cancel
Showing results for 
Search instead for 
Did you mean: 

Root Password using SUDO

Marylou Kohlmeier
Frequent Advisor

Root Password using SUDO

Is there a way to prevent sudo users from changing "root" password?

thanks,
Marylou
3 REPLIES
Steven Schweda
Honored Contributor

Re: Root Password using SUDO

I don't use it, but I thought that the whole
idea of "sudo" was to let normal users "run
some (or all) commands as root", the
important part of that being "some".

http://www.gratisoft.us/sudo/intro.html

So, the real question would seem to be, "Why
are you letting people use 'sudo' to run
commands (like passwd) which you don't want
them to run?"
Steven E. Protter
Exalted Contributor

Re: Root Password using SUDO

Shalom,

Yes.

Don't give the passwd command via sudo

The passwd command has suid set, that gives them all the power they need to change their own password.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Bill Hassell
Honored Contributor

Re: Root Password using SUDO

SUDO is very often under-configured. Only the most senior and trustworthy sysadmins are given unrestricted access. The rest of the users are given one or two commands to do their jobs -- no more until a valid justification is made. In heavily secured environments, a written justification and approval process is needed before adding additional commands. SUDO is quite powerful -- you can even restrict the parameters allowed for a specific command. Good security principles will not default (give away) privileges, but instead, start at zero and add a few at a time.


Bill Hassell, sysadmin