Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
$ sudo passwd root [sudo] password for root:

I don't get it. If I know root's password, I already have the full access. If I don't, the command doesn't help in any way.

(You are aware that this is the passwd program is prompting for the new password for root, not sudo asking for the current password for root, aren't you?)

This looks like a single user sudo setup. In a multi-admin-setup, sudo would either prevent access to the passwd executable, or it would require that you pass a non-root username argument to passwd. sudoers has an example for that:

pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *ro +ot*

The user pete is allowed to change anyone's password except for root on the HPPA machines. Because command line arguments are matched as a single, concatenated string, the * wildcard will match multiple words. This example assumes that passwd(1) does not take multiple user names on the command line. Note that on GNU systems, options to passwd(1) may be specified after the user argument. As a result, this rule will also allow:

passwd username --expire

which may not be desirable.

In a multi-admin setup, you would probably have only a few admins that can change passwords. Or maybe you have a central password database (NIS, LDAP) that comes with an independant tool to manage users.

Or maybe openSUSE uses a different sudo?

Most likely not. As far as I know, there is only one sudo. But sudo can be compiled with tons of options, and most likely, at least PAM support is enabled on openSUSE. Slackware explicitly disables PAM.

Update:

The same command looks quite different on Slackware. I think the reason for that is that Slackware does not use PAM at all.

/home/alex>sudo passwd root Password: Changing password for root Enter the new password (minimum of 5 characters) Please use a combination of upper and lower case letters and numbers. New password:

(And yes, I use sudo in a single-user setup. My unprivileged user account is in the wheel group, and sudo is configured to prompt for a password.)

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

In reply to Re^8: Greetings and salutations | sudo by afoken
in thread Greetings and salutations | sudo by zentara

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others studying the Monastery: (5)
    As of 2020-07-06 20:26 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      No recent polls found

      Notices?