[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [sudo-users] How to disable ( deny ) user to change the password of root



Stephen Carville wrote:
On Monday 17 November 2008 00:49, edwardspl ita org mo wrote:
  
Dear All,

For the sudo setting ( visudo ) :

User_Alias      SYSADM = manager

Cmnd_Alias    NOROOT = !/usr/bin/passwd root
Cmnd_Alias    USER = /usr/sbin/adduser, /usr/bin/passwd, /bin/chown,
/usr/sbin/userdel

SYSADM    MH = (ALL)    NOROOT,USER

BUT the test result as the following :

[manager xxx ~]$ sudo passwd root
Changing password for user root.
New UNIX password:

So, what wrong of the config ?
    

I think the exception has to be after the allowed rule:

SYSADM    MH = (ALL)    USER,NOROOT

It's been while since I checked that part of the code...
Hello to you,

Just test as the following rule is successfuly:
SYSADM    MH = (ALL)    USER,NOROOT
BUT there is another problem of it ( I think it is a bug of sudo ).....

When you enter "sudo passwd" without the option (eg:userid):

[manager xxx ~]$ sudo passwd
Changing password for user root.
New UNIX password:

OH...the user manager who can change root password ?

So, is there any solution for this case of problem ?

Thanks !

Edward.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]