[sudo-users] How to disable ( deny ) user to change the password of root
edwardspl at ita.org.mo
edwardspl at ita.org.mo
Wed Nov 19 09:17:40 UTC 2008
Michael Schwendt wrote:
>On Tue, 18 Nov 2008 08:36:56 -0800, Gordon Messmer wrote:
>
>
>
>>passwd-wrapper:
>>#!/bin/sh
>>
>># Validate that a username was given as an argument
>>[ -n "$1" ] || {
>> echo "Use: passwd-wrapper <username>" >&2
>> exit 64
>>}
>>
>># Validate that the username wasn't "root"
>>[ "$1" != "root" ] || {
>> echo "Can't set the root user's password" >&2
>> exit 77
>>}
>>
>># Use -- to make sure that the "username" given wasn't just
>># a switch that passwd would interpret.
>># THIS ONLY WORKS ON GNU SYSTEMS.
>>passwd -- "$1"
>>
>>
>
>Don't let users run this via sudo unless you execute tools with
>absolute path --> /usr/bin/passwd
>
>
>
Hello,
Do you means there is some problem / security with this shell scripts ?
BUT, only some of special user who can running some of cmd via sudo...
eg: System Admin ( manager ) and Support Term...
Thank for your care...
Edward.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20081119/b03745cb/attachment-0001.htm>
More information about the fedora-list
mailing list