From 1c8f84563766de14f17f08b08f601bb3475b2d4e Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Thu, 21 May 2015 03:13:18 -0400 Subject: [PATCH] Add notes about sudo setup (#1490203) --- plugins/password/README | 15 +++++++++++++++ plugins/password/config.inc.php.dist | 7 +++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/plugins/password/README b/plugins/password/README index b883211..88cc849 100644 --- a/plugins/password/README +++ b/plugins/password/README @@ -46,6 +46,7 @@ 2.20. Plesk (Plesk RPC-API) 2.21. Kpasswd 3. Driver API + 4. Sudo setup 1. Configuration @@ -348,3 +349,17 @@ PASSWORD_CRYPT_ERROR, PASSWORD_ERROR when driver was unable to change password. Extended result (as a hash-array with 'message' and 'code' items) can be returned too. See existing drivers in drivers/ directory for examples. + + 4. Sudo setup + ------------- + + Some drivers that execute system commands (like chpasswd) require use of sudo command. + Here's a sample for CentOS 7: + + # cat <<END >/etc/sudoers.d/99-roundcubemail + apache ALL=NOPASSWD:/usr/sbin/chpasswd + Defaults:apache !requiretty + <<END + + Note: on different systems the username (here 'apache') may be different, e.g. www. + Note: on some systems the disabling tty line may not be needed. diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist index 1814499..af87a83 100644 --- a/plugins/password/config.inc.php.dist +++ b/plugins/password/config.inc.php.dist @@ -295,7 +295,7 @@ // chpasswd Driver options // --------------------- -// Command to use +// Command to use (see "Sudo setup" in README) $config['password_chpasswd_cmd'] = 'sudo /usr/sbin/chpasswd 2> /dev/null'; @@ -337,9 +337,8 @@ // pw_usermod Driver options // -------------------------- -// Use comma delimited exlist to disable password change for users -// Add the following line to visudo to tighten security: -// www ALL=NOPASSWORD: /usr/sbin/pw +// Use comma delimited exlist to disable password change for users. +// See "Sudo setup" in README file. $config['password_pw_usermod_cmd'] = 'sudo /usr/sbin/pw usermod -h 0 -n'; -- Gitblit v1.9.1