[sudo-users] How to disable ( deny ) user to change the password of root
scarville at landam.com
Tue Nov 18 14:21:26 EST 2008
On Monday 17 November 2008 20:30, edwardspl at ita.org.mo wrote:
> Just test as the following rule is successfuly:
> SYSADM MH = (ALL) USER,NOROOT
> BUT there is another problem of it ( I think it is a bug of sudo ).....
> When you enter "sudo passwd" without the option (eg:userid):
> [manager at xxx ~]$ sudo passwd
> Changing password for user root.
> New UNIX password:
> OH...the user manager who can change root password ?
> So, is there any solution for this case of problem ?
Require a username be entered for passwd.
USER /usr/bin/passwd [A-z0-1]
NOROOT !/usr/bin/passwd root
SYSADM MH=(ALL) USER,NOROOT
Stephen Carville <scarville at landam.com>
Any security software design that doesn't assume the enemy
possesses the source code is already untrustworthy.
-- Eric Raymond
More information about the sudo-users