Visit Our UNIX and Linux User Community


changing which password is prompted for in sudoers

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat changing which password is prompted for in sudoers
# 1  
Old 10-12-2012
changing which password is prompted for in sudoers

Basically I only want particular users to know the root password, but I also want power users to be able to run certain commands with root privileges. All admins for this box will be authenticating initially through winbind (I do have a backdoor account in case winbind goes wonky)

I want members of the "domain admins" group to be prompted for the root password but have unrestricted sudo access, while members of the "JSNNUsers" group be able to execute the list of commands I've specified, being prompted only for their own password (in case they leave themselves logged in and someone comes up behind them before the console times out, 15 minutes).

I know I can change this behavior on a per-user basis by doing something like:

Code:
Defaults:targetUser   targetpw

But I was interested in getting it to work work when specifying a group with a space in it. I'd rather not create a second group since all domain admins should be allowed root access to this box and the AD side may not necessarily remember to add them to an additional group when new domain admins are created (not to mention it seems redundant).

I got around the space issue in the actual rule itself by escaping the space:

Code:
%domain\ admins   ALL=(ALL)    PASSWD: ALL

But apparently this doesn't also work for changing defaults.

So it basically boils down to this: how do I change the default behavior for the "domain admins" group's password prompt without changing it so that everybody is prompted for the root password.

- Joel

Previous Thread | Next Thread
Test Your Knowledge in Computers #945
Difficulty: Medium
A Fraggle attack is a variation of the Smurf attack where an attacker sends a large amount of UDP traffic to ports 7 (Echo) and 19 (CHARGEN) to an IP broadcast address with the intended victim's spoofed source IP address.
True or False?

7 More Discussions You Might Find Interesting

1. UNIX and Linux Applications

LDAP - sudoers and the nopasswd flag - How can i set some commands for wheelgroup without password?

Hello :) we use LDAP with sudoers about 4 years. Works fine. But we have one problem with members of the admingroup (wheel). This users can do every command with sudo and with there privat password. But when they also are member to another special group, like sysadmin: Sysadmin is allowed to... (0 Replies)
Discussion started by: darktux
0 Replies

2. UNIX for Advanced & Expert Users

Prompted for password when reverse SSH connecting

Dear Experts, I am writing a batch script to transfer files from server AA to BB without prompting for password. Already, ssh keys have been generated in BB and public key of BB has been stored in AA as part of some other project requirement. So, I thought of reusing this. I can now transfer... (6 Replies)
Discussion started by: ss112233
6 Replies

3. Shell Programming and Scripting

password changing

Hi all Im trying to learn the basics of bash and am struggling with some file manipulation. I am trying to run a script that once you have logged in allows you to change your password which is held (along with the corresponding username) in a different file called usernames. When i try to run my... (2 Replies)
Discussion started by: somersetdan
2 Replies

4. UNIX for Advanced & Expert Users

Changing the password prompt

Is there any way I can change the prompt which asks for the password on a UNIX system? e.g. When I login using Telnet instead of "Password" I should get "Correct Password". Thanks, Vineet (3 Replies)
Discussion started by: vineetd
3 Replies

5. Shell Programming and Scripting

How to enter a password in the script automatically when prompted?

Hi Friends, We need to create a script which will invoke a command with diffrent parameters. The command invoked needs the password. So how automatically we can enter password in the script to the command? example.: #!/bin/ksh for par in `cat parfile` do # Here is the main command... (1 Reply)
Discussion started by: sourabhsharma
1 Replies

6. HP-UX

Prompted for System Password during login

Hello, I'm new to HP-UX. I have a system running B.11.23 on ia64. The system gets its user passwords via active directory. Everytime a new account is added to AD a script pushes out the account info to all the systems and this system is updated too. However, on this machine, users are unable to... (2 Replies)
Discussion started by: BFLO
2 Replies

7. Solaris

changing password

Hi Someone logged on the system with a Normal user and changed the password , for this user , how can i know ? who changed the password from which terminal ? regards Georges (5 Replies)
Discussion started by: itsgeorge
5 Replies

Featured Tech Videos