Restricing sudo users from 'su -'

TD Clark · ‎04-22-2002

Hi all... I couldn't find any information on this in the man pages so I thought I'd try the forum. We'd like to give certain users access to every command (i.e. ALL=NOPASSWD: ALL), but we want to restrict them from logging in as root from sudo (i.e. sudo su -). Is this possible?

Thanks a bunch!

MANOJ SRIVASTAVA · ‎04-22-2002

Hi Todd

There is a simple way to do that ; here is a script we use for the user not to login as root , this can be expanded and used to restrict selective users too. These lineas are to be inserted in /etc/profile .

loginid=`who am i | awk '{print $1}'`

echo $loginid
if [ $loginid = root ]
then
exit
fi

Manoj Srivastava

S.K. Chan · ‎04-22-2002

This has good examples on how to configure your sudoers file to achieve what you want ..

http://www.courtesan.com/sudo/man/sudoers.html#examples

From the manual .. (some examples ..)
jen ALL, !SERVERS = ALL
The user jen may run any command on any machine except for those in host SERVERS

jill SERVERS = /usr/bin/, !SU, !SHELLS
For any machine in the SERVERS Host_Alias, jill may run any commands in the directory /usr/bin/ except for those commands belonging to the SU and SHELLS Cmnd_Aliases.

TD Clark · ‎04-22-2002

Thanks guys!

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Restricing sudo users from 'su -'

Restricing sudo users from 'su -'

Re: Restricing sudo users from 'su -'

Re: Restricing sudo users from 'su -'

Re: Restricing sudo users from 'su -'