passwd root
No "Defaults" used or implemented.
%webadmin WEBNET=NOPASSWD: PASSWD
>From the command line, the "!/usr/bin/passwd root" prohibits
users in the %webadmin group to change root's password.
>From within a script or the command line in this contexts, it fails.
Logged in as myself and in the webadmin group, I issue the following...
$ password="yourallmine"
$ userid="root"
$ echo $password | sudo passwd --stdin $userid
Read just about every article and found nothing addressing the
issue of using variables in the line instead of literials.
Is there a way to restrict the sudo passwd command to just groups?
Thanks in advance,
Steve
More information about the sudo-users
mailing list