Resetting passwords of other users without being Root
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Resetting passwords of other users without being Root
Hi Everyone,
I am a newbie and have recently installed Linux at home, although right now it is only for testing purposes I want to set it up as a multiuser system and I would like to know if there is a way to reset passwords of other users without being Root and without using SUDO. I mean like setting up a user group with that privilege only and then connect User IDs to that group who should reset the password of other users.
Sorry if this question may have been posted on another forum but I have looked around and couldn't find an answer.
Thanks,
Julix
This is not possible. Well, not possible in any sane way. I'm not sure what effect creating a 'password_editor' group, making /etc/passwd and so on owned by that group, and making it group-writable would have, but it's not anything you want or need.
This is exactly what sudo is designed for. To allow normal users to do things that is usually reserved for root. You can specify a group that has access to only the passwd command to reset passwords. The only downfall to this is that this particular user could probably sudo passwd root and reset the root password.
Thank you Digiot and Jonlake, both point of views make sense. Basically what I want to archive is that a user with that the user with this privilege don't has put sudo everytime a password needs to be reset for a user. So if I setup the user ID with SUDO for password reset there is no way to avoid that the root password can also be reset by this particular user?
#!/bin/bash
# users run this command as sudo script user
if [ "$1" = 'root' ]; then
echo "You cannot change the root password!!"
exit
else
passwd $1
fi
and give them sudo to this command. I am just guessing that this would work, I'm not at a linux box right now to test.
I did a little bit of searching to see if there was a pam module or something to avoid someone running sudo passwd root, but I haven't found anything.
You can configure sudo to use the users password. This is the way Fedora Core and other distro's do it by default. The passwd program is suid, and allows a user to change their own password. If you have a simple script that calls the passwd program and resets the password, you can edit sudo so that a member of a particular group and execute that script (and only that script) as root without a password. The /etc/sudoers file has a commented example for mounting cdroms. You could base your command on that. A script could take the username or uid as an argument.
Sudo is used to delegate certain tasks that require root access without sharing the root password. You don't want just any user to be able to reset another's password. That would allow them to reset someone else's password and then log in as that user.
thanks a lot for all your assistance. I like the idea of using a script for this and give sudo permission to it. I will try setup one and see if itīs working
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.