[sudo-users] Only change a password for a specific account
mlh at zip.com.au
mlh at zip.com.au
Sun Apr 3 05:44:14 EDT 2005
On Thu, 31 Mar 2005 11:52:44 -0600
"Cruse, Kevin" <k-cruse at ti.com> wrote:
> Hello,
> I am wanting to set up my sudoers file so a particular user can only
> change the password on a particular account, will the following example
> work?
>
> Cmnd_Alias ACCTS=/usr/sbin/usermod [!-]?*, /usr/sbin/usermod -D?*,
> /usr/bin/passwd <accountname to change>
>
> # Application account for User
> <Personal account name> <host>=ACCTS
1. Why the usermod lines, if you only want to change passwords?
2. Also, using filepatterns for args is fraught with pitfalls. If you
really need to allow usermodding with a variety of arguments, you should
enumerate all the possibilities, or write a restrictive wrapper, and allow
sudo access to the wrapper only.
Matt
More information about the sudo-users
mailing list