[sudo-users] Preventing users from changing their local passwd using sudoers

Klaus Steden klaus.steden at thomson.net
Fri Dec 14 17:55:30 EST 2007 

If you're doing that, why not just call 'yppasswd' transparently?

On 12/14/07 4:18 AM, "Makarand Dongare" <mmdongare at gmail.com>did etch on
stone tablets:

> Easiest way to do this is rename the /usr/bin/passwd to other name and
> put yourown little shell script inside newly created /use/bin/passwd
> which when executed , will display a message to run yppasswd instead
> of regular passwd.
> 
> 
> On 12/13/07, Michael Potter <pottmi at gmail.com> wrote:
>> Chris,
>> 
>> sudo only controls commands that you prefix with sudo.
>> 
>> you could do a
>> sudo chmod go-rwx /usr/bin/passwd
>> to turn off everyone's ability to run passwd except for root.
>> 
>> Please respond back if that helped.
>> --
>> Michael Potter
>> 
>> On Dec 13, 2007 10:08 AM,  <christian.peper at kpn.com> wrote:
>>> Hi everyone,
>>> 
>>> I'm trying to force the users on my (NIS) system to use yppasswd instead
>>> of passwd.
>>> But you could also use this with strong generated passwords that you
>>> don't want your users to change.
>>> 
>>> So I checked 'which passwd' and added lines at the bottom of sudoers.
>>> Easy as pie, right... :( Then what am I missing...?
>>> 
>>> [nisuser at myhost ~]$ id
>>> uid=508(nisuser) gid=100(users) groups=100(users)
>>> [nisuser at myhost ~]$ which passwd
>>> /usr/bin/passwd
>>> [nisuser at myhost ~]$ sudo -l
>>> User nisuser may run the following commands on this host:
>>>     (ALL) NOPASSWD: /bin/mount -o loop /media/cdrom
>>>     (ALL) NOPASSWD: /bin/umount /media/cdrom
>>>     (ALL) !/usr/bin/passwd
>>>     (ALL) !/usr/bin/passwd [a-z]*
>>>     (ALL) /usr/bin/yppasswd
>>>     (ALL) !/usr/bin/yppasswd [a-z]*
>>> [nisuser at myhost ~]$ /usr/bin/passwd
>>> Changing password for user nisuser.
>>> Changing password for nisuser
>>> (current) UNIX password:
>>> 
>>> [nisuser at myhost ~]$ /usr/bin/passwd cpeper
>>> passwd: Only root can specify a user name.
>>> [nisuser at myhost ~]$
>>> 
>>> Any insight much appreciated!
>>> Chris.
>>> ____________________________________________________________
>>> sudo-users mailing list <sudo-users at sudo.ws>
>>> For list information, options, or to unsubscribe, visit:
>>> http://www.sudo.ws/mailman/listinfo/sudo-users
>>> 
>> ____________________________________________________________
>> sudo-users mailing list <sudo-users at sudo.ws>
>> For list information, options, or to unsubscribe, visit:
>> http://www.sudo.ws/mailman/listinfo/sudo-users
>> 
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list