Home Man
Search
Today's Posts
Register

Ubuntu is a complete desktop Linux operating system, freely available with both community and professional support.

Root access that can't change root password?

Tags
ubuntu

Login to Reply

 
Thread Tools Search this Thread
# 1  
Old 12-15-2013
Root access that can't change root password?

We are having a little problem on a server. We want that some users should be able to do e.g. sudo and become root, but with the restriction that the user can't change root password. That is, a guarantee that we still can login to that server and become root no matter of what the other users will do.

Is that possible?
(Linux 3.2.0-57-generic #87-Ubuntu SMP)
# 2  
Old 12-15-2013
One way to do it is to disable "su" and "passwd" access in sudoers, for example like this:
Code:
user ALL=(ALL) ALL, !/usr/bin/passwd, !/usr/bin/su

Then tell user to run the commands that he needs executed as root by prefixing them with "sudo".

It will not prohibit manually editing the /etc/shadow file though...
# 3  
Old 12-16-2013
.... or editing the /etc/sudoers file and the user can take off the restrictions again.


How about you ask exactly what is needed and only permit that with sudo rules. Be sure not to allow access to anything that the user can escape from, e.g. by giving vi, then user can probably :sh to get to a command prompt as the executing user.

Other things sudo as ftp can also be used to run local shell commands too. You have to be very careful.

Perhaps there is a need for not giving root access to the user. Ask what needs to be done, get it scripted and tested, then make the script Read-Only to them, but have it owned by root and set the SUID flag with:-
Code:
chown root:group yourscript
chmod 4750 yourscript

Make sure that the world cannot execute the script and set the group to be a restricted as you can. perhaps even create a group for just this use.



i hope that this helps or at least gives you something to consider.


Robin
Liverpool/Blackburn
UK
Login to Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
One user to su to another without allowing root access and password pokhraj_d UNIX for Advanced & Expert Users 6 04-18-2017 03:08 PM
Can't change root password in AIX 5.2 need2bageek AIX 7 01-08-2010 04:38 AM
Solaris 8 - Asks for current root password when trying to change root password. tferrazz Solaris 8 04-07-2009 02:28 PM
how to change root password using shell script with standard password kurva Shell Programming and Scripting 2 02-25-2009 01:35 AM
Root Password change bullz26 Solaris 2 03-30-2008 11:09 AM
How to change ROOT password. angelofhell HP-UX 3 02-25-2008 05:44 AM
Change root password? kaugrs HP-UX 4 02-13-2008 11:16 AM
Change other account password from root access rakeshou UNIX for Dummies Questions & Answers 4 11-30-2007 10:06 AM
How to change root password on HP UX mle06 HP-UX 4 08-11-2006 11:03 PM
how to access root priveliges if root password is lost wojtyla Linux 1 02-18-2005 05:24 AM


All times are GMT -4. The time now is 05:26 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
UNIX.COM Login
Username:
Password:  
Show Password