Sponsored Content
Operating Systems Linux Red Hat changing which password is prompted for in sudoers Post 302714473 by thmnetwork on Friday 12th of October 2012 08:11:05 AM
Old 10-12-2012
changing which password is prompted for in sudoers

Basically I only want particular users to know the root password, but I also want power users to be able to run certain commands with root privileges. All admins for this box will be authenticating initially through winbind (I do have a backdoor account in case winbind goes wonky)

I want members of the "domain admins" group to be prompted for the root password but have unrestricted sudo access, while members of the "JSNNUsers" group be able to execute the list of commands I've specified, being prompted only for their own password (in case they leave themselves logged in and someone comes up behind them before the console times out, 15 minutes).

I know I can change this behavior on a per-user basis by doing something like:

Code:
Defaults:targetUser   targetpw

But I was interested in getting it to work work when specifying a group with a space in it. I'd rather not create a second group since all domain admins should be allowed root access to this box and the AD side may not necessarily remember to add them to an additional group when new domain admins are created (not to mention it seems redundant).

I got around the space issue in the actual rule itself by escaping the space:

Code:
%domain\ admins   ALL=(ALL)    PASSWD: ALL

But apparently this doesn't also work for changing defaults.

So it basically boils down to this: how do I change the default behavior for the "domain admins" group's password prompt without changing it so that everybody is prompted for the root password.

- Joel
 

7 More Discussions You Might Find Interesting

1. Solaris

changing password

Hi Someone logged on the system with a Normal user and changed the password , for this user , how can i know ? who changed the password from which terminal ? regards Georges (5 Replies)
Discussion started by: itsgeorge
5 Replies

2. HP-UX

Prompted for System Password during login

Hello, I'm new to HP-UX. I have a system running B.11.23 on ia64. The system gets its user passwords via active directory. Everytime a new account is added to AD a script pushes out the account info to all the systems and this system is updated too. However, on this machine, users are unable to... (2 Replies)
Discussion started by: BFLO
2 Replies

3. Shell Programming and Scripting

How to enter a password in the script automatically when prompted?

Hi Friends, We need to create a script which will invoke a command with diffrent parameters. The command invoked needs the password. So how automatically we can enter password in the script to the command? example.: #!/bin/ksh for par in `cat parfile` do # Here is the main command... (1 Reply)
Discussion started by: sourabhsharma
1 Replies

4. UNIX for Advanced & Expert Users

Changing the password prompt

Is there any way I can change the prompt which asks for the password on a UNIX system? e.g. When I login using Telnet instead of "Password" I should get "Correct Password". Thanks, Vineet (3 Replies)
Discussion started by: vineetd
3 Replies

5. Shell Programming and Scripting

password changing

Hi all Im trying to learn the basics of bash and am struggling with some file manipulation. I am trying to run a script that once you have logged in allows you to change your password which is held (along with the corresponding username) in a different file called usernames. When i try to run my... (2 Replies)
Discussion started by: somersetdan
2 Replies

6. UNIX for Advanced & Expert Users

Prompted for password when reverse SSH connecting

Dear Experts, I am writing a batch script to transfer files from server AA to BB without prompting for password. Already, ssh keys have been generated in BB and public key of BB has been stored in AA as part of some other project requirement. So, I thought of reusing this. I can now transfer... (6 Replies)
Discussion started by: ss112233
6 Replies

7. UNIX and Linux Applications

LDAP - sudoers and the nopasswd flag - How can i set some commands for wheelgroup without password?

Hello :) we use LDAP with sudoers about 4 years. Works fine. But we have one problem with members of the admingroup (wheel). This users can do every command with sudo and with there privat password. But when they also are member to another special group, like sysadmin: Sysadmin is allowed to... (0 Replies)
Discussion started by: darktux
0 Replies
dialups(4)							   File Formats 							dialups(4)

NAME
dialups - list of terminal devices requiring a dial-up password SYNOPSIS
/etc/dialups DESCRIPTION
dialups is an ASCII file which contains a list of terminal devices that require a dial-up password. A dial-up password is an additional password required of users who access the computer through a modem or dial-up port. The correct password must be entered before the user is granted access to the computer. The set of ports that require a dial-up password are listed in the dialups file. Each entry in the dialups file is a single line of the form: terminal-device where terminal-device The full path name of the terminal device that will require a dial-up password for users accessing the computer through a modem or dial-up port. The dialups file should be owned by the root user and the root group. The file should have read and write permissions for the owner (root) only. EXAMPLES
Example 1: A sample dialups file. Here is a sample dialups file: /dev/term/a /dev/term/b /dev/term/c FILES
/etc/d_passwd dial-up password file /etc/dialups list of dial-up ports requiring dial-up passwords SEE ALSO
d_passwd(4) SunOS 5.10 4 May 1994 dialups(4)
All times are GMT -4. The time now is 09:17 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy