$ sudo passwd root
[sudo] password for root:
I don't get it. If I know root's password, I already have the full access. If I don't, the command doesn't help in any way.
(You are aware that this is the passwd program is prompting for the new password for root, not sudo asking for the current password for root, aren't you?)
This looks like a single user sudo setup. In a multi-admin-setup, sudo would either prevent access to the passwd executable, or it would require that you pass a non-root username argument to passwd. sudoers has an example for that:
pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *ro
+ot*
The user pete is allowed to change anyone's password except for root on the HPPA machines. Because command line arguments are matched as a single, concatenated string, the ‘*’ wildcard will match multiple words. This example assumes that passwd(1) does not take multiple user names on the command line. Note that on GNU systems, options to passwd(1) may be specified after the user argument. As a result, this rule will also allow:
passwd username --expire
which may not be desirable.
In a multi-admin setup, you would probably have only a few admins that can change passwords. Or maybe you have a central password database (NIS, LDAP) that comes with an independant tool to manage users.
Or maybe openSUSE uses a different sudo?
Most likely not. As far as I know, there is only one sudo. But sudo can be compiled with tons of options, and most likely, at least PAM support is enabled on openSUSE. Slackware explicitly disables PAM.
Update:
The same command looks quite different on Slackware. I think the reason for that is that Slackware does not use PAM at all.
/home/alex>sudo passwd root
Password:
Changing password for root
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
(And yes, I use sudo in a single-user setup. My unprivileged user account is in the wheel group, and sudo is configured to prompt for a password.)
Alexander
--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
