sudoers file config help

Maubert, Pierre p-maubert at
Wed Sep 19 02:45:08 EDT 2001

This line below let's you doin any su * you want but it blocks su root or su
- or su or su - root
Cmnd_Alias SU=/usr/bin/su [A-z]*,/bin/su [A-z]*,/sbin/su [A-z]*,/usr/bin/su
- [A-z]*,/bin/su - [A-z]*,/sbin/su - [A-z]*,!/usr/bin/su root,!/bin/su
root,!/sbin/su root,!/usr/bin/su - root,!/bin/su - root,!/sbin/su - root

Pierre Maubert, System Administrator   
Texas Instruments France 
Tel: +33 (0)4 93 22 26 81 
Fax: +33(0)4 92 02 46 69 
Email: Pierre Maubert < mailto:p-maubert at <mailto:p-maubert at> > 

-----Original Message-----
From: Parson, David [mailto:David.Parson at]
Sent: Wednesday, September 19, 2001 2:12 AM
To: sudo-users at
Subject: sudoers file config help

I need assistance in setting up the sudoers file in such a way that the user
can run any commands on the 
local machine except su to root {any shell of course}.  I see a way to do
this, but the syntax that I use if not correct.

Any recommendations ? 

This must be secure - in other words no way can this person or persons get
to any root shell. 

I am sure that I can use the same syntax to restrict activities such as "su
- something" in the case where I need to do this as well.

Dave Parson 
PacifiCorp - Unix Enterprise & SAP 
825 NE Multnomah St. LCT: 800 
Portland Oregon  97232 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/sudo-users/attachments/20010919/19b77145/attachment.html>

More information about the sudo-users mailing list