sudoer - permitindo que o usuário altere a senha de todas as contas, exceto as específicas

1

Eu adicionei um usuário a sudoers e ele é permitido para:

$ sudo -ll|grep passwd
        !/bin/passwd root
        !/bin/passwd bin
        !/bin/passwd daemon
        !/bin/passwd adm
        !/bin/passwd lp
        !/bin/passwd sync
        !/bin/passwd shutdown
        !/bin/passwd halt
        !/bin/passwd mail
        !/bin/passwd uucp
        !/bin/passwd operator
        !/bin/passwd games
        !/bin/passwd gopher
        !/bin/passwd ftp
        !/bin/passwd nobody
        !/bin/passwd dbus
        !/bin/passwd vcsa
        !/bin/passwd abrt
        !/bin/passwd haldaemon
        !/bin/passwd ntp
        !/bin/passwd saslauth
        !/bin/passwd postfix
        !/bin/passwd sshd
        !/bin/passwd nscd
        !/bin/passwd nagios
        !/bin/passwd nrpe
        !/bin/passwd tcpdump
        /bin/passwd *

Mas esse sudoer não impede a alteração, por exemplo, das senhas do root por esse usuário:

$ sudo /bin/passwd root
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

alguma ideia porque "! / bin / passwd root" não faz trabalho aqui?

Atenciosamente,

UPDATE (e solução):

isso resolveu meu problema:

$ sudo -ll|grep passwd
        /bin/passwd *
        !/bin/passwd -*
        !/bin/passwd root
        !/bin/passwd root -*
        !/bin/passwd bin
        !/bin/passwd bin -*
        !/bin/passwd daemon
        !/bin/passwd daemon -*
        !/bin/passwd adm
        !/bin/passwd adm -*
        !/bin/passwd lp
        !/bin/passwd lp -*
        !/bin/passwd sync
        !/bin/passwd sync -*
        !/bin/passwd shutdown
        !/bin/passwd shutdown -*
        !/bin/passwd halt
        !/bin/passwd halt -*
        !/bin/passwd mail
        !/bin/passwd mail -*
        !/bin/passwd uucp
        !/bin/passwd uucp -*
        !/bin/passwd operator
        !/bin/passwd operator -*
        !/bin/passwd games
        !/bin/passwd games -*
        !/bin/passwd gopher
        !/bin/passwd gopher -*
        !/bin/passwd ftp
        !/bin/passwd ftp -*
        !/bin/passwd nobody
        !/bin/passwd nobody -*
        !/bin/passwd dbus
        !/bin/passwd dbus -*
        !/bin/passwd vcsa
        !/bin/passwd vcsa -*
        !/bin/passwd abrt
        !/bin/passwd abrt -*
        !/bin/passwd haldaemon
        !/bin/passwd haldaemon -*
        !/bin/passwd ntp
        !/bin/passwd ntp -*
        !/bin/passwd saslauth
        !/bin/passwd saslauth -*
        !/bin/passwd postfix
        !/bin/passwd postfix -*
        !/bin/passwd sshd
        !/bin/passwd sshd -*
        !/bin/passwd nscd
        !/bin/passwd nscd -*
        !/bin/passwd nagios
        !/bin/passwd nagios -*
        !/bin/passwd nrpe
        !/bin/passwd nrpe -*
        !/bin/passwd tcpdump
        !/bin/passwd tcpdump -*
    
por DonJ 14.11.2017 / 10:34

0 respostas

Tags