[sudo-users] Preventing users from changing their local passwd using sudoers
Makarand Dongare
mmdongare at gmail.com
Fri Dec 14 18:40:46 EST 2007
I suggested one way. There are always more than one way to attack the
issue. Your way is also good. No argument here.
Thanks
On 12/14/07, Klaus Steden <klaus.steden at thomson.net> wrote:
>
> If you're doing that, why not just call 'yppasswd' transparently?
>
> On 12/14/07 4:18 AM, "Makarand Dongare" <mmdongare at gmail.com>did etch on
> stone tablets:
>
> > Easiest way to do this is rename the /usr/bin/passwd to other name and
> > put yourown little shell script inside newly created /use/bin/passwd
> > which when executed , will display a message to run yppasswd instead
> > of regular passwd.
> >
> >
> > On 12/13/07, Michael Potter <pottmi at gmail.com> wrote:
> >> Chris,
> >>
> >> sudo only controls commands that you prefix with sudo.
> >>
> >> you could do a
> >> sudo chmod go-rwx /usr/bin/passwd
> >> to turn off everyone's ability to run passwd except for root.
> >>
> >> Please respond back if that helped.
> >> --
> >> Michael Potter
> >>
> >> On Dec 13, 2007 10:08 AM, <christian.peper at kpn.com> wrote:
> >>> Hi everyone,
> >>>
> >>> I'm trying to force the users on my (NIS) system to use yppasswd instead
> >>> of passwd.
> >>> But you could also use this with strong generated passwords that you
> >>> don't want your users to change.
> >>>
> >>> So I checked 'which passwd' and added lines at the bottom of sudoers.
> >>> Easy as pie, right... :( Then what am I missing...?
> >>>
> >>> [nisuser at myhost ~]$ id
> >>> uid=508(nisuser) gid=100(users) groups=100(users)
> >>> [nisuser at myhost ~]$ which passwd
> >>> /usr/bin/passwd
> >>> [nisuser at myhost ~]$ sudo -l
> >>> User nisuser may run the following commands on this host:
> >>> (ALL) NOPASSWD: /bin/mount -o loop /media/cdrom
> >>> (ALL) NOPASSWD: /bin/umount /media/cdrom
> >>> (ALL) !/usr/bin/passwd
> >>> (ALL) !/usr/bin/passwd [a-z]*
> >>> (ALL) /usr/bin/yppasswd
> >>> (ALL) !/usr/bin/yppasswd [a-z]*
> >>> [nisuser at myhost ~]$ /usr/bin/passwd
> >>> Changing password for user nisuser.
> >>> Changing password for nisuser
> >>> (current) UNIX password:
> >>>
> >>> [nisuser at myhost ~]$ /usr/bin/passwd cpeper
> >>> passwd: Only root can specify a user name.
> >>> [nisuser at myhost ~]$
> >>>
> >>> Any insight much appreciated!
> >>> Chris.
> >>> ____________________________________________________________
> >>> sudo-users mailing list <sudo-users at sudo.ws>
> >>> For list information, options, or to unsubscribe, visit:
> >>> http://www.sudo.ws/mailman/listinfo/sudo-users
> >>>
> >> ____________________________________________________________
> >> sudo-users mailing list <sudo-users at sudo.ws>
> >> For list information, options, or to unsubscribe, visit:
> >> http://www.sudo.ws/mailman/listinfo/sudo-users
> >>
> > ____________________________________________________________
> > sudo-users mailing list <sudo-users at sudo.ws>
> > For list information, options, or to unsubscribe, visit:
> > http://www.sudo.ws/mailman/listinfo/sudo-users
>
>
More information about the sudo-users
mailing list