How to give a normal user permission to change root password

command-line security password

10,755

Solution 1

Don't do that... you can either give them root's password or you could execute sudo passwd root (this assumes that sudo is set to use the users password or no password, and that passwd is a command that sudo has authorized to be run by that user).

Solution 2

sudo is the swiss-army knife of customized permissions. You could ask the user to run

sudo /usr/bin/passwd root

To see how this might be enabled, here's a related example from the sudoers(5) manpage.

pete           HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root

The user pete is allowed to change anyone's password except for root on the 
HPPA machines.  Note that this assumes passwd(1) does not take multiple 
usernames on the command line.

You'll have to invert the logic to achieve your ends, of course. So, you would execute the visudo, and add a line like

user ALL = /usr/bin/passwd root

to /etc/sudoers.

Solution 3

If you don't trust the owner of the root account then there's probably no way to prevent that root user from removing this special permission. If you do trust the root user then just ask him for the current password.

Solution 4

Maybe you can add this line to the sudoer file (using visudo), replacing phunehehe with the username.

phunehehe localhost = NOPASSWD: /usr/bin/passwd

I don't know if that breaks your condition of a "normal user", though, because after that he/she has so much power.

EDIT: as per xenoterracide's comment :)

Solution 5

Can't he use run level 1 to change root password?

What I have in mind is

Set grub password so that not every user can change the run level at boot time.
This password is given to the normal user who might need to change root password in future.
Now if needs arise to change the root password, he can modify grub parameters at boot time. Press 'a', give grub password and then give 1, so that machine boots into run level 1.
Once in run level 1, he can change root password.

The obvious disadvantage of this procedure is that machine has to be rebooted and while its in run level 1, it will be offline.

Kindly mention the flaws that you find in this procedure.

View more solutions

10,755

Amree

Updated on September 17, 2022

Comments

Amree over 1 year

Please do not ask why, but is it possible to do it?

p/s: I know it's not a good thing, let's just say someone from the top management who is computer illiterate want some sort of control over the server.
- Kurt over 13 years
  
  Don't we have an 'evil' tag? :P
- Dean Hill over 13 years
  
  Can't resist. Why?
- Admin over 13 years
  
  giving a user the right to change the root password is the same as giving them full root access, so why bother giving them "only" password-changing access?
- ElBel over 13 years
  
  He probably heard the story about the San Francisco network admin. It's not that stupid, if he can be trusted to use this power only in such an emergency.
- Stefan over 13 years
  
  @starblue, what story of the San Francisco network admin?
- msw over 13 years
  
  This question is pretty meaningless without a why. It's much easier to create a SUID trojan shell and hide it someplace that looks reasonable but boring (this also works for hiding contraband from your parents, aurorius (without the SUID bit, which doesn't do much for contraband)).
- ElBel over 13 years
  
  en.wikipedia.org/wiki/Terry_Childs
- imz -- Ivan Zakharyaschev almost 13 years
  
  @hop: I could imagine the following situation where there is a difference. What if someone else who has access to root changes root's password? Then, if you knew the old password, you don't have the access anymore. But if you still can change the password as another user, it's "ok". Of course, if the password change was intentional, the changer could also disable this user to a degree wished. Also, there are often other ways to overcome loosing the root's password, such booting another OS and mounting the partition, and changing the password then. Back to the Q a 2nd root (eg,toor) might work.
- Admin almost 13 years
  
  @imz: you are confusing authorization with authentication. if the boss' authentication is not done via the root password, his authorization to do root stuff is not depending on him knowing the root password either.
- imz -- Ivan Zakharyaschev almost 13 years
  
  @hop: yes, I agree with you. In my mind, I simplified "giving them full root access" to "giving them the password to authenticate themsleves as root" when I read your comment. If understood in the precise way, your words are not something that makes my comment relevant.
- G-Man Says 'Reinstate Monica' over 2 years
  
  There are two elephants in the room.   (1) The smaller one is a question: How is the system configured? Is it configured to use both sudo and su? If su is disabled, what good does the root password do? And, if you don’t have sudo enabled, that knocks out the best answer.   (2) There’s a big, obvious difference between “giving them full root access” and this. With “full root access”, the person can do anything, any time, possibly without being detected. With this “change the password” hack, it will (probably) be obvious if they do it. … (Cont’d)
- G-Man Says 'Reinstate Monica' over 2 years
  
  (Cont’d) … (This gets back to elephant #1 — if everybody else uses sudo, will they notice if the root password has been changed? You could add a tripwire so all the regular sysadmins get notified when the manager does this.) It’s like having a locked door with a breakable window — you allow emergency access, but you make it obvious that the access has been taken.
- U. Windl over 2 years
  
  Please explain "some sort of control "! You can have as many super-users as you like; they do not depend on the name root but on the UID 0. Let the slaughter begin ;-)
xenoterracide over 13 years

I don't know why you'd think he'd need this. He didn't ask you to make it passwordless. why reduce the security of the system more than necessary if you're doing anyting like this it should be user localhost = NOPASSWD: /usr/bin/passwd which would limit the security accesss to just that.
G-Man Says 'Reinstate Monica' over 2 years

(1) This is wordy and unclear. (2) More importantly, it more-or-less duplicates a couple of old answers without explaining the differences. Is your answer better than the others? If so, why? (3) Please don’t tell people to edit their /etc/sudoers file with echo and >>.
G-Man Says 'Reinstate Monica' over 2 years

What does “the owner of the root account” mean? Are you suggesting that Ralph Oot might be given the username “root” (like in the current TV commercial, where the robot goes to a coffee shop, and the barista labels his cup “Rob Ott”)? (Believe it or not, I wrote this comment before I took a good look at your identicon image.)
G-Man Says 'Reinstate Monica' over 2 years

But you and I seem to be interpreting this question in totally different ways. You seem to believe that it’s about protecting the system against a rogue sysadmin who might change the root password and not tell anybody the new password. I believe that it’s about giving a manager immediate emergency access to root privilege at off-hours, without needing to bother anybody immediately.
potsed over 2 years

@g-man the only control you have is trust. If you trust your admins, they can set up a system that provides enough access control, like sharing the root password or adding a certain user to sudoers. But if you don't trust your admins there's nothing you can do to stop them from messing up your system. Hence just sharing the root password. 12 years later I would add "design your network with disaster recovery including losing access to certain accounts or systems" but ultimately there are some keys which need to be shared.