sudoers file : prevention of su to root

Parson, David David.Parson at
Mon Oct 8 15:37:58 EDT 2001


I have been trying to write a generic sudoers file to prevent most folks
{note: most, but not all} from doing a "su -, su, ...". I think you get the
idea in that in most cases don't care if folks use "sudo su someone", but
that they be prevented from doing any kind of su to root shell.

Someone was kind enough to send me the syntax with some ideas on how to
implement this, but some of the syntax won't work and what does will not
prevent a su to root.



-----Original Message-----
From: Matthew Hannigan [mailto:mlh at]
Sent: Monday, October 08, 2001 12:14 PM
To: sudo-users at
Subject: [Fwd: equiv of "su -"]


mlh at wrote:
> All,
> I want sudo root shell to run .profile.
> What is the sudo equivalent to "su -" ?
> Besides "sudo su -" that is.  Because
> for RUNAS users, you would have to allow
> them to run su as root, and restrict them
> somehow to su - RUNASUSER.
> Regards,
>  -Matt
> ---------------------------------------------
> This message was sent using Endymion MailMan.
sudo-users mailing list <sudo-users at>
For list information, options, or to unsubscribe, visit:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/sudo-users/attachments/20011008/144f3878/attachment.html>

More information about the sudo-users mailing list