[sudo-users] password reset using sudo
pjcp64 at gmail.com
Wed Feb 5 18:02:52 MST 2020
Sorry, I missed this the first time around...
If given the sudo permissions to execute passwd as root then yes, root can
change his own password.
jdoe ALL=(ALL) NOPASSWD: /bin/passwd <== jdoe has permissions to run
passwd as root.
jdoe ALL=(ALL) NOPASSWD: ALL <== jdoe has permissions to run
passwd as root, and ANYTHING else as root.
jdoe ALL=(ALL) NOPASSWD: /bin/bash <== jdoe can run a bash shell as
root from which he can run passwd as root.
jdoe ALL=(ALL) NOPASSWD: /bin/vi <== jdoe can vi a file from which
he can shell out, then run passwd as root.
And the list continues....
NOPASSWD isn't required above, it just means that jdoe doesn't have to type
in his own password to do these things.
On Wed, Feb 5, 2020 at 4:58 PM Shawn McMahon <syberghost at gmail.com> wrote:
> You did it, so that kind of proves it's possible.
> If you have your sudo configured to allow this, it's possible to do this.
> On Tue, Feb 4, 2020 at 8:38 AM Sama N <xamaa6 at gmail.com> wrote:
> > Hi,
> > I had a question about sudo. The question is "if it is possible to reset
> > root account user's password using non-privileged local user's password?"
> > I was able to change my root account password using sudo without even
> > knowing the password to the root account. Let me know if its possible or
> > not.
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
More information about the sudo-users