Stop User From Changing Root Password

S

shy001

Active Member
Joined
May 7, 2008
Messages
42
Reaction score
0
Hi all
How can you stop users from changing the root user Password?:confused:
 
Removing the user from the "wheel" group, and setting the ownership on the "passwd" script to root - although this will prevent users from being able to change their own passwords.
 
is there any way users can change their own passwords but not root users password?
 
shy001 said:
is there any way users can change their own passwords but not root users password?
Click to expand...

Yes - remove them from the "wheel" group and ensure they don't have sudo access.

Changing ownership of the "passwd" script to the root user is the only thing that will prevent the users from changing their own passwords, however this is not necessary, merely useful for added security.
 
ok my question is how did the user obtain the root password? Dont you need the root password to be able to change it?
 
apparently all you need to do to change the root password is type "su" to become root, then type "passwd" and it will prompt you for a new password.

i have not had experience with this
i am researching it and have no linux machine to experiment with
thats y i am asking
 
When I use su or su - on other distros besides ()ubuntu, you need to type in the root password.
 
"In order to change the root password, a user must type passwd. The user will be prompted to type in the new password and confirm it.
It will then prompt you to type your new pass, and then to confirm it."

Ok here is another problem:Wireless freezing kernel on laptop at irregular intervals
 
Even with sudo on kubuntu you still need the root password before you can run sudo anything
 
I've found that preventing users from changing their passwords themselves is on par with taking a gun from them when they want to shoot themselves in the foot
 
Gothan said:
Even with sudo on kubuntu you still need the root password before you can run sudo anything
Click to expand...

No you don't. You need your user password which is used to sudo

so if your username is "foo" and your username's password is "bar", to change the root password, you just type:

sudo passwd
[sudo] Enter password for foo: bar
Enter UNIX password: newpassword

As long as you have sudo access or are able to get dropped into a root shell (i.e. UID0 hack), then you can change the root password without needing to know it in the first place.
 
ok but i wana know how to STOP users from changing the root user password
 
On Ubuntu-based systems, only the first user by default can use sudo. All subsequent users cannot, unless you add them to the "admin" group ("wheel" is from BSD). If you're not in the admin group, sudo won't work.
 
shy001 said:
ok but i wana know how to STOP users from changing the root user password
Click to expand...

*sigh*

Kasyx said:
Removing the user from the "wheel" group, and setting the ownership on the "passwd" script to root - although this will prevent users from being able to change their own passwords.
Click to expand...

Kasyx said:
Yes - remove them from the "wheel" group and ensure they don't have sudo access.
Changing ownership of the "passwd" script to the root user is the only thing that will prevent the users from changing their own passwords, however this is not necessary, merely useful for added security.
Click to expand...

Kasyx said:
As long as you have sudo access or are able to get dropped into a root shell (i.e. UID0 hack), then you can change the root password without needing to know it in the first place.
Click to expand...

REMOVE. FROM. WHEEL. GROUP.
 
shy001 said:
ok but i wana know how to STOP users from changing the root user password
Click to expand...

If you're on ubuntu, remove them from the sudo'ers group:

System > Administration > Users and Groups > [enter password] > Manage groups > admin > Properties > (Make sure that only users that should be able to run as root are ticked).
 
lol thanx
sorry - blonde moment

ok another question "Linux Log in problems when booting up"
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X