Preventing the change of root password

Matthew.Hannigan at nl.abnamro.com Matthew.Hannigan at nl.abnamro.com
Tue Apr 11 11:52:30 EDT 2000 


Alert alert don't do this!

Ahem, I mean, if you're really interested in security
don't do this because it allows you to change the
password of user "bin" for instance.   User bin can
easily promote itself to root in many ways.

Only do this if you have have dumb, honest users,
i.e. that you're using sudo as a convenience thing
more than a security thing.

Regards,
-Matt

PS. this is the third time I've written
something like this in the last month or so,
with no reply.  Does no-one have any comment
or are my mail problems worse than I thought?







ben at power-net.com.au on 11/04/2000 11:04:56

Please respond to benjaminlee at consultant.com

To:   pjoshi at parijat.info.com.np
cc:   sudo-users at courtesan.com (bcc: Matthew Hannigan/NL/ABNAMRO/NL)
Subject:  Re: Preventing the change of root password




I'm new too but I think I can point you in the right direction.

This is from the sudoers man page:


pete           HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root

       The user pete is allowed to change anyone's password except for
root on the HPPA machines.  Note that this
       assumes passwd(1) does not take multiple usernames on the command
line.





On Tue, 11 Apr 2000 pjoshi at parijat.info.com.np wrote:

> Hi Everybody,
>
> I am new to the list and am sorry if this has been answered before.
> I have given my sudo users the previlege to change the passwords. But in
> that case they can also change the password of root. Is there a way, they
> can be prevented from changing the root's password but at the same time be
> able to change any other user's password.
>
> Any help will be highly appreciated
>
> Regards,
> P Joshi.
>


Sincerely,
Ben

/----------------------------------------------+------------------------\
| Benjamin Lee                                 |                        |
| Internet Administrator                       |  Mobile:  0416 122 779 |
| PowerNET Computer Consultants P/L            |  Fax:   +613 9425 9091 |
| 50 Madden Grove, Burnley 3121 VIC Australia  |  Phone: +613 9425 9090 |
\----------------------------------------------+------------------------/

Reality is for people who lack imagination.

More information about the sudo-users mailing list