[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [sudo-users] How to disable ( deny ) user to change the password of root



On Tue, 18 Nov 2008 08:36:56 -0800, Gordon Messmer wrote:

> passwd-wrapper:
> #!/bin/sh
> 
> # Validate that a username was given as an argument
> [ -n "$1" ] || {
> 	echo "Use: passwd-wrapper <username>" >&2
> 	exit 64
> }
> 
> # Validate that the username wasn't "root"
> [ "$1" != "root" ] || {
> 	echo "Can't set the root user's password" >&2
> 	exit 77
> }
> 
> # Use -- to make sure that the "username" given wasn't just
> # a switch that passwd would interpret.
> # THIS ONLY WORKS ON GNU SYSTEMS.
> passwd -- "$1"

Don't let users run this via sudo unless you execute tools with
absolute path --> /usr/bin/passwd  


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]