HPE Community
Operating System - HP-UX
1827757 Members
3172 Online
109969 Solutions
New Discussion

using sudo with passwd

 
SOLVED
Go to solution
Todd McDaniel_1
Honored Contributor

‎10-02-2003 02:43 AM

‎10-02-2003 02:43 AM

using sudo with passwd

I have a strange problem after restricting passwd to root only.

I locked the passwd command so only root can use it and I granted sudo to a few application users who have a nologin login shell... so that they can change the applicaiton password with out me doing it. by loging in as themselves then su over to the oracle user with password.

However, when they use sudo, IF they only type "sudo passwd", It allows them to change the ROOT PASSWD... and instead of the oracle

They must use "sudo passwd oracle", in order to change the oracle passwd and not the root passwd.

Here is my question.... Is there a way to give them the passwd command and or prevent sudo from allowing them to change the root passwd?


Unix, the other white meat.
0 Kudos
Reply
5 REPLIES 5
Brian Bergstrand
Honored Contributor

‎10-02-2003 02:47 AM

‎10-02-2003 02:47 AM

Solution

Re: using sudo with passwd

Yes. Simply add 'oracle' onto the passwd command.

So for the user group the command would be

passwd oracle

This will then restrict them to running passwd only with oracle as an argument.

Check out the sudoers man page for more info on restricting by command args.

HTH.
Reply
Todd McDaniel_1
Honored Contributor

‎10-02-2003 02:51 AM

‎10-02-2003 02:51 AM

Re: using sudo with passwd

Are you saying that in the /etc/sudoers file that I make it say?




oracle ALL=(ALL) NOPASSWD:/usr/bin/passwd oracle






So that they must enter this complete line in order for sudo to work for them?
Unix, the other white meat.
0 Kudos
Reply
Umapathy S
Honored Contributor

‎10-02-2003 02:59 AM

‎10-02-2003 02:59 AM

Re: using sudo with passwd

I have few doubts.
If those few users have a nologin login shell, how they are entering into the system. If there is no valid shell how can they run the su command itself.

sudo allows users to run certain commands as root. So obviously passwd is being run as root and the root passwd is changed. So, you have to change the sudoers file as you have mentioned only.

HTH,
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
Brian Bergstrand
Honored Contributor

‎10-02-2003 03:00 AM

‎10-02-2003 03:00 AM

Re: using sudo with passwd

Yes. 'man sudoers' describes the exact details as I'm just going from memory. But I think that is all you need. If they enter just 'passwd' or 'passwd root' or 'passwd joe' sudo will deny them access.

HTH.
0 Kudos
Reply
Todd McDaniel_1
Honored Contributor

‎10-02-2003 03:02 AM

‎10-02-2003 03:02 AM

Re: using sudo with passwd

I may have misspoke...

The users login as themselves with SecurID login then with password over to Oracle...nologin is so that oracle can't be logged in directly.

Thanks for the help.
Unix, the other white meat.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.