June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
5.12. Authorizing Password Changes via sudo
Problem
You want to permit a user to change the passwords of certain other users.
Solution
To permit smith to change the passwords of jones, chu, and agarwal:
/etc/sudoers:
smith ALL = NOPASSWD: \
/usr/bin/passwd jones, \
/usr/bin/passwd chu, \
/usr/bin/passwd agarwalThe NOPASSWD tag is optional, for convenience.
[Recipe 5.4]
Discussion
As another example, permit a professor to change passwords for her students, whose logins are student00, student01, student02,...up to student99.
/etc/sudoers:
prof ALL = NOPASSWD: /usr/bin/passwd student[0-9][0-9]Note that this uses shell-style wildcard expansion; see sudoers(5) for the full syntax.
See Also
sudo(8), sudoers(5).