We are having a little problem on a server. We want that some users should be able to do e.g. sudo and become root, but with the restriction that the user can't change root password. That is, a guarantee that we still can login to that server and become root no matter of what the other users will do.
Is that possible?
(Linux 3.2.0-57-generic #87-Ubuntu SMP)
One way to do it is to disable "su" and "passwd" access in sudoers, for example like this:
Then tell user to run the commands that he needs executed as root by prefixing them with "sudo".
It will not prohibit manually editing the /etc/shadow file though...
.... or editing the /etc/sudoers file and the user can take off the restrictions again.
How about you ask exactly what is needed and only permit that with sudo rules. Be sure not to allow access to anything that the user can escape from, e.g. by giving vi, then user can probably :sh to get to a command prompt as the executing user.
Other things sudo as ftp can also be used to run local shell commands too. You have to be very careful.
Perhaps there is a need for not giving root access to the user. Ask what needs to be done, get it scripted and tested, then make the script Read-Only to them, but have it owned by root and set the SUID flag with:-
Make sure that the world cannot execute the script and set the group to be a restricted as you can. perhaps even create a group for just this use.
i hope that this helps or at least gives you something to consider.
i do not have root on a solairs 10 server , however i do have the root role, i was wondering if I can change the root password as a a role with the passwd command? I have not tried yet.
and do i have to use the # chgkey -p afterwards?
i need to patch is why i am asking.
thanks (1 Reply)
Hello Gurus,
I want One user to su to another without allowing root access and password.
I want to run a specific command as below from user am663:
---------------------------------------------------------
sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh
-------------------
But... (6 Replies)
Hello All,
I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Hi Friends.
I am new to scripting now i want to change the root password using the script with standard password.
which is the easy scripting to learn for the beginner, Thanks in advance. (2 Replies)
Hi, we have a HP-UX server of model 9000/800/rp4440. We have been trying to reset the root password but are in vain.I used the following command and also are the outputs which i have received.
# passwd
Changing password for root
New password:
Re-enter new password:
Unexpected failure.... (3 Replies)
Hello!
I forget the root password and I need to change it. I've read others threads about it in this forum, but it seems it's necessary to modify /etc/passwd file. In my HPUX Systems this passwd file have only "read" permissions ant its owner is the root user, so how can i modify this file, if I... (4 Replies)
Hi,
I have forgotten my personal account password but I still have the root access to the box.
Please tell me how can I change my other account password by logging as root.
Thanks.
Rakesh :D (4 Replies)