[users]Re: Linux Vs Windows in security (II)

[Derek Broughton]

Chris wrote:

> On Wed, 29 Aug 2007 13:17:00 +0100
> "(``-_-´´) -- Fernando" <ubuntu at bugabundo.net> wrote:
> 
>> On Wednesday 29 August 2007 13:10:36 Chris wrote:
>> > On Wed, 29 Aug 2007 12:19:06 +0100
>> > "(``-_-´´) -- Fernando" <ubuntu at bugabundo.net> wrote:
>> > 
>> > > On Monday 13 August 2007 22:06:32 Cesar Augusto Suarez wrote:
>> > > > so, however, if i  have remote access  by ssh to a linux
>> > > > machine, can i change the root pass if i dont know it? just in
>> > > > case
>> > > 
>> > > Yes you can, as long as the user connecting to the sshd as sudo
>> > > permitions. Just ssh USER at MACHINE
>> > > and then do sudo passwd root
>> > > 
>> > 
>> > Fernando missread your question - The real answer is ...
>> > 
>> > "if i  have remote access  by ssh to a linux machine,
>> > can i change the root pass if i dont know it?"
>> >  
>> > NO - You can't change the root password if you don't know the root
>> > password. You CAN however, IF you DO.
> 
> Let's look at this again - the Op asked if he can change the root
> password he he does not know it.
> 
> That being said - ha can't run sudo without knowing the root password.
> Unless of couse, the admin of the remote box setup sudo to be used
> without a password.
> 
> ARE WE CLEAR ON THAT?

No need to shout, even though we're not clear :-)

That's not how sudo works - sudo asks for _your_ password.
> 
> How can a user use sudo if he does not know the password (assuming the
> root password is needed to use sudo).

He uses his own password, and the administrator determines
(via /etc/sudoers) what commands he will have access to.

So, no, Fernando did not misread the question.
-- 
derek