[sudo-users] How to disable ( deny ) user to change the password ofroot
scarville at landam.com
Mon Nov 17 13:59:11 EST 2008
On Monday 17 November 2008 00:49, edwardspl at ita.org.mo wrote:
> Dear All,
> For the sudo setting ( visudo ) :
> User_Alias SYSADM = manager
> Cmnd_Alias NOROOT = !/usr/bin/passwd root
> Cmnd_Alias USER = /usr/sbin/adduser, /usr/bin/passwd, /bin/chown,
> SYSADM MH = (ALL) NOROOT,USER
> BUT the test result as the following :
> [manager at xxx ~]$ sudo passwd root
> Changing password for user root.
> New UNIX password:
> So, what wrong of the config ?
I think the exception has to be after the allowed rule:
SYSADM MH = (ALL) USER,NOROOT
It's been while since I checked that part of the code...
Stephen Carville <scarville at landam.com>
Any security software design that doesn't assume the enemy
possesses the source code is already untrustworthy.
-- Eric Raymond
More information about the sudo-users