Re^7: Greetings and salutations

in reply to Re^6: Greetings and salutations | sudo
in thread Greetings and salutations | sudo

$ sudo passwd root
[sudo] password for root:
[download]

I don't get it. If I know root's password, I already have the full access. If I don't, the command doesn't help in any way. Or maybe openSUSE uses a different sudo?

map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]

Comment on Re^7: Greetings and salutations \| sudo Select or Download Code

Replies are listed 'Best First'.
Re^8: Greetings and salutations \| sudo by afoken (Chancellor) on Mar 05, 2020 at 19:10 UTC
`$ sudo passwd root [sudo] password for root:` [download] I don't get it. If I know root's password, I already have the full access. If I don't, the command doesn't help in any way. (You are aware that this is the passwd program is prompting for the new password for root, not sudo asking for the current password for root, aren't you?) This looks like a single user sudo setup. In a multi-admin-setup, sudo would either prevent access to the passwd executable, or it would require that you pass a non-root username argument to passwd. sudoers has an example for that: `pete HPPA = /usr/bin/passwd [A-Za-z], !/usr/bin/passwd ro +ot` [download] The user pete is allowed to change anyone's password except for root on the HPPA machines. Because command line arguments are matched as a single, concatenated string, the ‘’ wildcard will match multiple words. This example assumes that passwd(1) does not take multiple user names on the command line. Note that on GNU systems, options to passwd(1) may be specified after the user argument. As a result, this rule will also allow: `passwd username --expire` [download] which may not be desirable. In a multi-admin setup, you would probably have only a few admins that can change passwords. Or maybe you have a central password database (NIS, LDAP) that comes with an independant tool to manage users. Or maybe openSUSE uses a different sudo? Most likely not. As far as I know, there is only one sudo. But sudo can be compiled with tons of options, and most likely, at least PAM support is enabled on openSUSE. Slackware explicitly disables PAM. Update: The same command looks quite different on Slackware. I think the reason for that is that Slackware does not use PAM at all. `/home/alex>sudo passwd root Password: Changing password for root Enter the new password (minimum of 5 characters) Please use a combination of upper and lower case letters and numbers. New password:` [download] (And yes, I use sudo in a single-user setup. My unprivileged user account is in the wheel group, and sudo is configured to prompt for a password.) Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply] [d/l] [select]
Re^9: Greetings and salutations \| sudo by choroba (Cardinal) on Mar 05, 2020 at 20:29 UTC
> You are aware that this is the passwd program is prompting for the new password for root, not sudo asking for the current password for root, aren't you? I wasn't aware of that possibility and it definitely wasn't the case here. The system has a single root user and several non-root users, I don't use the root account for anything but system maintenance. `map{substr$_->[0],$_->[1]\|\|0,1}[\\|\|{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^ARGV,3]`	[reply] [d/l]

In Section Seekers of Perl Wisdom

Replies are listed 'Best First'.
Re^8: Greetings and salutations \| sudo by afoken (Chancellor) on Mar 05, 2020 at 19:10 UTC
`$ sudo passwd root [sudo] password for root:` [download] I don't get it. If I know root's password, I already have the full access. If I don't, the command doesn't help in any way. (You are aware that this is the passwd program is prompting for the new password for root, not sudo asking for the current password for root, aren't you?) This looks like a single user sudo setup. In a multi-admin-setup, sudo would either prevent access to the passwd executable, or it would require that you pass a non-root username argument to passwd. sudoers has an example for that: `pete HPPA = /usr/bin/passwd [A-Za-z], !/usr/bin/passwd ro +ot` [download] The user pete is allowed to change anyone's password except for root on the HPPA machines. Because command line arguments are matched as a single, concatenated string, the ‘’ wildcard will match multiple words. This example assumes that passwd(1) does not take multiple user names on the command line. Note that on GNU systems, options to passwd(1) may be specified after the user argument. As a result, this rule will also allow: `passwd username --expire` [download] which may not be desirable. In a multi-admin setup, you would probably have only a few admins that can change passwords. Or maybe you have a central password database (NIS, LDAP) that comes with an independant tool to manage users. Or maybe openSUSE uses a different sudo? Most likely not. As far as I know, there is only one sudo. But sudo can be compiled with tons of options, and most likely, at least PAM support is enabled on openSUSE. Slackware explicitly disables PAM. Update: The same command looks quite different on Slackware. I think the reason for that is that Slackware does not use PAM at all. `/home/alex>sudo passwd root Password: Changing password for root Enter the new password (minimum of 5 characters) Please use a combination of upper and lower case letters and numbers. New password:` [download] (And yes, I use sudo in a single-user setup. My unprivileged user account is in the wheel group, and sudo is configured to prompt for a password.) Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply] [d/l] [select]
Re^9: Greetings and salutations \| sudo by choroba (Cardinal) on Mar 05, 2020 at 20:29 UTC
> You are aware that this is the passwd program is prompting for the new password for root, not sudo asking for the current password for root, aren't you? I wasn't aware of that possibility and it definitely wasn't the case here. The system has a single root user and several non-root users, I don't use the root account for anything but system maintenance. `map{substr$_->[0],$_->[1]\|\|0,1}[\\|\|{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^ARGV,3]`	[reply] [d/l]