Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to provide root access via sudo with restrictions?
Top Forums UNIX for Advanced & Expert Users How to provide root access via sudo with restrictions? Post 303014361 by RudiC on Saturday 10th of March 2018 08:10:31 AM
Old 03-10-2018
Methinks you have a syntax error in the Cmnd_Alias as the Cmnd_List should be comma delimited, but the actual reason for your "error" is that you're running the passwd command as root.
man su:
Quote:
Invoked without a username, su defaults to becoming the superuser.
Last edited by RudiC; 03-10-2018 at 10:19 AM..
This User Gave Thanks to RudiC For This Post:
jim mcnamara
 

9 More Discussions You Might Find Interesting

1. Linux

how to access root priveliges if root password is lost

wish to know how to access root password it root password is forgotten in linux (1 Reply)
Discussion started by: wojtyla
1 Replies

2. Shell Programming and Scripting

To provide restricted access to certain user's on linux box

Hi, I need to provide execute access to certain users and not to all users For ex: if ther is a file /home/august/aug.sh. and there are user's like jan,feb,mar,april,May and jan is the owner of that box. I need to provide execute access to feb and mar only. I also know the root pwd for... (3 Replies)
Discussion started by: Ashok_oct22
3 Replies

3. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

4. Linux

nix User Access Restrictions to Network, USB ports, PCMCIA, CDROM

How to create a user account on a Linux desktop machine with restrictions on connecting to the LAN, WAN, PCMCIA ports, Firewire, CDROM and generally any user controllable output options? I have the task to set up a machine for users working with sensitive data that should not be leaving the... (1 Reply)
Discussion started by: netfreighter
1 Replies

5. UNIX for Dummies Questions & Answers

sudo/root access

I'm actually working with a Ubuntu-System here and have a question about executing a command with 'sudo'. I tried and got a error message like "not allowed". After this I logged in with 'sudo -s' and typed the command without 'sudo'. This worked well. Can please somebody explain me this... (0 Replies)
Discussion started by: daWonderer
0 Replies

6. SuSE

Auditors want more security with root to root access via ssh keys

I access over 100 SUSE SLES servers as root from my admin server, via ssh sessions using ssh keys, so I don't have to enter a password. My SUSE Admin server is setup in the following manner: 1) Remote root access is turned off in the sshd_config file. 2) I am the only user of this admin... (6 Replies)
Discussion started by: dvbell
6 Replies

7. Red Hat

Sudo to user other than root but do not allow sudo to root

I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Discussion started by: westmoreland
1 Replies

8. UNIX for Beginners Questions & Answers

How to provide read access to root crontab?

Hi, Is there any safe method to provide read access to root's crontab to another user? Just read no other permissions. (1 Reply)
Discussion started by: ctrld
1 Replies

9. Solaris

Sudo access of rm to non-root user

Hello, It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only. This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file. Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT OSF1

chsh

passwd(1)						      General Commands Manual							 passwd(1)

NAME

       passwd, chfn, chsh - Changes password file information

SYNOPSIS

       passwd [-f  | -s] [username]

       passwd  -q  [username]

       passwd  -q  -a

       chfn [username]

       chsh [username]

       This  security-sensitive  command  uses the SIA (Security Integration Architecture) routine as an interface to the security mechanisms. See
       the matrix.conf(4) reference page for more information.

OPTIONS

       Report the password attributes of all users. This option may only be used with the -q option and you must be root.  Invokes the	chfn  com-
       mand  when  given with the passwd command.  Report the  password attributes of the specified user. If the -a option is given, all users are
       listed. Users other than root may only use the -q option on themselves. If a username is not specified, then the current username is  used.
       Invokes the chsh command when given with the passwd command.

DESCRIPTION

       The passwd command changes (or installs) the password associated with your username (by default) or the specified username.

       The  chfn  command  changes  the finger information in the GECOS field associated with your username or the specified username. GECOS is an
       obsolete term, but refers to the finger information field of the passwd structure as defined in the <pwd.h> file and the finger information
       field  of  the  /etc/passwd  file  as described in the passwd(4) reference page.  The information in the GECOS field has been formalized by
       POSIX and is a comma separated list containing the user's full name, office phone, office number, and home phone number.

       The chsh command changes the login shell of your username or of the specified username.

       When using the passwd command to alter a password, the command prompts for the current password and then for the new one.  The caller  must
       supply both.  The new password must be typed twice to forestall mistakes.

       Each password must have at least six characters and can include digits, symbols, and the letters of your alphabet. It is strongly suggested
       that you include unusual punctuation, control characters, or digits in your password.  Use of only lowercase letters is discouraged. If you
       enter more than eight characters when creating a password, the passwd command ignores any characters after the eighth.

