Sudoers - group managing and reboot/shutdown












0














I've got a group (let's say name "group1", ID = 1234) and a user (let's say name "user1", ID="4321"). I want to do two things:




  1. I want that user to change passwords from other members of that group, but only from that group.

  2. I want every member of that group to be able to use reboot/poweroff commands without using their password every time.


I have read that page (https://help.ubuntu.com/community/Sudoers) but I am still not able to work out my problems.






sudo users group reboot







share|improve this question
























  • Hi! I marked Ask Ubuntu post for deletion. So it should be okey now.
    – Artur
    Jan 9 '15 at 10:08












  • Your question would be welcomed better if you posted your attempts and how they failed. Then, it would probably be easier for us to understand how your problem could be worked-around/handled ;)
    – John WH Smith
    Jan 9 '15 at 11:17


















0














I've got a group (let's say name "group1", ID = 1234) and a user (let's say name "user1", ID="4321"). I want to do two things:




  1. I want that user to change passwords from other members of that group, but only from that group.

  2. I want every member of that group to be able to use reboot/poweroff commands without using their password every time.


I have read that page (https://help.ubuntu.com/community/Sudoers) but I am still not able to work out my problems.






sudo users group reboot







share|improve this question
























  • Hi! I marked Ask Ubuntu post for deletion. So it should be okey now.
    – Artur
    Jan 9 '15 at 10:08












  • Your question would be welcomed better if you posted your attempts and how they failed. Then, it would probably be easier for us to understand how your problem could be worked-around/handled ;)
    – John WH Smith
    Jan 9 '15 at 11:17
















0












0








0







I've got a group (let's say name "group1", ID = 1234) and a user (let's say name "user1", ID="4321"). I want to do two things:




  1. I want that user to change passwords from other members of that group, but only from that group.

  2. I want every member of that group to be able to use reboot/poweroff commands without using their password every time.


I have read that page (https://help.ubuntu.com/community/Sudoers) but I am still not able to work out my problems.






sudo users group reboot







share|improve this question















I've got a group (let's say name "group1", ID = 1234) and a user (let's say name "user1", ID="4321"). I want to do two things:




  1. I want that user to change passwords from other members of that group, but only from that group.

  2. I want every member of that group to be able to use reboot/poweroff commands without using their password every time.


I have read that page (https://help.ubuntu.com/community/Sudoers) but I am still not able to work out my problems.






sudo users group reboot




sudo users group reboot






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 16 at 11:48









Rui F Ribeiro

38.9k1479129




38.9k1479129










asked Jan 9 '15 at 9:51









Artur

1




1












  • Hi! I marked Ask Ubuntu post for deletion. So it should be okey now.
    – Artur
    Jan 9 '15 at 10:08












  • Your question would be welcomed better if you posted your attempts and how they failed. Then, it would probably be easier for us to understand how your problem could be worked-around/handled ;)
    – John WH Smith
    Jan 9 '15 at 11:17




















  • Hi! I marked Ask Ubuntu post for deletion. So it should be okey now.
    – Artur
    Jan 9 '15 at 10:08












  • Your question would be welcomed better if you posted your attempts and how they failed. Then, it would probably be easier for us to understand how your problem could be worked-around/handled ;)
    – John WH Smith
    Jan 9 '15 at 11:17


















Hi! I marked Ask Ubuntu post for deletion. So it should be okey now.
– Artur
Jan 9 '15 at 10:08






Hi! I marked Ask Ubuntu post for deletion. So it should be okey now.
– Artur
Jan 9 '15 at 10:08














Your question would be welcomed better if you posted your attempts and how they failed. Then, it would probably be easier for us to understand how your problem could be worked-around/handled ;)
– John WH Smith
Jan 9 '15 at 11:17






Your question would be welcomed better if you posted your attempts and how they failed. Then, it would probably be easier for us to understand how your problem could be worked-around/handled ;)
– John WH Smith
Jan 9 '15 at 11:17












1 Answer
1






active

oldest

votes


















1














Suppose the group id is "foo"



using visudo to change sudo settings:



The % symbol identifies a group



%foo ALL = (root) /usr/bin/reboot


As to password changes you will have to use a script that limits activity - sudo cannot do it all.



