LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Desktop (https://www.linuxquestions.org/questions/linux-desktop-74/)
-   -   sudo problem (https://www.linuxquestions.org/questions/linux-desktop-74/sudo-problem-673934/)

usrb 10-03-2008 05:16 AM
sudo problem
 
Hi all

I am trying to execute following command as user asterisk, as I want to change password of user itudja:

sudo -u itudja passwd

Now, he asks me for password of user asterisk before executing passwd command.
Can I avoid that and how in sudoers file?

Thanx

jschiwal 10-03-2008 05:50 AM
Who is "he"? You can run passwd as root instead of as itudja. Use "sudo passwd itudja" to change itudja's password. You can configure sudo to use your own password instead of root's. Some distro's are configured that way by default.

sanjee 10-03-2008 05:51 AM
you can try with a user who has blank password ,,,means create a user with blank password and then try . I m not fully sure , but can try.

usrb 10-03-2008 08:40 AM
He is linux :-)

If I use sudo passwd itudja, then it will prompt for asterisk's password so he can execute sudo command. Can I avoid entering password?

If user has blank password, anyway, he will be prompted to enter his password, even though he doesn't have any...

Total-MAdMaN 10-03-2008 10:25 AM
sudo is used to execute a program as the root user. You need to enter the password to show that you're authorised to run as root. If you didn't have to enter the password anyone could use sudo to do anything on the system and destroy the OS.

usrb 10-03-2008 11:46 AM
But I can see from man sudo pages that sudo can execute any command as another user:

sudo, sudoedit - execute a command as another user

I'm pretty certain that there must be a solution for this.

usrb 10-04-2008 01:58 AM
Ok, I solved it!
The syntax would go like this:

asterisk ALL = (itudja) NOPASSWD: /usr/bin/passwd

which gives me the freedom to change password for itudja (or any group defined in brackets) without authenticate myself.

Thx and rgrds.

jschiwal 10-06-2008 03:15 PM
It allows itudja to run as root without a password. Why do you want to do that. It's dangerous. What's wrong with entering your own password or root's (depending on how sudo is configured) to change itudja's password. It's a one time deal. Why introduce a huge security risk just. You had to enter the root password to run "visdo" anyway.

usrb 10-07-2008 10:43 AM
I am writing a php script to change password through web interface...

harry2006 10-13-2008 07:00 AM
Quote:
Originally Posted by usrb (Post 3299800)
Ok, I solved it!
The syntax would go like this:

asterisk ALL = (itudja) NOPASSWD: /usr/bin/passwd

which gives me the freedom to change password for itudja (or any group defined in brackets) without authenticate myself.

Thx and rgrds.
it defeats the basic purpose of putting multi-level of security in linux and should be avoided. thanks.


All times are GMT -5. The time now is 04:06 PM.