Restrict certain command options The 2019 Stack Overflow Developer Survey Results Are...
Straighten subgroup lattice
Old scifi movie from the 50s or 60s with men in solid red uniforms who interrogate a spy from the past
"as much details as you can remember"
How come people say “Would of”?
Is it correct to say the Neural Networks are an alternative way of performing Maximum Likelihood Estimation? if not, why?
Can withdrawing asylum be illegal?
Correct punctuation for showing a character's confusion
Will it cause any balance problems to have PCs level up and gain the benefits of a long rest mid-fight?
What is the most efficient way to store a numeric range?
Match Roman Numerals
What do I do when my TA workload is more than expected?
Why doesn't shell automatically fix "useless use of cat"?
Is it ethical to upload a automatically generated paper to a non peer-reviewed site as part of a larger research?
Dropping list elements from nested list after evaluation
Can there be female White Walkers?
ODD NUMBER in Cognitive Linguistics of WILLIAM CROFT and D. ALAN CRUSE
Flight paths in orbit around Ceres?
Can a flute soloist sit?
If a sorcerer casts the Banishment spell on a PC while in Avernus, does the PC return to their home plane?
Kerning for subscripts of sigma?
If I score a critical hit on an 18 or higher, what are my chances of getting a critical hit if I roll 3d20?
Relationship between Gromov-Witten and Taubes' Gromov invariant
How do PCB vias affect signal quality?
Is an up-to-date browser secure on an out-of-date OS?
Restrict certain command options
The 2019 Stack Overflow Developer Survey Results Are InSudoers blacklisthow to restrict users not to login to root by using sudo -i and sudo su - and other if existsHow to restrict an SSH user to only allow SSH-tunneling?Specific command sequence with sudo and file permissionsHow to restrict to run commands in specific directory through SUDOERS?Restrict standard users to run a command with a specific argumentDisable some programs from sudorestrict private apt repository with rssh - why does apt-get try /bin/sh?How to restrict su from root to nis clientsHow to restrict user from doing su to another user apart from rootEnabling sudo rights to user accounts and disabling root access globallyDoes sudo restrict on which users can acquire superuser privileges?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
How can I restrict a user from executing sudo -su? I.e., disable this -su option for sudo allowed users.
linux shell sudo
edited 11 hours ago
fra-san
2,1021721
asked 13 hours ago
AVSAVS
29116
|
show 7 more comments
How can I restrict a user from executing sudo -su? I.e., disable this -su option for sudo allowed users.
linux shell sudo
edited 11 hours ago
fra-san
2,1021721
asked 13 hours ago
AVSAVS
29116
2
You can not.sudouser can run anything as user root, why is there a need to do this anyways? You should reconsider your security concept.
– RoVo
13 hours ago
You can always rename or delete thesudobinary. I think you need to describe your problem a lot better with many more details.
– Bananguin
12 hours ago
@RoVo this is not true.sudoallows for quite fine grained management. Of course nothing sensible would prevent a user from typingsudo -suin a shell.
– Bananguin
12 hours ago
While you are able to restrict whatsudois allowed to do insudoersfile,sudousers can change that to whatevery they like. So technically you might be right, but practically you're not.
– RoVo
12 hours ago
Possible duplicate of how to restrict users not to login to root by using sudo -i and sudo su - and other if exists
– RoVo
12 hours ago
|
show 7 more comments
How can I restrict a user from executing sudo -su? I.e., disable this -su option for sudo allowed users.
linux shell sudo
edited 11 hours ago
fra-san
2,1021721
asked 13 hours ago
AVSAVS
29116
How can I restrict a user from executing sudo -su? I.e., disable this -su option for sudo allowed users.
linux shell sudo
linux shell sudo
edited 11 hours ago
fra-san
2,1021721
asked 13 hours ago
AVSAVS
29116
edited 11 hours ago
fra-san
2,1021721
asked 13 hours ago
AVSAVS
29116
edited 11 hours ago
fra-san
2,1021721
edited 11 hours ago
fra-san
2,1021721
edited 11 hours ago
fra-san
2,1021721
2,1021721
asked 13 hours ago
AVSAVS
29116
asked 13 hours ago
AVSAVS
29116
asked 13 hours ago
AVSAVS
29116
29116
2
You can not.sudouser can run anything as user root, why is there a need to do this anyways? You should reconsider your security concept.
