Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re^8: Greetings and salutations | sudo

by afoken (Canon)
on Mar 05, 2020 at 19:10 UTC ( #11113870=note: print w/replies, xml ) Need Help??


in reply to Re^7: Greetings and salutations | sudo
in thread Greetings and salutations | sudo

$ sudo passwd root [sudo] password for root:

I don't get it. If I know root's password, I already have the full access. If I don't, the command doesn't help in any way.

(You are aware that this is the passwd program is prompting for the new password for root, not sudo asking for the current password for root, aren't you?)

This looks like a single user sudo setup. In a multi-admin-setup, sudo would either prevent access to the passwd executable, or it would require that you pass a non-root username argument to passwd. sudoers has an example for that:

pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *ro +ot*

The user pete is allowed to change anyone's password except for root on the HPPA machines. Because command line arguments are matched as a single, concatenated string, the * wildcard will match multiple words. This example assumes that passwd(1) does not take multiple user names on the command line. Note that on GNU systems, options to passwd(1) may be specified after the user argument. As a result, this rule will also allow:

passwd username --expire

which may not be desirable.

In a multi-admin setup, you would probably have only a few admins that can change passwords. Or maybe you have a central password database (NIS, LDAP) that comes with an independant tool to manage users.

Or maybe openSUSE uses a different sudo?

Most likely not. As far as I know, there is only one sudo. But sudo can be compiled with tons of options, and most likely, at least PAM support is enabled on openSUSE. Slackware explicitly disables PAM.

Update:

The same command looks quite different on Slackware. I think the reason for that is that Slackware does not use PAM at all.

/home/alex>sudo passwd root Password: Changing password for root Enter the new password (minimum of 5 characters) Please use a combination of upper and lower case letters and numbers. New password:

(And yes, I use sudo in a single-user setup. My unprivileged user account is in the wheel group, and sudo is configured to prompt for a password.)

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Replies are listed 'Best First'.
Re^9: Greetings and salutations | sudo
by choroba (Archbishop) on Mar 05, 2020 at 20:29 UTC
    > You are aware that this is the passwd program is prompting for the new password for root, not sudo asking for the current password for root, aren't you?

    I wasn't aware of that possibility and it definitely wasn't the case here. The system has a single root user and several non-root users, I don't use the root account for anything but system maintenance.

    map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://11113870]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (8)
As of 2020-05-26 18:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    If programming languages were movie genres, Perl would be:















    Results (150 votes). Check out past polls.

    Notices?