From owner-freebsd-questions@FreeBSD.ORG Fri May 26 00:58:35 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3222E16AA69 for ; Fri, 26 May 2006 00:53:31 +0000 (UTC) (envelope-from mikhailg@webanoide.org) Received: from cayster.site5.com (cayster.multisite.site5.com [216.118.97.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3712C43DA2 for ; Fri, 26 May 2006 00:53:04 +0000 (GMT) (envelope-from mikhailg@webanoide.org) Received: from ppp110-20.lns1.hba1.internode.on.net ([150.101.110.20] helo=[192.168.0.4]) by cayster.site5.com with esmtpa (Exim 4.52) id 1FjQZU-0007H1-Lx; Thu, 25 May 2006 20:52:58 -0400 Message-ID: <44765165.4060702@webanoide.org> Date: Fri, 26 May 2006 10:52:53 +1000 From: Mikhail Goriachev Organization: Webanoide User-Agent: Thunderbird 1.5.0.2 (Macintosh/20060308) MIME-Version: 1.0 To: Sean Murphy References: <44763C47.8020706@calarts.edu> In-Reply-To: <44763C47.8020706@calarts.edu> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Antivirus-Scanner: This message has been scanned by ClamAV. X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cayster.site5.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - webanoide.org X-Source: X-Source-Args: X-Source-Dir: Cc: "'freebsd-questions@freebsd.org'" Subject: Re: SUDO Help password change deligation question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2006 00:58:36 -0000 Sean Murphy wrote: > I would like to not give root access but enable a user account (not in > wheel) to change user passwords with passwd username command. I just > would like to delegate the password changing ability to someone else but > not give them super user privileges other then passwd. Would this be > something sudo can do? can you restrict what accounts passwords they > can change for instance everyone but system root and my account? Yes, sudo can limit the access of what to execute. However, I'd write my own little script (passwd wrapper) that checks whose account is being modified. Then you can prevent misuse. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: mikhailg@webanoide.org Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B