1

When i tried to set the password complexity by adding the values in /etc/pam.d/common-password and /etc/security/pwquality.conf. I have set the minlen=8, for other user it works fine for root user its not working.

How i can set the minlen=8 for root user.

Improve this question
1
  • Reminder: root can change the config anytime. Commented Jul 24, 2023 at 10:18

1 Answer 1

Reset to default
2

This is answered in the man page:

enforce_for_root

The module will return error on failed check even if the user changing the password is root. This option is off by default which means that just the message about the failed check is printed but root can change the password anyway.

Simply add enforce_for_root to a line by it self in /etc/security/pwquality.conf.

Note that root can bypass this more or less at will by injecting their password hash. There's ultimately few things that stops root from ignoring configuration on Linux.

Improve this answer
5
  • i have added enforce_for_root in /etc/pam.d/common-password, still root password length was not accepting. pam_pwquality.so retry=3 enforce_for_root Commented Jul 24, 2023 at 10:23
  • Not sure I grok your comment? Commented Jul 24, 2023 at 11:47
  • Tell me where i need to add enforce_for_root. Commented Jul 24, 2023 at 12:06
  • Maybe reading the provided link could help? Commented Jul 24, 2023 at 12:37
  • @Thamizh answer updated :) Commented Jul 24, 2023 at 20:23

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.