How can I prevent a user from changing their password?
Solution 1
Change the password minimum age:
sudo chage -m 99999 <username>
If the user is clever enough and he has sudo priviledges, you'll have a hard time trying to stop him. If you remove passwd
permissions he could fix it running sudo chmod u+xs /usr/bin/passwd
. If you rename passwd
file he could fix it running sudo apt-get install --reinstall passwd
.
I think all you could do is to give a group (or a user) the rights to run specifics commands. If you allow them to run arbitrary commands and you try to deny them running specific commands like passwd
, bash
or anything "harmful", that could be easily bypassed by cp /bin/bash ~/myshell; sudo ./myshell
.
Solution 2
To avoid a user from running the passwd command, just make it non-executable for everyone but root.
sudo chmod o-x /usr/bin/passwd
Don't forget, there are more ways to change a password other than with Terminal!
Also visit https://help.ubuntu.com/community/BasicChroot to see if this helps
Solution 3
chmod u-s /usr/bin/passwd
might work
Related videos on Youtube
Sparr
I am the typical "computer nerd", with skills in a number of programming languages and a wide range of computer hardware and software.
Updated on September 18, 2022Comments
-
Sparr over 1 year
I want to prevent a user from changing their own password. Additionally, if possible, I want to prevent them from changing it via sudo.
-
SimplySimon almost 11 yearsA good question, I look forward to seeing the answers... I haven't go a clue :)
-
psusi almost 11 yearsIf they can use
sudo
, then you can't prevent them from doing anything. -
Sparr almost 11 years@psusi you have a very poor grasp of how sudo works
-
Eric Carvalho almost 11 yearsProbably @psusi was talking about default sudo config, i.e. the user is member of sudo group.
-
Panther almost 11 yearsThe only way I know of to restrict root (sudo) would be to use apparmor. See ubuntuforums.org/showpost.php?p=9799756&postcount=5 (you will have to modify that for your needs).
-