       When the -q option is used, the output of the passwd command  under base security is as follows: name  status

       The status is "PS" if the user has a password, "LK" if the user has an administrative lock, or "NP" if the user has no password.

       Under  enhanced	security  the  passwd -q command gathers information from the enhanced security password and system defaults databases and
       presents the data as follows: name status date min_change max_change

       The status field is "PS" if the user has a password, "LK" if the user has an administrative lock, or "NP" if the user has no password.  The
       date  is  the day of the last successful password change in mm/dd/yy format. The min_change field is the period in days, measured from  the
       date of last password change, which must pass before a user can change his user account password. A value of  0 means the password  may	be
       changed	at any time. The max_change field is the period in days, measured from the date of last password change, for which the password is
       valid. Adding this value to the date of last password change gives the date at which the password expires and a change will be required.  A
       value of 0 means that the password will never expire.

       When  altering  the  GECOS  information field, the chfn command displays the current information, broken into fields, as interpreted by the
       finger program, among others, and prompts for new values. These fields include a user's proper name, office room number, office phone  num-
       ber,  and  home	phone  number.	 Included  in  each  prompt is a default value, which is enclosed in [ ] (brackets).  The default value is
       accepted simply by pressing <Return>.  To enter a blank field, the word none can be entered.

       The chfn command allows phone numbers to be entered with or without dashes.  It is a good idea to  run  finger  after  changing	the  GECOS
       information to make sure everything is set up properly.

       A  superuser  can  change anyone's GECOS information; other users can only change their own. Superusers can also run the account management
       interfaces, dxaccounts and usermod to modify passwords.

       When altering a login shell, the chsh command displays the current login shell and then prompts for the new one.  The new login shell  must
       be  one of the approved shells listed in the /etc/shells file unless you have superuser privileges. If the /etc/shells file does not exist,
       the only shells that can be specified are /usr/bin/sh and /usr/bin/csh.

       Note that if you specify an abbreviated shell name, the command chooses the first entry in the /etc/shells  file  that  matches	the  shell
       abbreviation.   For  example,  if  you specify ksh, and both the /bin/ksh and /usr/bin/ksh shells are included in the /etc/shells file, the
       shell is changed to the shell that is specified first.

       A superuser can change anyone's login shell; normal users can only change their own login shell.

								      Security Note

       When you use the passwd command, with enhanced security installed, the system prompts for the existing  password,  and  begins  a  password
       solicitation  dialog  that  depends  on the options for password generation the administrator has enabled for your account.  There are four
       possible options: A pronounceable password made up of meaningless syllables.  An unpronounceable password made up of random characters from
       the  character  set.  An unpronounceable password made up of random letters from the alphabet.  A user specified password, which is subject
       to length and triviality restrictions.

       A maximum length is specified for all user passwords.  The minimum password length depends on several parameters set in the  authentication
       databases.

       The system requires a minimum time to elapse before you can change your password.  This stops you from reusing an old password too soon.

       A password expires after a period of time known as the expiration time. The system warns you when the expiration time is drawing near.

       A password dies after a period of time known as the password lifetime. After the lifetime passes, your account is locked until the adminis-
       trator reenables it.  After unlocking, you must change your password again before you can use your account.

       When you successfully type your old password, the system prints the last successful and unsuccessful password change times.  Make sure that
       these times are accurate; use them to detect attempted password changes by an unauthorized user.

       You can change your own password if the administrator has enabled any of the password generation options for your account.

       Using  the passwd command to reset a user's password does not unlock the user's account if the account is locked for a reason other than an
       expired password.

       If a password longer than 8 characters was entered under base security and then enhanced security is installed, you must use only the first
       8  characters  of  the  original  password.   This  is  because	base  security	only  used  the first 8 characters of the password and the
       enhanced/extended password is created from the base password.

       See the Security manual for detailed instructions on changing your password.

EXAMPLES

       To change your password, enter: passwd

	      You are prompted for your old password (if it exists).  You are then prompted twice for the new password.  To change the office num-
	      ber and building values in your GECOS information, enter: chfn

	      Your  current  GECOS  values  are displayed.  Follow the instructions and change your office number.  For example, enter: Name [Huan
	      Kim]: Room Number [3A-41]: 4A-43 Office Phone [3-1234]: Home Phone [555-1234]:

FILES

       Contains user information.  The list of approved shells.  Enhanced security password database for system accounts.  Enhanced security pass-
       word database for user accounts.  Enhanced security's system defaults database.

SEE ALSO

       Commands:  finger(1), login(1), vipw(8), dxaccounts(8), usermod(8)

       Files:  matrix.conf(4), prpasswd(4), passwd(4)

       Security

																	 passwd(1)
All times are GMT -4. The time now is 11:14 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy