[sudo-users] How to disable ( deny ) user to change the password of root
Michael Schwendt
mschwendt at gmail.com
Wed Nov 19 08:39:55 UTC 2008
On Tue, 18 Nov 2008 08:36:56 -0800, Gordon Messmer wrote:
> passwd-wrapper:
> #!/bin/sh
>
> # Validate that a username was given as an argument
> [ -n "$1" ] || {
> echo "Use: passwd-wrapper <username>" >&2
> exit 64
> }
>
> # Validate that the username wasn't "root"
> [ "$1" != "root" ] || {
> echo "Can't set the root user's password" >&2
> exit 77
> }
>
> # Use -- to make sure that the "username" given wasn't just
> # a switch that passwd would interpret.
> # THIS ONLY WORKS ON GNU SYSTEMS.
> passwd -- "$1"
Don't let users run this via sudo unless you execute tools with
absolute path --> /usr/bin/passwd
More information about the fedora-list
mailing list