Thursday, July 21, 2011

Granting sudo access to reset local user-accounts password

In a RHEL server, I want to grant sudo access for a Group to reset any local User-accounts' password. At the same time, I don't want them to reset the password of ROOT user.

Solution:   Use ! (exclude) option in /etc/sudoers file.

Syntax:  %groupname ALL=(ALL) NOPASSWD: /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root

No comments:

Post a Comment