Admin Users
Hi Everyone,
I was wondering if anyone knows how to solve this problem. I have a user that will create new users on a server. Lets call him "userx". I have added him to the admin group. Code:
admin:x:546:me,userx Code:
%admin ALL=/usr/sbin/useradd,/usr/bin/passwd,/usr/sbin/userdel,!/usr/bin/passwd root However this does not prevent userx from doing something like: Code:
sudo passwd -l root Code:
sudo userdel root What is best practice? |
|
No I get that. :rolleyes:
My question is, is there a easier way to do this than adding every single possible option that can be used with userdel, passwd related to root in sudoers. |
How will you write "If anything relating to root is to be changed, then ask for root passwd"?
|
If you look more closely to my original post:
Quote:
Therefore I can also add Code:
!/usr/bin/passwd me Code:
!/usr/bin/passwd -l me Code:
!/usr/sbin/userdel root Code:
!/usr/sbin/userdel -r root Quote:
|
Near the end of the manpage is an example explaining how to use wildcards:
Code:
%admin ALL=/usr/sbin/useradd,/usr/bin/passwd,/usr/sbin/userdel,!/usr/bin/passwd *root* |
All times are GMT -5. The time now is 04:25 AM. |