[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [sudo-users] How to disable ( deny ) user to change the password of root



Michael Schwendt wrote:
On Tue, 18 Nov 2008 08:36:56 -0800, Gordon Messmer wrote:

  
passwd-wrapper:
#!/bin/sh

# Validate that a username was given as an argument
[ -n "$1" ] || {
	echo "Use: passwd-wrapper <username>" >&2
	exit 64
}

# Validate that the username wasn't "root"
[ "$1" != "root" ] || {
	echo "Can't set the root user's password" >&2
	exit 77
}

# Use -- to make sure that the "username" given wasn't just
# a switch that passwd would interpret.
# THIS ONLY WORKS ON GNU SYSTEMS.
passwd -- "$1"
    

Don't let users run this via sudo unless you execute tools with
absolute path --> /usr/bin/passwd  

  
Hello,

Do you means there is some problem / security with this shell scripts ?
BUT, only some of special user who can running some of cmd via sudo...
eg: System Admin ( manager ) and Support Term...

Thank for your care...

Edward.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]