[sudo-users] How to restrict sudo users from changing root password
Russell Van Tassell
russell+sudo-users at loosenut.com
Fri Jun 5 11:51:20 EDT 2009
On Fri, Jun 05, 2009 at 06:51:55AM -0700, Kohlmeier, Marylou wrote:
> Hello everyone,
> Is there a way to restrict sudo users from changing "root" password?
Pretty much don't allow them access to ways to change it... things like
passwd and/or vi (or another editor) under sudo. You should also be
probably also be using things like tripwire to monitor critical changes
In short... you'll need to keep your sudoers files pointing only at "the
essentials" for each user and then trust that each user is able to use
it properly and doesn't have some level of maliciousness in-mind with
their elevated privileges.
More information about the sudo-users