[sudo-users] How to disable ( deny ) user to change the password of root
Stephen Carville
scarville at landam.com
Tue Nov 18 14:21:26 EST 2008
On Monday 17 November 2008 20:30, edwardspl at ita.org.mo wrote:
[snip]
> Just test as the following rule is successfuly:
>
> SYSADM MH = (ALL) USER,NOROOT
> BUT there is another problem of it ( I think it is a bug of sudo ).....
>
> When you enter "sudo passwd" without the option (eg:userid):
>
> [manager at xxx ~]$ sudo passwd
> Changing password for user root.
> New UNIX password:
>
> OH...the user manager who can change root password ?
>
> So, is there any solution for this case of problem ?
Require a username be entered for passwd.
USER /usr/bin/passwd [A-z0-1]
NOROOT !/usr/bin/passwd root
SYSADM MH=(ALL) USER,NOROOT
--
Stephen Carville <scarville at landam.com>
Systems Engineer
Land America
1.626.667.1450 X1326
============================================================
Any security software design that doesn't assume the enemy
possesses the source code is already untrustworthy.
-- Eric Raymond
More information about the sudo-users
mailing list