How to format sudoers entry for password changing?

I need to edit the sudoers file to allow the users in a group called ABLETOSD the ability to change all passwords on the system except root

Any ideas?
TSCATAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

woolmilkporcCommented:
%ABLETOSD            ALL=(root) NOPASSWD:/bin/passwd [A-z]*,!/bin/passwd root

wmp
0
TSCATAuthor Commented:
Do you think I could get you to briefly break that down so I know what each part of the command does?   I am trying to understand this so I know it going forward.  Thanks!
0
woolmilkporcCommented:
OK.

ABLETOSD is your Unix group, the percent sign distinguishes this from a regular username.

Members in this group are allowed on ALL hosts to issue on behalf of (root), without having to enter their password (NOPASSWD) the command /bin/passwd followed by any alphanumeric string starting with an upper- or lowercase character in any length, but not ( "!" ) the commnad /bin/passwd followed by the string "root"

wmp
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Monis MontherSystem ArchitectCommented:
%ABLETOSD is the group name

ALL=(root) NOPASSWD means they can connect from any host (ALL) simulate root user and do run the command without entering their password(Sudo by default asks you about your password this will override it)

/bin/passwd [A-z]* means that they can run the password command for users beginning with a leter from A till z and * anything else after that for example user1 or markjones25

!/bin/passwd root means dont allow this action for root the ! means except so you cant run the command on the root user


Note: under Linux I think the password command is under /usr/bin/passwd to make sure run the following command

which passwd

This will give you the full path for the command that you should use under your sudoers file

Hope this explains a little bit

This link will give you details

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch09_:_Linux_Users_and_Sudo



0
TSCATAuthor Commented:
Thanks so much,  great info
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.