-3

A few days ago, we were connected to a xenserver through ssh (user root) from 2 different stations. And we tried passwd, and we changed the root password to 2 different passwords simultanously. And we were a little confused why it didn't ask the current password before accepting the new one. And as expected the last given password is working and the one who could kick the other out to change it is the winner...!

How can I manage a way that the current password have to be asked?

SonOfSun
  • 99
  • 6

1 Answers1

4

What security problem? If you have 2 devices logged in as root and you're worried about one changing the password before the other you have bigger issues to worry about. Just so you know, the password and shadow files are owned by root, so if someone is logged in as root they can do whatever they want to the password. They don't even need to worry about using passwd to change anything.

william
  • 146
  • 4
  • First question was nothing.. I was looking for the second one actually... And what is this attitude with a newbie..? All of experts was once a newbie.. It's better help a newbie, instead of a downvote.. – SonOfSun Jul 20 '15 at 10:34
  • 3
    I didn't downvote. I'm just saying if you give someone root access to your box, they have ALL the permissions. If they want to wipe the system, they can. If they want to change the password, they can. – william Jul 20 '15 at 10:44
  • ok. suppose that there are 2 or more admins, as it actually happens sometimes. – SonOfSun Jul 20 '15 at 10:47
  • 3
    You'll either need to trust those admins with root access (full control), or setup low privilege accounts for them and make them use sudo for administrative tasks. If it's setup properly they won't be able to change passwords with sudo or delete logs, and sudo can provide command logs in case you need to make sure they're not running odd commands on the server. – william Jul 20 '15 at 11:02