[sudo-users] useradd/mod not allowing root group

Edilmar Alves - Lista edilista at fes.br
Wed Nov 24 18:07:48 EST 2004


Hi,

I put this rule for a user with some "power-admin" resources:
User_Alias      USERS = edilmar
Cmnd_Alias      USERMAN =       /usr/sbin/useradd, /usr/sbin/userdel,
/usr/sbin/usermod
USERS ALL = NOPASSWD: USERMAN
but the "edilmar" user can do this:
usermod -G root edilmar
or
usermod -G othergroup,root edilmar

I want to allow "edilmar" to use the "usermod" command to test this with
many users, because this config is for students. But I don't want to
allow him to become root.

Is there some rule to do this?
Something like:
Cmnd_Alias      USERMAN =       /usr/sbin/useradd, /usr/sbin/userdel,
/usr/sbin/usermod, !/usr/sbin/usermod ANYTHING_WITH_ROOT_IN_THE_STRING

I found this rule for passwd that do something like for passwd:
Cmnd_Alias      PASSWD =        /usr/bin/passwd [A-z]*, !/usr/bin/passwd
root

but this is easier because passwd only have one parameter for user
name... and usermod may have the word root at many places.




____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users






More information about the sudo-users mailing list