Eu adicionei um usuário a sudoers e ele é permitido para:
$ sudo -ll|grep passwd
!/bin/passwd root
!/bin/passwd bin
!/bin/passwd daemon
!/bin/passwd adm
!/bin/passwd lp
!/bin/passwd sync
!/bin/passwd shutdown
!/bin/passwd halt
!/bin/passwd mail
!/bin/passwd uucp
!/bin/passwd operator
!/bin/passwd games
!/bin/passwd gopher
!/bin/passwd ftp
!/bin/passwd nobody
!/bin/passwd dbus
!/bin/passwd vcsa
!/bin/passwd abrt
!/bin/passwd haldaemon
!/bin/passwd ntp
!/bin/passwd saslauth
!/bin/passwd postfix
!/bin/passwd sshd
!/bin/passwd nscd
!/bin/passwd nagios
!/bin/passwd nrpe
!/bin/passwd tcpdump
/bin/passwd *
Mas esse sudoer não impede a alteração, por exemplo, das senhas do root por esse usuário:
$ sudo /bin/passwd root
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
alguma ideia porque "! / bin / passwd root" não faz trabalho aqui?
Atenciosamente,
UPDATE (e solução):
isso resolveu meu problema:
$ sudo -ll|grep passwd
/bin/passwd *
!/bin/passwd -*
!/bin/passwd root
!/bin/passwd root -*
!/bin/passwd bin
!/bin/passwd bin -*
!/bin/passwd daemon
!/bin/passwd daemon -*
!/bin/passwd adm
!/bin/passwd adm -*
!/bin/passwd lp
!/bin/passwd lp -*
!/bin/passwd sync
!/bin/passwd sync -*
!/bin/passwd shutdown
!/bin/passwd shutdown -*
!/bin/passwd halt
!/bin/passwd halt -*
!/bin/passwd mail
!/bin/passwd mail -*
!/bin/passwd uucp
!/bin/passwd uucp -*
!/bin/passwd operator
!/bin/passwd operator -*
!/bin/passwd games
!/bin/passwd games -*
!/bin/passwd gopher
!/bin/passwd gopher -*
!/bin/passwd ftp
!/bin/passwd ftp -*
!/bin/passwd nobody
!/bin/passwd nobody -*
!/bin/passwd dbus
!/bin/passwd dbus -*
!/bin/passwd vcsa
!/bin/passwd vcsa -*
!/bin/passwd abrt
!/bin/passwd abrt -*
!/bin/passwd haldaemon
!/bin/passwd haldaemon -*
!/bin/passwd ntp
!/bin/passwd ntp -*
!/bin/passwd saslauth
!/bin/passwd saslauth -*
!/bin/passwd postfix
!/bin/passwd postfix -*
!/bin/passwd sshd
!/bin/passwd sshd -*
!/bin/passwd nscd
!/bin/passwd nscd -*
!/bin/passwd nagios
!/bin/passwd nagios -*
!/bin/passwd nrpe
!/bin/passwd nrpe -*
!/bin/passwd tcpdump
!/bin/passwd tcpdump -*