How can I prevent a user from changing their password?

password sudo authentication
5,382

Solution 1

Change the password minimum age:

sudo chage -m 99999 <username>

If the user is clever enough and he has sudo priviledges, you'll have a hard time trying to stop him. If you remove passwd permissions he could fix it running sudo chmod u+xs /usr/bin/passwd. If you rename passwd file he could fix it running sudo apt-get install --reinstall passwd.

I think all you could do is to give a group (or a user) the rights to run specifics commands. If you allow them to run arbitrary commands and you try to deny them running specific commands like passwd, bash or anything "harmful", that could be easily bypassed by cp /bin/bash ~/myshell; sudo ./myshell.

Solution 2

To avoid a user from running the passwd command, just make it non-executable for everyone but root.

sudo chmod o-x /usr/bin/passwd

Don't forget, there are more ways to change a password other than with Terminal!

Also visit https://help.ubuntu.com/community/BasicChroot to see if this helps

Solution 3

chmod u-s /usr/bin/passwd

might work

Share:
5,382

Related videos on Youtube

Sparr
Author by

Sparr

I am the typical "computer nerd", with skills in a number of programming languages and a wide range of computer hardware and software.

Updated on September 18, 2022

Comments

  • Sparr
    Sparr over 1 year

    I want to prevent a user from changing their own password. Additionally, if possible, I want to prevent them from changing it via sudo.

    • SimplySimon
      SimplySimon almost 11 years
      A good question, I look forward to seeing the answers... I haven't go a clue :)
    • psusi
      psusi almost 11 years
      If they can use sudo, then you can't prevent them from doing anything.
    • Sparr
      Sparr almost 11 years
      @psusi you have a very poor grasp of how sudo works
    • Eric Carvalho
      Eric Carvalho almost 11 years
      Probably @psusi was talking about default sudo config, i.e. the user is member of sudo group.
    • Panther
      Panther almost 11 years
      The only way I know of to restrict root (sudo) would be to use apparmor. See ubuntuforums.org/showpost.php?p=9799756&postcount=5 (you will have to modify that for your needs).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

I cannot enter my password when using sudo to install Sophos AV for Linux
I cannot enter my password in the terminal - can't install packages
Graphical authentication works; why does sudo say my password is wrong?
sudo in the Terminal seems not to accept password input
Passwordless su in a Bash script?
sudo su fails with 'Unable to change to sudoers gid :operation not permitted.' fault
Cannot authenticate without a password
Sudo is not asking for password on Ubuntu 16.04
Terminal problems entering password
Changed root password on my server, now can't login anymore