How to format sudoers entry for password changing?

I need to edit the sudoers file to allow the users in a group called ABLETOSD the ability to change all passwords on the system except root

Any ideas?
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

woolmilkporcConnect With a Mentor Commented:

ABLETOSD is your Unix group, the percent sign distinguishes this from a regular username.

Members in this group are allowed on ALL hosts to issue on behalf of (root), without having to enter their password (NOPASSWD) the command /bin/passwd followed by any alphanumeric string starting with an upper- or lowercase character in any length, but not ( "!" ) the commnad /bin/passwd followed by the string "root"

%ABLETOSD            ALL=(root) NOPASSWD:/bin/passwd [A-z]*,!/bin/passwd root

TSCATAuthor Commented:
Do you think I could get you to briefly break that down so I know what each part of the command does?   I am trying to understand this so I know it going forward.  Thanks!
Monis MontherConnect With a Mentor System ArchitectCommented:
%ABLETOSD is the group name

ALL=(root) NOPASSWD means they can connect from any host (ALL) simulate root user and do run the command without entering their password(Sudo by default asks you about your password this will override it)

/bin/passwd [A-z]* means that they can run the password command for users beginning with a leter from A till z and * anything else after that for example user1 or markjones25

!/bin/passwd root means dont allow this action for root the ! means except so you cant run the command on the root user

Note: under Linux I think the password command is under /usr/bin/passwd to make sure run the following command

which passwd

This will give you the full path for the command that you should use under your sudoers file

Hope this explains a little bit

This link will give you details

TSCATAuthor Commented:
Thanks so much,  great info
All Courses

From novice to tech pro — start learning today.