usermod cannot lock /etc/passwd when usermod is in /etc/sudoers as NOPASSWD

linux usermod

Need to be able to execute 'usermod' without sudo, so that a script on a remote machine may disable and lock a userid on the instance host.

Adding 'nopasswd' and the command to the wheel group in sudoers on the instance host should work, if I'm reading the sudoers documentation correctly.

Have added %wheel ALL=NOPASSWD: /usr/sbin/usermod via visudo to /etc/sudoers on the host:

Then running the command results in failure:

username@hostname:21:21:20 UTC - ~ $ usermod --expiredate 1 --lock $uid
usermod: Permission denied.
usermod: cannot lock /etc/passwd; try again later.

Note that 'username' in the block above is a member of wheel, and that running 'sudo usermod....' does work.

Have also tried %wheel ALL=(ALL) NOPASSWD: /usr/sbin/usermod with the same failure.

Is there a method to fix/workaround the permission/lock issue?


I'm pretty sure you still need to use sudo to run the command, you just won't be prompted for the password.

With this you could probably include sudo in your remote command depending on how you have all this configured. You don't need to worry about sudo doing anything else since your explicitly stating nopasswd for only the usermod tool

Related

Enable mysql caching and prevent crash
Ethernet bond interface fails after NIC replacement
What is a Long lived TCP/IP Connection?
Why is ansible not setting the seuser properly on this directory?
External display doesn’t fill screen
How to install iOS 13 on iPhone 6s?
bash not finding executables on Catalina: why & how to fix?
What is the best method of locking a kids ipad to a particular app?
Terminal command to list application defaults?
Need a download of Mojave [duplicate]
How to create a read-only shadow for existing RAM disk on macOS?
How to restore EFI in MacBook Pro Retina 13"?