[sudo-users] How to disable ( deny ) user to change the password of root
edwardspl at ita.org.mo
edwardspl at ita.org.mo
Tue Nov 18 19:41:16 EST 2008
Stephen Carville wrote:
>On Monday 17 November 2008 20:30, edwardspl at ita.org.mo wrote:
>
>[snip]
>
>
>
>>Just test as the following rule is successfuly:
>>
>>SYSADM MH = (ALL) USER,NOROOT
>>BUT there is another problem of it ( I think it is a bug of sudo ).....
>>
>>When you enter "sudo passwd" without the option (eg:userid):
>>
>>[manager at xxx ~]$ sudo passwd
>>Changing password for user root.
>>New UNIX password:
>>
>>OH...the user manager who can change root password ?
>>
>>So, is there any solution for this case of problem ?
>>
>>
>
>Require a username be entered for passwd.
>
>USER /usr/bin/passwd [A-z0-1]
>NOROOT !/usr/bin/passwd root
>
>SYSADM MH=(ALL) USER,NOROOT
>
Hello,
Just test the rules, BUT the result is fail:
[manager at xxx ~]$ sudo passwd
[sudo] password for manager:
Sorry, user manager is not allowed to execute '/usr/bin/passwd' as root
on edsvr.
[manager at xxx ~]$ sudo passwd root
[sudo] password for manager:
Sorry, user manager is not allowed to execute '/usr/bin/passwd root' as
root on edsvr.
[manager at xxx ~]$ sudo passwd edward
[sudo] password for manager:
Sorry, user manager is not allowed to execute '/usr/bin/passwd edward'
as root on edsvr.
So, how can we disable any user for changing the root password ?
Thanks !
Edward.
More information about the sudo-users
mailing list