[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [sudo-users] How to disable ( deny ) user to change the password of root



Stephen Carville wrote:
On Monday 17 November 2008 20:30, edwardspl ita org mo wrote:

[snip]

  
Just test as the following rule is successfuly:

SYSADM    MH = (ALL)    USER,NOROOT
BUT there is another problem of it ( I think it is a bug of sudo ).....

When you enter "sudo passwd" without the option (eg:userid):

[manager xxx ~]$ sudo passwd
Changing password for user root.
New UNIX password:

OH...the user manager who can change root password ?

So, is there any solution for this case of problem ?
    

Require a username be entered for passwd.

USER 		/usr/bin/passwd [A-z0-1]
NOROOT	!/usr/bin/passwd root

SYSADM  MH=(ALL)   USER,NOROOT
Hello,

Just test the rules, BUT the result is fail:

[manager xxx ~]$ sudo passwd
[sudo] password for manager:
Sorry, user manager is not allowed to execute '/usr/bin/passwd' as root on edsvr.
[manager xxx ~]$ sudo passwd root
[sudo] password for manager:
Sorry, user manager is not allowed to execute '/usr/bin/passwd root' as root on edsvr.
[manager xxx ~]$ sudo passwd edward
[sudo] password for manager:
Sorry, user manager is not allowed to execute '/usr/bin/passwd edward' as root on edsvr.

So, how can we disable any user for changing the root password ?

Thanks !

Edward.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]