Recipe 5.12 Authorizing Password Changes via sudo

5.12.1 Problem

You want to permit a user to change the passwords of certain other users.

5.12.2 Solution

To permit smith to change the passwords of jones, chu, and agarwal:

smith  ALL = NOPASSWD: \
        /usr/bin/passwd jones, \
        /usr/bin/passwd chu, \
        /usr/bin/passwd agarwal

The NOPASSWD tag is optional, for convenience. [Recipe 5.4]

5.12.3 Discussion

As another example, permit a professor to change passwords for her students, whose logins are student00, student01, student02,...up to student99.

prof  ALL = NOPASSWD: /usr/bin/passwd student[0-9][0-9]

Note that this uses shell-style wildcard expansion; see sudoers(5) for the full syntax.

5.12.4 See Also

sudo(8), sudoers(5).

    Chapter 9. Testing and Monitoring