Hi

I want to create one Normal user who can create user,mod user,del user but he can not change root password, I have configured sudo but problem is same , I dont want user can change root password

To create a new account manually, follow these steps:


Edit /etc/passwd with vipw and add a new line for the new account. Be careful with the syntax. Do not edit directly with an editor! vipw locks the file, so that other commands won't try to update it at the same time. You should make the password field be `*', so that it is impossible to log in.


Similarly, edit /etc/group with vigr, if you need to create a new group as well.


Create the home directory of the user with mkdir.


Copy the files from /etc/skel to the new home directory.


Fix ownerships and permissions with chown and chmod. The -R option is most useful. The correct permissions vary a little from one site to another, but usually the following commands do the right thing:


Set the password with passwd.

After you set the password in the last step, the account will work. You shouldn't set it until everything else has been done, otherwise the user may inadvertently log in while you're still copying the files.

Also see this page:
http://www.yolinux.com/TUTORIALS/Lin...ingGroups.html

How did you configure sudo. You can have these commands explicitly included in /etc/sudoers. This will allow you to delegate permissions to run these programs without giving them the root password or allowing the use of su. However the usermod program allows a user to change a password with the -p option. So either you need to choose someone you can trust or don't delegate the right to use usermod.

I may have missed something with usermod, such as PAM which might be used in the process.
Also download the source package for your distro. Check if any build options can remove the -P option or afford protection against modifying the root account. Running "./configure --help" usually supplies this information.