[sudo-users] Only change a password for a specific account

mlh at zip.com.au mlh at zip.com.au
Sun Apr 3 05:44:14 EDT 2005

On Thu, 31 Mar 2005 11:52:44 -0600
"Cruse, Kevin" <k-cruse at ti.com> wrote:

> Hello,
> I am wanting to set up my sudoers file so a particular user can only
> change the password on a particular account, will the following example
> work?
> Cmnd_Alias      ACCTS=/usr/sbin/usermod [!-]?*, /usr/sbin/usermod -D?*,
> /usr/bin/passwd <accountname to change>
> # Application account for User
> <Personal account name>  <host>=ACCTS

1. Why the usermod lines, if you only want to change passwords?

2. Also,  using filepatterns for args is fraught with pitfalls.  If you
really need to allow usermodding with a variety of arguments, you should
enumerate all the possibilities, or write a restrictive wrapper, and allow
sudo access to the wrapper only.


More information about the sudo-users mailing list