Re: [sudo-users] How to disable ( deny ) user to change the password of root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Stephen Carville wrote:
On Monday 17 November 2008 20:30, edwardspl@xxxxxxxxxx wrote:

[snip]

  
Just test as the following rule is successfuly:

SYSADM    MH = (ALL)    USER,NOROOT
BUT there is another problem of it ( I think it is a bug of sudo ).....

When you enter "sudo passwd" without the option (eg:userid):

[manager@xxx ~]$ sudo passwd
Changing password for user root.
New UNIX password:

OH...the user manager who can change root password ?

So, is there any solution for this case of problem ?
    
Require a username be entered for passwd.

USER 		/usr/bin/passwd [A-z0-1]
NOROOT	!/usr/bin/passwd root

SYSADM  MH=(ALL)   USER,NOROOT
Hello,

Just test the rules, BUT the result is fail:

[manager@xxx ~]$ sudo passwd
[sudo] password for manager:
Sorry, user manager is not allowed to execute '/usr/bin/passwd' as root on edsvr.
[manager@xxx ~]$ sudo passwd root
[sudo] password for manager:
Sorry, user manager is not allowed to execute '/usr/bin/passwd root' as root on edsvr.
[manager@xxx ~]$ sudo passwd edward
[sudo] password for manager:
Sorry, user manager is not allowed to execute '/usr/bin/passwd edward' as root on edsvr.

So, how can we disable any user for changing the root password ?

Thanks !

Edward.
-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux