disable "sudo su"
Alan Pope
alan at popey.com
Wed Mar 14 13:04:34 UTC 2007
On Wed, Mar 14, 2007 at 06:25:34PM +0530, Sumith augustine wrote:
> Hi all,
>
>
> Inorder to get the log of all the commands used by the users i ve added them
> in my /etc/sudoers file by adding a line
> "%username ALL=(ALL) ALL".
>
> I did this because i want them to ve root previlage, but at the same time i
> dont want them to use the command "sudo su" :-)
> How can i dissable "sudo su" ?
>
You are better of specifying exactly what commands you *do* want them to use
rather than those that you don't:-
For example:-
alan at wopr:~$ pg testfile
This is just a plain text file
alan at wopr:~$ whoami
alan
alan at wopr:~$ pg testfile
This is just a plain text file
(EOF):!/bin/bash
alan at wopr:~$ whoami
alan
alan at wopr:~$ sudo pg testfile
Password:
This is just a plain text file
(EOF):!/bin/bash
root at wopr:~# whoami
root
root at wopr:~# \o/
Many programs have the ability to "shell out" as I did there with the
exclamation mark. They could all lead to people getting root access.
Cheers,
Al.
More information about the ubuntu-users
mailing list