[sudo-users] Preventing users from changing their local passwd using sudoers
Michael Potter
pottmi at gmail.com
Thu Dec 13 21:06:26 EST 2007
Chris,
sudo only controls commands that you prefix with sudo.
you could do a
sudo chmod go-rwx /usr/bin/passwd
to turn off everyone's ability to run passwd except for root.
Please respond back if that helped.
--
Michael Potter
On Dec 13, 2007 10:08 AM, <christian.peper at kpn.com> wrote:
> Hi everyone,
>
> I'm trying to force the users on my (NIS) system to use yppasswd instead
> of passwd.
> But you could also use this with strong generated passwords that you
> don't want your users to change.
>
> So I checked 'which passwd' and added lines at the bottom of sudoers.
> Easy as pie, right... :( Then what am I missing...?
>
> [nisuser at myhost ~]$ id
> uid=508(nisuser) gid=100(users) groups=100(users)
> [nisuser at myhost ~]$ which passwd
> /usr/bin/passwd
> [nisuser at myhost ~]$ sudo -l
> User nisuser may run the following commands on this host:
> (ALL) NOPASSWD: /bin/mount -o loop /media/cdrom
> (ALL) NOPASSWD: /bin/umount /media/cdrom
> (ALL) !/usr/bin/passwd
> (ALL) !/usr/bin/passwd [a-z]*
> (ALL) /usr/bin/yppasswd
> (ALL) !/usr/bin/yppasswd [a-z]*
> [nisuser at myhost ~]$ /usr/bin/passwd
> Changing password for user nisuser.
> Changing password for nisuser
> (current) UNIX password:
>
> [nisuser at myhost ~]$ /usr/bin/passwd cpeper
> passwd: Only root can specify a user name.
> [nisuser at myhost ~]$
>
> Any insight much appreciated!
> Chris.
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list