HPE Community
Operating System - HP-UX
1836535 Members
4818 Online
110102 Solutions
New Discussion

sudo and root pw reset

 
Michael Murphy_2
Frequent Advisor

‎04-30-2007 07:41 AM

‎04-30-2007 07:41 AM

sudo and root pw reset

is there a way to put an entry in the sudoers file to allow someone to become root but disallow resets of the the true root password?
0 Kudos
Reply
3 REPLIES 3
Patrick Wallek
Honored Contributor

‎04-30-2007 07:45 AM

‎04-30-2007 07:45 AM

Re: sudo and root pw reset

The only way to do something like that is to force them to use sudo for everything and not allow them to become root.

Once you become root (sudo su -) you can do ANYTHING.

I guess you could write a wrapper script for the 'passwd' command and if the argument to passwd is 'root' then error out. But that could be easily overcome.
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎04-30-2007 07:46 AM

‎04-30-2007 07:46 AM

Re: sudo and root pw reset

The only way is to restrict which commands they can run as root. If you give them full root access (via su) in the sudoers file, they are root and can do anything they want.
--
Jeff Traigle
0 Kudos
Reply
Khashru
Valued Contributor

‎04-30-2007 12:51 PM

‎04-30-2007 12:51 PM

Re: sudo and root pw reset

You can use sudo inside a program. First configure sudo. Then in the script use a test condition that will not allow root password to be changed.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.