Suppose the one special user is peewee
Using visudo add:



User_Alias SPECIAL peewee



SPECIAL ALL = (root) NOPASSWD: /root/special_passwd.shl


As root:



mkdir /root

chmod 750 /root


This is completely untested: name this script special_passwd.shl, place it in the root directory. Permissions = 750



#!/bin/bash

if [ $# -eq 2 ] ; then

# echo username:passwd | chpasswd is the syntax

   grp=$(/usr/bin/id -g "$1")

   if [ "$grp" = "1234" ]; then

         echo ${1}:${2} | /usr/bin/chpasswd

      [ $? -eq 0 ] || echo 'password change failed'

   fi



else

   echo 'No password change: requires username, new password'

fi


You should consider showing what you've tried on this. The script is a starter, not meant for production.






share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f178316%2fsudoers-group-managing-and-reboot-shutdown%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    Suppose the group id is "foo"



    using visudo to change sudo settings:



    The % symbol identifies a group



    %foo ALL = (root) /usr/bin/reboot


    As to password changes you will have to use a script that limits activity - sudo cannot do it all.



    Suppose the one special user is peewee
    Using visudo add:



    User_Alias SPECIAL peewee
    

    
SPECIAL ALL = (root) NOPASSWD: /root/special_passwd.shl


    As root:



    mkdir /root
    
chmod 750 /root


    This is completely untested: name this script special_passwd.shl, place it in the root directory. Permissions = 750



    #!/bin/bash
    
if [ $# -eq 2 ] ; then
    
# echo username:passwd | chpasswd is the syntax
    
   grp=$(/usr/bin/id -g "$1")
    
   if [ "$grp" = "1234" ]; then
    
         echo ${1}:${2} | /usr/bin/chpasswd
    
      [ $? -eq 0 ] || echo 'password change failed'
    
   fi
    

    
else
    
   echo 'No password change: requires username, new password'
    
fi


    You should consider showing what you've tried on this. The script is a starter, not meant for production.






    share|improve this answer


























      1














      Suppose the group id is "foo"



      using visudo to change sudo settings:



      The % symbol identifies a group



      %foo ALL = (root) /usr/bin/reboot


      As to password changes you will have to use a script that limits activity - sudo cannot do it all.



      Suppose the one special user is peewee
      Using visudo add:



      User_Alias SPECIAL peewee
      

      
SPECIAL ALL = (root) NOPASSWD: /root/special_passwd.shl


      As root:



      mkdir /root
      
chmod 750 /root


      This is completely untested: name this script special_passwd.shl, place it in the root directory. Permissions = 750



      #!/bin/bash
      
if [ $# -eq 2 ] ; then
      
# echo username:passwd | chpasswd is the syntax
      
   grp=$(/usr/bin/id -g "$1")
      
   if [ "$grp" = "1234" ]; then
      
         echo ${1}:${2} | /usr/bin/chpasswd
      
      [ $? -eq 0 ] || echo 'password change failed'
      
   fi
      

      
else
      
   echo 'No password change: requires username, new password'
      
fi


      You should consider showing what you've tried on this. The script is a starter, not meant for production.






      share|improve this answer
























        1












        1








        1






        Suppose the group id is "foo"



        using visudo to change sudo settings:



        The % symbol identifies a group



        %foo ALL = (root) /usr/bin/reboot


        As to password changes you will have to use a script that limits activity - sudo cannot do it all.



        Suppose the one special user is peewee
        Using visudo add:



        User_Alias SPECIAL peewee
        

        
SPECIAL ALL = (root) NOPASSWD: /root/special_passwd.shl


        As root:



        mkdir /root
        
chmod 750 /root


        This is completely untested: name this script special_passwd.shl, place it in the root directory. Permissions = 750



        #!/bin/bash
        
if [ $# -eq 2 ] ; then
        
# echo username:passwd | chpasswd is the syntax
        
   grp=$(/usr/bin/id -g "$1")
        
   if [ "$grp" = "1234" ]; then
        
         echo ${1}:${2} | /usr/bin/chpasswd
        
      [ $? -eq 0 ] || echo 'password change failed'
        
   fi
        

        
else
        
   echo 'No password change: requires username, new password'
        
fi


        You should consider showing what you've tried on this. The script is a starter, not meant for production.






        share|improve this answer












        Suppose the group id is "foo"



        using visudo to change sudo settings:



        The % symbol identifies a group



        %foo ALL = (root) /usr/bin/reboot


        As to password changes you will have to use a script that limits activity - sudo cannot do it all.



