disable "sudo su"
Matthew Flaschen
matthew.flaschen at gatech.edu
Wed Mar 14 22:26:47 UTC 2007
Alan Pope wrote:
> On Wed, Mar 14, 2007 at 06:25:34PM +0530, Sumith augustine wrote:
>> Hi all,
>>
>>
>> Inorder to get the log of all the commands used by the users i ve added them
>> in my /etc/sudoers file by adding a line
>> "%username ALL=(ALL) ALL".
>>
>> I did this because i want them to ve root previlage, but at the same time i
>> dont want them to use the command "sudo su" :-)
>> How can i dissable "sudo su" ?
>>
>
> You are better of specifying exactly what commands you *do* want them to use
> rather than those that you don't:-
Also, you don't need to allow any text viewing programs, which are
vulnerable to privilege escalation (forget shell escapes; emacs has
built-in shells). Instead, only allow sudoedit, which doesn't run any
other program as root.
Matthew Flaschen
More information about the ubuntu-users
mailing list