[TriLUG] 'sudo' access to passwd program
Mike Johnson
mike at enoch.org
Tue Jan 13 15:39:51 EST 2004
Jeremy Portzer [jeremyp at pobox.com] wrote:
> Hello,
>
> Here at the community college, I would like to give an instructor access
> to change student passwords on a server that's set aside for student
> use. However, if I give him 'sudo' access to the passwd command, he
> would be able to change the root password and my password, which I don't
> want. But I feel confident enough* to allow him to change any student
> password. Any ideas on how to do that without a complex script or
> program?
RTFM.
From man sudoers(5):
pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
The user pete is allowed to change anyone's password except for
root on the HPPA machines. Note that this assumes passwd(1) does
not take multiple usernames on the command line
And my rh9 box doesn't allow multiple usernames:
# passwd apache ntp
passwd: Only one user name may be specified.
Mike
--
"If life hands you lemons, YOU BLOW THOSE LEMONS TO BITS WITH
YOUR LASER CANNONS!" -- Brak
GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040113/9aa9287e/attachment.pgp>
More information about the TriLUG
mailing list