[sudo-users] How to disable ( deny ) user to change the password of root

Stephen Carville scarville at landam.com
Tue Nov 18 14:21:26 EST 2008

On Monday 17 November 2008 20:30, edwardspl at ita.org.mo wrote:


> Just test as the following rule is successfuly:
> BUT there is another problem of it ( I think it is a bug of sudo ).....
> When you enter "sudo passwd" without the option (eg:userid):
> [manager at xxx ~]$ sudo passwd
> Changing password for user root.
> New UNIX password:
> OH...the user manager who can change root password ?
> So, is there any solution for this case of problem ?

Require a username be entered for passwd.

USER 		/usr/bin/passwd [A-z0-1]
NOROOT	!/usr/bin/passwd root


Stephen Carville <scarville at landam.com>
Systems Engineer
Land America
1.626.667.1450 X1326
Any security software design that doesn't assume the enemy
possesses the source code is already untrustworthy.
                                           -- Eric Raymond

More information about the sudo-users mailing list