        Suppose the one special user is peewee
        Using visudo add:



        User_Alias SPECIAL peewee
        

        
SPECIAL ALL = (root) NOPASSWD: /root/special_passwd.shl


        As root:



        mkdir /root
        
chmod 750 /root


        This is completely untested: name this script special_passwd.shl, place it in the root directory. Permissions = 750



        #!/bin/bash
        
if [ $# -eq 2 ] ; then
        
# echo username:passwd | chpasswd is the syntax
        
   grp=$(/usr/bin/id -g "$1")
        
   if [ "$grp" = "1234" ]; then
        
         echo ${1}:${2} | /usr/bin/chpasswd
        
      [ $? -eq 0 ] || echo 'password change failed'
        
   fi
        

        
else
        
   echo 'No password change: requires username, new password'
        
fi


        You should consider showing what you've tried on this. The script is a starter, not meant for production.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jan 9 '15 at 21:04









        jim mcnamara

        69448




        69448






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f178316%2fsudoers-group-managing-and-reboot-shutdown%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Morgemoulin

            Image
            Morgemoulin — miejscowość i gmina — Państwo   Francja Region Grand Est Departament Moza Okręg Verdun Kod INSEE 55357 Powierzchnia 6,82 km² Populacja  (1990) • liczba ludności 75 • gęstość 11 os./km² Kod pocztowy 55400 Położenie na mapie Francji Morgemoulin 49°14′N   5°35′E / 49,233333   5,583333 Portal Francja Morgemoulin – miejscowość i gmina we Francji, w regionie Grand Est, w departamencie Moza. Według danych na rok 1990 gminę zamieszkiwało 75 osób, a gęstość zaludnienia wynosiła 11 osób/km² (wśród 2335 gmin Lotaryngii Morgemoulin plasuje się na 970. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 848.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Verdun Abaucourt-Hautecourt • Aincreville • Ambly-sur-Meuse • Amel-sur-l'Étang • Ancemont • Arrancy-sur-Crusne • Aubréville • Autré...
            Read more

            Scott Moir

            Image
            Scott Moir Tessa Virtue i Scott Moir w 2016 r. Reprezentacja   Kanada Data i miejsce urodzenia 2 września 1987 London Wzrost 180 cm Konkurencja Pary taneczne Partner sportowy Tessa Virtue Trener Marie-France Dubreuil, Patrice Lauzon, Romain Haguenauer Poprzednio: Marina Zujewa, Oleg Epstein, Igor Szpilband, Johnny Johns, Carol Moir, Paul MacIntosh, Suzanne Killing Klub Montreal International School of Skating Poprzednio: Arctic Edge FSC Ilderton Skating Club Lokalizacja treningowa Montreal Poprzednio: Canton Kitchener Rekordy życiowe ISU przed sezonem 2018/2019 Nota łączna 206,07 Igrzyska Olimpijskie 2018 Taniec krótki 83,67 Igrzyska Olimpijskie 2018 Taniec dowolny 122,40 Igrzyska Olimpijskie 2018 Dorobek medalowy Reprezentacja   Kanada Igrzyska olimpijskie Złoto Vancouver 2010 pary taneczne Złoto Pjongczang 2018 pary taneczne Złoto Pjongczang 2018 drużynowo Srebro S...
            Read more

            Souastre

            Image
            Souastre — miejscowość i gmina — Herb Państwo   Francja Region Hauts-de-France Departament Pas-de-Calais Okręg Arras Kod INSEE 62800 Powierzchnia 7,18 km² Populacja  (1990) • liczba ludności 352 • gęstość 49 os./km² Kod pocztowy 62111 Położenie na mapie Francji Souastre 50°09′N   2°34′E / 50,150000   2,566667 Portal Francja Souastre – miejscowość i gmina we Francji, w regionie Hauts-de-France, w departamencie Pas-de-Calais. Według danych na rok 1990 gminę zamieszkiwały 352 osoby, a gęstość zaludnienia wynosiła 49 osób/km² (wśród 1549 gmin regionu Nord-Pas-de-Calais Souastre plasuje się na 887. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 507.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Arras Ablain-Saint-Nazaire Ablainzevelle Acheville Achicourt Achiet-le-Grand Achiet-le-Pe...
            Read more