[TriLUG] 'sudo' access to passwd program

Jon Carnes jonc at nc.rr.com
Tue Jan 13 16:03:28 EST 2004


On Tue, 2004-01-13 at 15:10, Jeremy Portzer wrote:
> Hello,
> 
> Here at the community college, I would like to give an instructor access
> to change student passwords on a server that's set aside for student
> use.  However, if I give him 'sudo' access to the passwd command, he
> would be able to change the root password and my password, which I don't
> want.  But I feel confident enough* to allow him to change any student
> password.  Any ideas on how to do that without a complex script or
> program?
> 
> --Jeremy
> 
> * Yeah, maybe not the best idea, but I'll give it a try for a semester.

If you don't want to use sudo, then download and install cgipaf.  It's a
web-based program and easy to modify.  It's design is to allow folks to
change their passwords via a web-page, but it's easily adaptable to this
situation as well.

The script checks the users UID and will reject any change if it is
below a specified number (like 400).  So it will not allow anyone to
modify root password or any system user's password.

The program also has some nice logging so you can trace where the
request came from (the ip address of the request location).

Take care - Jon




More information about the TriLUG mailing list