How to disable vyos to change root's passwd

ackema · July 1, 2022, 5:30am

Hello,

I’m using vyos1.4.

I found user vyos can change root’s paswd by sudo passwd anytime, even through I disable it in /etc/sudoers.d /vyos like this:

# Allow any user to run files in sudo-users
%users ALL=NOPASSWD: /opt/vyatta/bin/sudo-users/,!/usr/bin/sudo passwd

# Allow members of group sudo to execute any command
%sudo ALL=NOPASSWD: ALL,!/usr/bin/sudo passwd

vyos@vyos:~$ /usr/bin/sudo passwd
New password: 
Retype new password: 
passwd: password updated successfully
vyos@vyos:~$

Is there any method to forbid user vyos to change root’s passwd?

c-po · July 1, 2022, 9:19am

Unfortunately this is how Linux works …

linux - Prevent SUDO from executing passwd - Super User.