5.12. Authorizing Password Changes via sudo
Problem
You want to permit a user to change the passwords of certain other users.
Solution
To permit smith to change the passwords of jones, chu, and agarwal:
/etc/sudoers:
smith ALL = NOPASSWD: \
/usr/bin/passwd jones, \
/usr/bin/passwd chu, \
/usr/bin/passwd agarwal
The NOPASSWD
tag is optional, for convenience.
[Recipe 5.4]
Discussion
As another example, permit a professor to change passwords for her students, whose logins are student00, student01, student02,...up to student99.
/etc/sudoers:
prof ALL = NOPASSWD: /usr/bin/passwd student[0-9][0-9]
Note that this uses shell-style wildcard expansion; see sudoers(5) for the full syntax.
See Also
sudo(8), sudoers(5).
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.