I want to prevent a user from changing their own password. Additionally, if possible, I want to prevent them from changing it via sudo.
Asked
Active
Viewed 6,846 times
4 Answers
4
Change the password minimum age:
sudo chage -m 99999 <username>
If the user is clever enough and he has sudo priviledges, you'll have a hard time trying to stop him. If you remove passwd permissions he could fix it running sudo chmod u+xs /usr/bin/passwd. If you rename passwd file he could fix it running sudo apt-get install --reinstall passwd.
I think all you could do is to give a group (or a user) the rights to run specifics commands. If you allow them to run arbitrary commands and you try to deny them running specific commands like passwd, bash or anything "harmful", that could be easily bypassed by cp /bin/bash ~/myshell; sudo ./myshell.
Eric Carvalho
- 54,385
1
To avoid a user from running the passwd command, just make it non-executable for everyone but root.
sudo chmod o-x /usr/bin/passwd
Don't forget, there are more ways to change a password other than with Terminal!
Also visit https://help.ubuntu.com/community/BasicChroot to see if this helps
Simon
- 4,813
- 8
- 35
- 52
0
You could install
ninja
but be carefully with configurating it.
When you configurate it wrong, then you are one level deeper and may not work as admin any more resp. you might then be not allowed any more to use terminal/shell/konsole as before !
dschinn1001
- 3,829
sudo, then you can't prevent them from doing anything. – psusi Jun 10 '13 at 14:15