[sudo-users] Re: restrict passwd command
mfaine at knology.net
Tue Nov 22 12:59:57 EST 2005
Ladner, Eric (Eric.Ladner) wrote:
> You might be better off just leaving the suid bit on the passwd command.
> I don't think the sudoers file macros and wildcarding can do that type
> of substitution.
> -----Original Message-----
> From: sudo-users-bounces at courtesan.com
> [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Mark F
> Sent: Tuesday, November 22, 2005 11:45 AM
> To: sudo-users at sudo.ws
> Subject: [sudo-users] restrict passwd command
> Our policy restricts setuid to as little as possible usage. I've
> removed the setuid permissions from the /bin/passwd as I thought I could
> use it with sudo instead.
> I'd like to allow any user to run passwd but only with an argument that
> is their username.
> Is this possible? or is there a better way?
> sudo-users mailing list <sudo-users at sudo.ws> For list information,
> options, or to unsubscribe, visit:
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
What about a wrapper script that uses $SUDO_USER ?
More information about the sudo-users