Re: [sudo-users] How to disable ( deny ) user to change the password of root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Stephen Carville wrote: 
On Monday 17 November 2008 00:49, edwardspl@xxxxxxxxxx wrote:
  
Dear All,

For the sudo setting ( visudo ) :

User_Alias      SYSADM = manager

Cmnd_Alias    NOROOT = !/usr/bin/passwd root
Cmnd_Alias    USER = /usr/sbin/adduser, /usr/bin/passwd, /bin/chown,
/usr/sbin/userdel

SYSADM    MH = (ALL)    NOROOT,USER

BUT the test result as the following :

[manager@xxx ~]$ sudo passwd root
Changing password for user root.
New UNIX password:

So, what wrong of the config ?
    
I think the exception has to be after the allowed rule:

SYSADM    MH = (ALL)    USER,NOROOT

It's been while since I checked that part of the code...
Hello to you,

Just test as the following rule is successfuly:
SYSADM    MH = (ALL)    USER,NOROOT
BUT there is another problem of it ( I think it is a bug of sudo ).....

When you enter "sudo passwd" without the option (eg:userid):

[manager@xxx ~]$ sudo passwd
Changing password for user root.
New UNIX password:

OH...the user manager who can change root password ?

So, is there any solution for this case of problem ?

Thanks !

Edward.
-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux