Prevent linux user from changing their password in ssh
Solution 1
Do chmod go-rx /usr/bin/passwd
Normal users can then not run passwd. If you want some users to be able to, you can put them in a special group perhaps.
Solution 2
passwd -n 9999 user
will prevent user
from changing his password for almost 274 years.
If you want to have passwordless user
, which is unable to change his password, open /etc/shadow
as root, find the line which begins with the name of the user, and change the content between first and second colon to U6aMy0wojraho
.
(source: https://help.ubuntu.com/community/PasswordlessGuestAccount)
Related videos on Youtube
Vreality
Github Profile I love coding in python, C, C++, php, etc but I can code in Java. I have interests in (obviously) programming, robotics, photography, hiking, soccer, Linux, and anything intriguing and challenging that I have time for. Favorite Quotes: "There are 11 types of people in the world. Those who don't understand binary, those who think that they understand binary, and Jon Skeet." "The dictionary is the only place where success comes before work." – Mark Twain "Choose a job you love, and you will never have to work a day in your life." - Confucius "The man who does not read good books has no advantage over the man who can't read them." - Mark Twain "Wisdom tends to grow in proportion to one's awareness of one's ignorance." - Anthony de Mello "He who talks more is sooner exhausted."- Lao Tsu "Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program." - Linus Torvalds "A computer is like air conditioning: it becomes useless when you open windows." - Linus Torvalds
Updated on September 18, 2022Comments
-
Vreality over 1 year
How can I prevent users from changing their passwords? I still want to be able to change the passwords as root if necessary but keep the user from changing their password.
-
jackcogdill over 11 yearsThis question may be useful
-
Mawg says reinstate Monica over 11 yearsChmod the passwd command so that only you can execute it
-
Kevin Versfeld over 11 yearsWhy would you want to lower user security?
-
Vreality over 11 years@mdpc I don't. I plan on changing the password periodically, but I need it to be changed by me because it is a shared account and I don't want someone to change the password without the other people who have access being notified.
-
-
f.ardelian almost 11 yearsWould this still work?
cp /usr/bin/passwd . ; chmod +x ./passwd ; ./passwd
-
JamesTheAwesomeDude over 10 years@f.ardelian The thing is,
passwd
has some special magic called "setuid" on it - that means that when someone runs the file, they're running it as its owner (namely, root.) This allows normal users to change the/etc/shadow
file containing the passwords. If you were to copy the file to a user's home directory, it would no longer be setuid, and therefore no longer be automatically run with root priviledges. To learn more, look up information about "Unix permissions" and "setuid". -
f.ardelian over 10 years@JamesTheAwesomeDude Thanks, that was very informative!