[sudo-users] How to disable ( deny ) user to change the password of root
edwardspl at ita.org.mo
edwardspl at ita.org.mo
Tue Nov 18 04:30:15 UTC 2008
Stephen Carville wrote:
>On Monday 17 November 2008 00:49, edwardspl at ita.org.mo wrote:
>
>
>>Dear All,
>>
>>For the sudo setting ( visudo ) :
>>
>>User_Alias SYSADM = manager
>>
>>Cmnd_Alias NOROOT = !/usr/bin/passwd root
>>Cmnd_Alias USER = /usr/sbin/adduser, /usr/bin/passwd, /bin/chown,
>>/usr/sbin/userdel
>>
>>SYSADM MH = (ALL) NOROOT,USER
>>
>>BUT the test result as the following :
>>
>>[manager at xxx ~]$ sudo passwd root
>>Changing password for user root.
>>New UNIX password:
>>
>>So, what wrong of the config ?
>>
>>
>
>I think the exception has to be after the allowed rule:
>
>SYSADM MH = (ALL) USER,NOROOT
>
>It's been while since I checked that part of the code...
>
Hello to you,
Just test as the following rule is successfuly:
SYSADM MH = (ALL) USER,NOROOT
BUT there is another problem of it ( I think it is a bug of sudo ).....
When you enter "sudo passwd" without the option (eg:userid):
[manager at xxx ~]$ sudo passwd
Changing password for user root.
New UNIX password:
OH...the user manager who can change root password ?
So, is there any solution for this case of problem ?
Thanks !
Edward.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20081118/a83528d3/attachment-0001.htm>
More information about the fedora-list
mailing list