You are not logged in.

#1 2023-09-29 10:10:33

quellen
Member
From: Italy
Registered: 2014-05-24
Posts: 316

Prevent root from change my user password

hello
How can I make it so that root can't change my password?


sorry for my bad english

Offline

#2 2023-09-29 11:52:28

loqs
Member
Registered: 2014-03-06
Posts: 18,135

Re: Prevent root from change my user password

quellen wrote:

How can I make it so that root can't change my password?

You want root to not be able to change the password of users other than root?  root is expected to be able to change the password of any user [1].   root is also the owner of /etc/shadow so can directly change the password without using passwd.

[1] https://man.archlinux.org/man/passwd.1

Offline

#3 2023-09-29 13:27:31

seth
Member
Registered: 2012-09-03
Posts: 59,897

Re: Prevent root from change my user password

This is probably an https://en.wikipedia.org/wiki/XY_problem

@quellen, why do you think you want to prevent UID0 from changing some password (or, frankly, do anything)?
You cannot effectively prevent UID0 from doing anything. The root user is the omnipotent god of that system.
You can somewhat protect /etc/shadow from accidental changes, but whatever you can do to this effect, the root can undo. Always.

Offline

#4 2023-09-29 14:32:01

Docbroke
Member
From: India
Registered: 2015-06-13
Posts: 1,438

Re: Prevent root from change my user password

Disable root user account.

Offline

#5 2023-09-29 14:47:37

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,330
Website

Re: Prevent root from change my user password

Docbroke wrote:

Disable root user account.

Huh?  That's not possible.  And if it was, it would render the system unmaintainable.

You can disable root login from certain vectors, but the root account will still be there.


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#6 2023-09-29 19:12:37

ayekat
Member
Registered: 2011-01-17
Posts: 1,611

Re: Prevent root from change my user password

Potentially root could be prevented from just (trivially) changing a user's password if the user isn't system-local, but managed in a directory service (LDAP, AD, …).

But… yeah, OP hasn't explain what they actually want.


pkgshackscfgblag

Offline

Board footer

Powered by FluxBB