[sudo-users] Re: restrict passwd command
mfaine at knology.net
Tue Nov 22 13:22:05 EST 2005
Russell Van Tassell wrote:
> On Tue, Nov 22, 2005 at 11:59:57AM -0600, Mark F wrote:
>>Ladner, Eric (Eric.Ladner) wrote:
>>>You might be better off just leaving the suid bit on the passwd command.
>>>I don't think the sudoers file macros and wildcarding can do that type
>>What about a wrapper script that uses $SUDO_USER ?
> Then you have to contend with users that do stuff like:
> setenv SUDO_USER mfaine
> sudo passwd mfaine
> ...or similar.
For some reason I thought sudo would ensure that whenever sudo was run
it was run with the correct SUDO_USER environment variable with env_reset.
If I wrote a simple script like:
set the permissions to 700 (root:root)
USERS ALL=(ALL) /bin/change_password
The script would be run like
$ sudo /bin/change_password
How can the user change the SUDO_USER environment variable?
Not arguing your facts, just saying I don't understand.
More information about the sudo-users