isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Safer example for rule that can change non-root passwords. GNU

Browse Source 
getopts allows options to follow arguments so we need to be able
to deny things like "passwd root -q".  From Paul "Joey" Clark.
Bug #772
This commit is contained in:
Todd C. Miller
2017-01-17 08:55:40 -07:00
parent b4f524fe7d
commit 57933a8ff3
4 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/sudoers.cat
View File

@@ -2287,7 +2287,7 @@ EEXXAAMMPPLLEESS
The user jjooee may only su(1) to operator.
pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root*
%opers ALL = (: ADMINGRP) /usr/sbin/
@@ -2640,4 +2640,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details.
Sudo 1.8.19 November 30, 2016 Sudo 1.8.19
Sudo 1.8.19 January 17, 2017 Sudo 1.8.19

4
doc/sudoers.man.in
View File

@@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "SUDOERS" "5" "November 30, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDOERS" "5" "January 17, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -4565,7 +4565,7 @@ to operator.
.nf
.sp
.RS 0n
pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root*
%opers ALL = (: ADMINGRP) /usr/sbin/
.RE

4
doc/sudoers.mdoc.in
View File

@@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.Dd November 30, 2016
.Dd January 17, 2017
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -4227,7 +4227,7 @@ may only
.Xr su 1
to operator.
.Bd -literal
pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root*
%opers ALL = (: ADMINGRP) /usr/sbin/
.Ed

2
examples/sudoers
View File

@@ -88,7 +88,7 @@ operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
joe ALL = /usr/bin/su operator
# pete may change passwords for anyone but root on the hp snakes
pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root*
# bob may run anything on the sparc and sgi machines as any user
# listed in the Runas_Alias "OP" (ie: root and operator)