[sudo-users] Preventing users from changing their local passwd using sudoers
Klaus Steden
klaus.steden at thomson.net
Fri Dec 14 17:55:30 EST 2007
If you're doing that, why not just call 'yppasswd' transparently?
On 12/14/07 4:18 AM, "Makarand Dongare" <mmdongare at gmail.com>did etch on
stone tablets:
> Easiest way to do this is rename the /usr/bin/passwd to other name and
> put yourown little shell script inside newly created /use/bin/passwd
> which when executed , will display a message to run yppasswd instead
> of regular passwd.
>
>
> On 12/13/07, Michael Potter <pottmi at gmail.com> wrote:
>> Chris,
>>
>> sudo only controls commands that you prefix with sudo.
>>
>> you could do a
>> sudo chmod go-rwx /usr/bin/passwd
>> to turn off everyone's ability to run passwd except for root.
>>
>> Please respond back if that helped.
>> --
>> Michael Potter
>>
>> On Dec 13, 2007 10:08 AM, <christian.peper at kpn.com> wrote:
>>> Hi everyone,
>>>
>>> I'm trying to force the users on my (NIS) system to use yppasswd instead
>>> of passwd.
>>> But you could also use this with strong generated passwords that you
>>> don't want your users to change.
>>>
>>> So I checked 'which passwd' and added lines at the bottom of sudoers.
>>> Easy as pie, right... :( Then what am I missing...?
>>>
>>> [nisuser at myhost ~]$ id
>>> uid=508(nisuser) gid=100(users) groups=100(users)
>>> [nisuser at myhost ~]$ which passwd
>>> /usr/bin/passwd
>>> [nisuser at myhost ~]$ sudo -l
>>> User nisuser may run the following commands on this host:
>>> (ALL) NOPASSWD: /bin/mount -o loop /media/cdrom
>>> (ALL) NOPASSWD: /bin/umount /media/cdrom
>>> (ALL) !/usr/bin/passwd
>>> (ALL) !/usr/bin/passwd [a-z]*
>>> (ALL) /usr/bin/yppasswd
>>> (ALL) !/usr/bin/yppasswd [a-z]*
>>> [nisuser at myhost ~]$ /usr/bin/passwd
>>> Changing password for user nisuser.
>>> Changing password for nisuser
>>> (current) UNIX password:
>>>
>>> [nisuser at myhost ~]$ /usr/bin/passwd cpeper
>>> passwd: Only root can specify a user name.
>>> [nisuser at myhost ~]$
>>>
>>> Any insight much appreciated!
>>> Chris.
>>> ____________________________________________________________
>>> sudo-users mailing list <sudo-users at sudo.ws>
>>> For list information, options, or to unsubscribe, visit:
>>> http://www.sudo.ws/mailman/listinfo/sudo-users
>>>
>> ____________________________________________________________
>> sudo-users mailing list <sudo-users at sudo.ws>
>> For list information, options, or to unsubscribe, visit:
>> http://www.sudo.ws/mailman/listinfo/sudo-users
>>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list