[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [sudo-users] How to disable ( deny ) user to change the password of root



On Wed, 19 Nov 2008 12:52:30 +0800, edwardspl wrote:

> Dear All,
> 
> For /usr/bin/upasswd :
> 
> #!/bin/sh
> 
> # Validate that a username was given as an argument
> [ -n "$1" ] || {
> echo "Use: upasswd <username>" >&2
> exit 64
> }
> 
> # Validate that the username wasn't "root"
> [ "$1" != "root" ] || {
> echo "Can't set the root user's password" >&2
> exit 77
> }
> 
> # Use -- to make sure that the "username" given wasn't just
> # a switch that passwd would interpret.
> # THIS ONLY WORKS ON GNU SYSTEMS.
> passwd -- "$1"
> 
> For visudo :
> SYSADM MH = (ALL) /usr/bin/upasswd

Even if you rely on sudo's default environment variables restrictions and
safety checks, prefer absolute paths when executing tools like
/usr/bin/passwd


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]