– RoVo
13 hours ago
You can always rename or delete thesudobinary. I think you need to describe your problem a lot better with many more details.
– Bananguin
12 hours ago
@RoVo this is not true.sudoallows for quite fine grained management. Of course nothing sensible would prevent a user from typingsudo -suin a shell.
– Bananguin
12 hours ago
While you are able to restrict whatsudois allowed to do insudoersfile,sudousers can change that to whatevery they like. So technically you might be right, but practically you're not.
– RoVo
12 hours ago
Possible duplicate of how to restrict users not to login to root by using sudo -i and sudo su - and other if exists
– RoVo
12 hours ago
|
show 7 more comments
2
You can not.sudouser can run anything as user root, why is there a need to do this anyways? You should reconsider your security concept.
– RoVo
13 hours ago
You can always rename or delete thesudobinary. I think you need to describe your problem a lot better with many more details.
– Bananguin
12 hours ago
@RoVo this is not true.sudoallows for quite fine grained management. Of course nothing sensible would prevent a user from typingsudo -suin a shell.
– Bananguin
12 hours ago
While you are able to restrict whatsudois allowed to do insudoersfile,sudousers can change that to whatevery they like. So technically you might be right, but practically you're not.
– RoVo
12 hours ago
Possible duplicate of how to restrict users not to login to root by using sudo -i and sudo su - and other if exists
– RoVo
12 hours ago
2
2
You can not.
sudo user can run anything as user root, why is there a need to do this anyways? You should reconsider your security concept.– RoVo
13 hours ago
You can not.
sudo user can run anything as user root, why is there a need to do this anyways? You should reconsider your security concept.– RoVo
13 hours ago
You can always rename or delete the
sudo binary. I think you need to describe your problem a lot better with many more details.– Bananguin
12 hours ago
You can always rename or delete the
sudo binary. I think you need to describe your problem a lot better with many more details.– Bananguin
12 hours ago
@RoVo this is not true.
sudo allows for quite fine grained management. Of course nothing sensible would prevent a user from typing sudo -su in a shell.– Bananguin
12 hours ago
@RoVo this is not true.
sudo allows for quite fine grained management. Of course nothing sensible would prevent a user from typing sudo -su in a shell.– Bananguin
12 hours ago
While you are able to restrict what
sudo is allowed to do in sudoers file, sudo users can change that to whatevery they like. So technically you might be right, but practically you're not.– RoVo
12 hours ago
While you are able to restrict what
sudo is allowed to do in sudoers file, sudo users can change that to whatevery they like. So technically you might be right, but practically you're not.– RoVo
12 hours ago
Possible duplicate of how to restrict users not to login to root by using sudo -i and sudo su - and other if exists
– RoVo
12 hours ago
Possible duplicate of how to restrict users not to login to root by using sudo -i and sudo su - and other if exists
– RoVo
12 hours ago
|
show 7 more comments
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f511904%2frestrict-certain-command-options%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f511904%2frestrict-certain-command-options%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
You can not.
sudouser can run anything as user root, why is there a need to do this anyways? You should reconsider your security concept.– RoVo
13 hours ago
You can always rename or delete the
sudobinary. I think you need to describe your problem a lot better with many more details.– Bananguin
12 hours ago
@RoVo this is not true.
sudoallows for quite fine grained management. Of course nothing sensible would prevent a user from typingsudo -suin a shell.– Bananguin
12 hours ago
While you are able to restrict what
sudois allowed to do insudoersfile,sudousers can change that to whatevery they like. So technically you might be right, but practically you're not.– RoVo
12 hours ago
Possible duplicate of how to restrict users not to login to root by using sudo -i and sudo su - and other if exists
– RoVo
12 hours ago