You are not logged in.
Context : I have a ftp server with a couple of users and a "ftpadmin" user that is chrooted one level higher than normal users. With right groups and permissions, ftpadmin can read and write in every user directory.
Now I need ftpadmin user to be able to reset passwords of normal ftp users only (wich are normal users for the system, as well as ftpadmin).
Sudo might be an option but I do not like the idea that someone else than me can reset root password... because I'm not the one that uses ftpadmin for ftp administration on my server.
Is there any way to give ftpadmin, rights to reset passwords of every users in the same group (clients in my case) ?
Offline
Maybe you can write a wrapper-script for passwd, which check if the first argument is not equal to root and the the given user is in the ftpgroup. If everything is ok you can call passwd with the checked parameters.
If only this script has root permission via sudo, and the file permissions are 750 and the owner of the script is root, i think this is what you want.
Greets
Sunnemer
Offline