changing which password is prompted for in sudoers
Basically I only want particular users to know the root password, but I also want power users to be able to run certain commands with root privileges. All admins for this box will be authenticating initially through winbind (I do have a backdoor account in case winbind goes wonky)
I want members of the "domain admins" group to be prompted for the root password but have unrestricted sudo access, while members of the "JSNNUsers" group be able to execute the list of commands I've specified, being prompted only for their own password (in case they leave themselves logged in and someone comes up behind them before the console times out, 15 minutes).
I know I can change this behavior on a per-user basis by doing something like:
But I was interested in getting it to work work when specifying a group with a space in it. I'd rather not create a second group since all domain admins should be allowed root access to this box and the AD side may not necessarily remember to add them to an additional group when new domain admins are created (not to mention it seems redundant).
I got around the space issue in the actual rule itself by escaping the space:
But apparently this doesn't also work for changing defaults.
So it basically boils down to this: how do I change the default behavior for the "domain admins" group's password prompt without changing it so that everybody is prompted for the root password.
Hello :)
we use LDAP with sudoers about 4 years. Works fine. But we have one problem with members of the admingroup (wheel). This users can do every command with sudo and with there privat password. But when they also are member to another special group, like sysadmin:
Sysadmin is allowed to... (0 Replies)
Dear Experts,
I am writing a batch script to transfer files from server AA to BB without prompting for password. Already, ssh keys have been generated in BB and public key of BB has been stored in AA as part of some other project requirement. So, I thought of reusing this. I can now transfer... (6 Replies)
Hi all
Im trying to learn the basics of bash and am struggling with some file manipulation. I am trying to run a script that once you have logged in allows you to change your password which is held (along with the corresponding username) in a different file called usernames. When i try to run my... (2 Replies)
Is there any way I can change the prompt which asks for the password on a UNIX system? e.g. When I login using Telnet instead of "Password" I should get "Correct Password".
Thanks,
Vineet (3 Replies)
Hi Friends,
We need to create a script which will invoke a command with diffrent parameters.
The command invoked needs the password. So how automatically we can enter password in the script to the command?
example.:
#!/bin/ksh
for par in `cat parfile` do
# Here is the main command... (1 Reply)
Hello,
I'm new to HP-UX. I have a system running B.11.23 on ia64. The system gets its user passwords via active directory. Everytime a new account is added to AD a script pushes out the account info to all the systems and this system is updated too. However, on this machine, users are unable to... (2 Replies)
Hi
Someone logged on the system with a Normal user and changed the password , for this user , how can i know ? who changed the password from which terminal ?
regards
Georges (5 Replies)