다음을 수행할 수 있는 사용자를 sudoers에 추가했습니다.
$ sudo -ll|grep passwd
!/bin/passwd root
!/bin/passwd bin
!/bin/passwd daemon
!/bin/passwd adm
!/bin/passwd lp
!/bin/passwd sync
!/bin/passwd shutdown
!/bin/passwd halt
!/bin/passwd mail
!/bin/passwd uucp
!/bin/passwd operator
!/bin/passwd games
!/bin/passwd gopher
!/bin/passwd ftp
!/bin/passwd nobody
!/bin/passwd dbus
!/bin/passwd vcsa
!/bin/passwd abrt
!/bin/passwd haldaemon
!/bin/passwd ntp
!/bin/passwd saslauth
!/bin/passwd postfix
!/bin/passwd sshd
!/bin/passwd nscd
!/bin/passwd nagios
!/bin/passwd nrpe
!/bin/passwd tcpdump
/bin/passwd *
그러나 이러한 sudoer는 사용자가 루트 비밀번호를 변경하는 것을 방지하지 않습니다.
$ sudo /bin/passwd root
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
"!/bin/passwd root"가 여기서 작동하지 않는 이유를 아시나요?
업데이트(및 해결 방법):
이것은 내 문제를 해결했습니다.
$ sudo -ll|grep passwd
/bin/passwd *
!/bin/passwd -*
!/bin/passwd root
!/bin/passwd root -*
!/bin/passwd bin
!/bin/passwd bin -*
!/bin/passwd daemon
!/bin/passwd daemon -*
!/bin/passwd adm
!/bin/passwd adm -*
!/bin/passwd lp
!/bin/passwd lp -*
!/bin/passwd sync
!/bin/passwd sync -*
!/bin/passwd shutdown
!/bin/passwd shutdown -*
!/bin/passwd halt
!/bin/passwd halt -*
!/bin/passwd mail
!/bin/passwd mail -*
!/bin/passwd uucp
!/bin/passwd uucp -*
!/bin/passwd operator
!/bin/passwd operator -*
!/bin/passwd games
!/bin/passwd games -*
!/bin/passwd gopher
!/bin/passwd gopher -*
!/bin/passwd ftp
!/bin/passwd ftp -*
!/bin/passwd nobody
!/bin/passwd nobody -*
!/bin/passwd dbus
!/bin/passwd dbus -*
!/bin/passwd vcsa
!/bin/passwd vcsa -*
!/bin/passwd abrt
!/bin/passwd abrt -*
!/bin/passwd haldaemon
!/bin/passwd haldaemon -*
!/bin/passwd ntp
!/bin/passwd ntp -*
!/bin/passwd saslauth
!/bin/passwd saslauth -*
!/bin/passwd postfix
!/bin/passwd postfix -*
!/bin/passwd sshd
!/bin/passwd sshd -*
!/bin/passwd nscd
!/bin/passwd nscd -*
!/bin/passwd nagios
!/bin/passwd nagios -*
!/bin/passwd nrpe
!/bin/passwd nrpe -*
!/bin/passwd tcpdump
!/bin/passwd tcpdump -*