Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

sudo problem 1

Status
Not open for further replies.

UsRb

IS-IT--Management
Mar 19, 2007
48
HR
Hi all

I am trying to execute following command as user asterisk, as I want to change password of user itudja:

sudo -u itudja passwd

Now, he asks me for password of user asterisk before executing passwd command. Can I avoid that and how in sudoers file?

Thanx
 
If you as root want to change the password for the user itudja,
should'nt the syntax then be:
Code:
sudo passwd itudja
???
 
Now, he asks me for password of user asterisk before executing passwd command. Can I avoid that and how in sudoers file?

But that is how sudo works. User asterisk must already be listed in the sudoers file. Sudo then asks for user asterisk's password when user asterisk invokes sudo just to make sure someone hasn't sat down to a machine that was left logged in by naughty user asterisk.

If you want to use sudo, you can't avoid it asking for your password. That is the whole point of sudo.
 
In fact you can. Just read the sudoers file with the comments in it or the man page.

But before you do such a thing, you should really ask yourself why you would need it. If you need to execute a program, for instance, you can do a lot with permissions, from user and group settings to setting the SUID bit.

Setting somebody else's password is typically a job for an administrator, so the first answer is just right.

Off course pentode is quite right that asking a password first is the whole point of sudo.

+++ Despite being wrong in every important aspect, that is a very good analogy +++
Hex (in Darwin's Watch)
 
Thank you guys for answering. Actually, I found a solution on man sudoers page. This is my syntax:

asterisk ALL = (itudja) NOPASSWD: /usr/bin/passwd

I am writing a php script, so every user can change his passwd through web.
 
That sounds very insecure. One could theoretically do:

Code:
sudo passwd root
(change root's password)
su -
(enter new root password)
(have root prompt)

all without needing to know anybody's passwords (except the new one they made up for root).

-------------
Cuvou.com | My personal homepage
Code:
perl -e '$|=$i=1;print" oo\n<|>\n_|_";x:sleep$|;print"\b",$i++%2?"/":"_";goto x;'
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top