Visit Our UNIX and Linux User Community

Operating Systems Linux Red Hat changing which password is prompted for in sudoers Post 302714473 by thmnetwork on Friday 12th of October 2012 08:11:05 AM
Old 10-12-2012
changing which password is prompted for in sudoers

Basically I only want particular users to know the root password, but I also want power users to be able to run certain commands with root privileges. All admins for this box will be authenticating initially through winbind (I do have a backdoor account in case winbind goes wonky)

I want members of the "domain admins" group to be prompted for the root password but have unrestricted sudo access, while members of the "JSNNUsers" group be able to execute the list of commands I've specified, being prompted only for their own password (in case they leave themselves logged in and someone comes up behind them before the console times out, 15 minutes).

I know I can change this behavior on a per-user basis by doing something like:

Code:
Defaults:targetUser   targetpw

But I was interested in getting it to work work when specifying a group with a space in it. I'd rather not create a second group since all domain admins should be allowed root access to this box and the AD side may not necessarily remember to add them to an additional group when new domain admins are created (not to mention it seems redundant).

I got around the space issue in the actual rule itself by escaping the space:

Code:
%domain\ admins   ALL=(ALL)    PASSWD: ALL

But apparently this doesn't also work for changing defaults.

So it basically boils down to this: how do I change the default behavior for the "domain admins" group's password prompt without changing it so that everybody is prompted for the root password.

- Joel
 

7 More Discussions You Might Find Interesting

1. Solaris

changing password

Hi Someone logged on the system with a Normal user and changed the password , for this user , how can i know ? who changed the password from which terminal ? regards Georges (5 Replies)
Discussion started by: itsgeorge
5 Replies

2. HP-UX

Prompted for System Password during login

Hello, I'm new to HP-UX. I have a system running B.11.23 on ia64. The system gets its user passwords via active directory. Everytime a new account is added to AD a script pushes out the account info to all the systems and this system is updated too. However, on this machine, users are unable to... (2 Replies)
Discussion started by: BFLO
2 Replies

3. Shell Programming and Scripting

How to enter a password in the script automatically when prompted?

Hi Friends, We need to create a script which will invoke a command with diffrent parameters. The command invoked needs the password. So how automatically we can enter password in the script to the command? example.: #!/bin/ksh for par in `cat parfile` do # Here is the main command... (1 Reply)
Discussion started by: sourabhsharma
1 Replies

4. UNIX for Advanced & Expert Users

Changing the password prompt

Is there any way I can change the prompt which asks for the password on a UNIX system? e.g. When I login using Telnet instead of "Password" I should get "Correct Password". Thanks, Vineet (3 Replies)
Discussion started by: vineetd
3 Replies

5. Shell Programming and Scripting

password changing

Hi all Im trying to learn the basics of bash and am struggling with some file manipulation. I am trying to run a script that once you have logged in allows you to change your password which is held (along with the corresponding username) in a different file called usernames. When i try to run my... (2 Replies)
Discussion started by: somersetdan
2 Replies

6. UNIX for Advanced & Expert Users

Prompted for password when reverse SSH connecting

Dear Experts, I am writing a batch script to transfer files from server AA to BB without prompting for password. Already, ssh keys have been generated in BB and public key of BB has been stored in AA as part of some other project requirement. So, I thought of reusing this. I can now transfer... (6 Replies)
Discussion started by: ss112233
6 Replies

7. UNIX and Linux Applications

LDAP - sudoers and the nopasswd flag - How can i set some commands for wheelgroup without password?

Hello :) we use LDAP with sudoers about 4 years. Works fine. But we have one problem with members of the admingroup (wheel). This users can do every command with sudo and with there privat password. But when they also are member to another special group, like sysadmin: Sysadmin is allowed to... (0 Replies)
Discussion started by: darktux
0 Replies
GSHADOW(5)						   File Formats and Conversions 						GSHADOW(5)

NAME
gshadow - shadowed group file DESCRIPTION
/etc/gshadow contains the shadowed information for group accounts. This file must not be readable by regular users if password security is to be maintained. Each line of this file contains the following colon-separated fields: group name It must be a valid group name, which exist on the system. encrypted password Refer to crypt(3) for details on how this string is interpreted. If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, users will not be able to use a unix password to access the group (but group members do not need the password). The password is used when a user who is not a member of the group wants to gain the permissions of this group (see newgrp(1)). This field may be empty, in which case only the group members can gain the group permissions. A password field which starts with an exclamation mark means that the password is locked. The remaining characters on the line represent the password field before the password was locked. This password supersedes any password specified in /etc/group. administrators It must be a comma-separated list of user names. Administrators can change the password or the members of the group. Administrators also have the same permissions as the members (see below). members It must be a comma-separated list of user names. Members can access the group without being prompted for a password. You should use the same list of users as in /etc/group. FILES
/etc/group Group account information. /etc/gshadow Secure group account information. SEE ALSO
gpasswd(5), group(5), grpck(8), grpconv(8), newgrp(1). shadow-utils 4.5 01/25/2018 GSHADOW(5)

Featured Tech Videos

All times are GMT -4. The time now is 02:52 AM.
Unix & Linux Forums Content Copyright 1993-2021. All Rights Reserved.
Privacy Policy