sudo problem

usrb · 10-03-2008, 05:16 AM

Hi all

I am trying to execute following command as user asterisk, as I want to change password of user itudja:

sudo -u itudja passwd

Now, he asks me for password of user asterisk before executing passwd command.
Can I avoid that and how in sudoers file?

Thanx

jschiwal · 10-03-2008, 05:50 AM

Who is "he"? You can run passwd as root instead of as itudja. Use "sudo passwd itudja" to change itudja's password. You can configure sudo to use your own password instead of root's. Some distro's are configured that way by default.

sanjee · 10-03-2008, 05:51 AM

you can try with a user who has blank password ,,,means create a user with blank password and then try . I m not fully sure , but can try.

usrb · 10-03-2008, 08:40 AM

He is linux :-)

If I use sudo passwd itudja, then it will prompt for asterisk's password so he can execute sudo command. Can I avoid entering password?

If user has blank password, anyway, he will be prompted to enter his password, even though he doesn't have any...

Total-MAdMaN · 10-03-2008, 10:25 AM

sudo is used to execute a program as the root user. You need to enter the password to show that you're authorised to run as root. If you didn't have to enter the password anyone could use sudo to do anything on the system and destroy the OS.

usrb · 10-03-2008, 11:46 AM

But I can see from man sudo pages that sudo can execute any command as another user:

sudo, sudoedit - execute a command as another user

I'm pretty certain that there must be a solution for this.

usrb · 10-04-2008, 01:58 AM

Ok, I solved it!
The syntax would go like this:

asterisk ALL = (itudja) NOPASSWD: /usr/bin/passwd

which gives me the freedom to change password for itudja (or any group defined in brackets) without authenticate myself.

Thx and rgrds.

jschiwal · 10-06-2008, 03:15 PM

It allows itudja to run as root without a password. Why do you want to do that. It's dangerous. What's wrong with entering your own password or root's (depending on how sudo is configured) to change itudja's password. It's a one time deal. Why introduce a huge security risk just. You had to enter the root password to run "visdo" anyway.

usrb · 10-07-2008, 10:43 AM

I am writing a php script to change password through web interface...

harry2006 · 10-13-2008, 07:00 AM

Quote:

Originally Posted by usrb

Ok, I solved it!
The syntax would go like this:

asterisk ALL = (itudja) NOPASSWD: /usr/bin/passwd

which gives me the freedom to change password for itudja (or any group defined in brackets) without authenticate myself.

Thx and rgrds.

it defeats the basic purpose of putting multi-level of security in linux and should be avoided. thanks.