[sudo-users] Preventing users from changing their local passwd using sudoers
Makarand Dongare
mmdongare at gmail.com
Fri Dec 14 07:18:33 EST 2007
Easiest way to do this is rename the /usr/bin/passwd to other name and
put yourown little shell script inside newly created /use/bin/passwd
which when executed , will display a message to run yppasswd instead
of regular passwd.
On 12/13/07, Michael Potter <pottmi at gmail.com> wrote:
> Chris,
>
> sudo only controls commands that you prefix with sudo.
>
> you could do a
> sudo chmod go-rwx /usr/bin/passwd
> to turn off everyone's ability to run passwd except for root.
>
> Please respond back if that helped.
> --
> Michael Potter
>
> On Dec 13, 2007 10:08 AM, <christian.peper at kpn.com> wrote:
> > Hi everyone,
> >
> > I'm trying to force the users on my (NIS) system to use yppasswd instead
> > of passwd.
> > But you could also use this with strong generated passwords that you
> > don't want your users to change.
> >
> > So I checked 'which passwd' and added lines at the bottom of sudoers.
> > Easy as pie, right... :( Then what am I missing...?
> >
> > [nisuser at myhost ~]$ id
> > uid=508(nisuser) gid=100(users) groups=100(users)
> > [nisuser at myhost ~]$ which passwd
> > /usr/bin/passwd
> > [nisuser at myhost ~]$ sudo -l
> > User nisuser may run the following commands on this host:
> > (ALL) NOPASSWD: /bin/mount -o loop /media/cdrom
> > (ALL) NOPASSWD: /bin/umount /media/cdrom
> > (ALL) !/usr/bin/passwd
> > (ALL) !/usr/bin/passwd [a-z]*
> > (ALL) /usr/bin/yppasswd
> > (ALL) !/usr/bin/yppasswd [a-z]*
> > [nisuser at myhost ~]$ /usr/bin/passwd
> > Changing password for user nisuser.
> > Changing password for nisuser
> > (current) UNIX password:
> >
> > [nisuser at myhost ~]$ /usr/bin/passwd cpeper
> > passwd: Only root can specify a user name.
> > [nisuser at myhost ~]$
> >
> > Any insight much appreciated!
> > Chris.
> > ____________________________________________________________
> > sudo-users mailing list <sudo-users at sudo.ws>
> > For list information, options, or to unsubscribe, visit:
> > http://www.sudo.ws/mailman/listinfo/sudo-users
> >
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list