[sudo-users] sudoers exception failure with root

Mike iminneed at gmail.com
Wed Aug 31 14:53:23 EDT 2005

I need some help understanding why sudo isn't allowing me to prevent 
users from logging on as root. I looked in the  posts archives and 
didn't see anything so I'm sorry if this is a recursive post. I followed 
the example in the sudoers manual and yet I'm still allowed to login as 
root. Here is a few lines of the sudoers file that should have the 
proper syntax, any help would be appreciated:

ADMIN           ALL=(ALL)       /usr/local/bin/, /usr/local/sbin/, \
                                /usr/bin/, /usr/sbin/, \
                                /bin/, /sbin/, \
                                /etc/, \
                                /bin/su [-]?*, !/bin/su [-]*root*, \
                                /usr/sbin/su [-]?*, !/usr/sbin/su 
[-]*root*, \
                                /usr/local/scripts/, \
                                /usr/local/scripts/backup/, \
                                !/usr/sbin/visudo, !/usr/local/bin/visudo, \
                                !/sbin/visudo, \
                                !/usr/bin/passwd root, \
                                !/etc/passwd root

There are no further instances of  /bin, /sbin  any where else in the file.

In reading through other posts,  I understand that the processing of 
request is the last item seen is the item that wins. I am at a loss as 
to how to deny user to logon as root.

Thank you for your time.


More information about the sudo-users mailing list