topic Re: sudo and root pw reset in Operating System - HP-UX

sudo and root pw reset

Michael Murphy_2 — Mon, 30 Apr 2007 14:41:00 GMT

is there a way to put an entry in the sudoers file to allow someone to become root but disallow resets of the the true root password?

Re: sudo and root pw reset

Patrick Wallek — Mon, 30 Apr 2007 14:45:04 GMT

The only way to do something like that is to force them to use sudo for everything and not allow them to become root.

Once you become root (sudo su -) you can do ANYTHING.

I guess you could write a wrapper script for the 'passwd' command and if the argument to passwd is 'root' then error out. But that could be easily overcome.

Re: sudo and root pw reset

Jeff_Traigle — Mon, 30 Apr 2007 14:46:27 GMT

The only way is to restrict which commands they can run as root. If you give them full root access (via su) in the sudoers file, they are root and can do anything they want.

Re: sudo and root pw reset

Khashru — Mon, 30 Apr 2007 19:51:20 GMT

You can use sudo inside a program. First configure sudo. Then in the script use a test condition that will not allow root password to be changed.