[827] in linux-security and linux-alert archive
[linux-security] sudo limiting
daemon@ATHENA.MIT.EDU (Blue)
Wed Jun 19 14:43:53 1996
From: Blue <blue@buttercup.cybernex.net>
To: linux-security@tarsier.cv.nrao.edu
Date: Tue, 18 Jun 1996 17:19:49 -0400 (EDT)
Greetings,
The recent thread on sudo has brought a question to me for practical usage.
How to implement administrative accounts which have the permission to
create or change passwords of arbitary users, without having access to
change the root password.
I was implementing user adding facilities for a small group whom still
should not have root access via sudo and realized that they could just
change the root password. I am loathe to do it with a setuid program,
even though then I can run the username through a filter, due to the
probelms having a program like that can create.
Baring hacking passwd, or creating a restricted version of it, is there
any secure way around this delima?
TIA,
Jim "Blue" Carstensen
SysAdmin for Cybernex Inc.
blue@cybernex.net