<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=Big5" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Stephen Carville wrote:<br>
<blockquote cite="mid200811181121.26864.scarville@landam.com"
type="cite">
<pre wrap="">On Monday 17 November 2008 20:30, <a class="moz-txt-link-abbreviated" href="mailto:edwardspl@ita.org.mo">edwardspl@ita.org.mo</a> wrote:
[snip]
</pre>
<blockquote type="cite">
<pre wrap="">Just test as the following rule is successfuly:
SYSADM MH = (ALL) USER,NOROOT
BUT there is another problem of it ( I think it is a bug of sudo ).....
When you enter "sudo passwd" without the option (eg:userid):
[manager@xxx ~]$ sudo passwd
Changing password for user root.
New UNIX password:
OH...the user manager who can change root password ?
So, is there any solution for this case of problem ?
</pre>
</blockquote>
<pre wrap=""><!---->
Require a username be entered for passwd.
USER /usr/bin/passwd [A-z0-1]
NOROOT !/usr/bin/passwd root
SYSADM MH=(ALL) USER,NOROOT</pre>
</blockquote>
Hello,<br>
<br>
Just test the rules, BUT the result is fail:<br>
<br>
[manager@xxx ~]$ sudo passwd<br>
[sudo] password for manager:<br>
Sorry, user manager is not allowed to execute '/usr/bin/passwd' as root
on edsvr.<br>
[manager@xxx ~]$ sudo passwd root<br>
[sudo] password for manager:<br>
Sorry, user manager is not allowed to execute '/usr/bin/passwd root' as
root on edsvr.<br>
[manager@xxx ~]$ sudo passwd edward<br>
[sudo] password for manager:<br>
Sorry, user manager is not allowed to execute '/usr/bin/passwd edward'
as root on edsvr.<br>
<br>
So, how can we disable any user for changing the root password ?<br>
<br>
Thanks !<br>
<br>
Edward.
</body>
</html>