[sudo-users] restricting access to commands

Micha codejodler at gmx.ch
Fri May 26 16:35:36 EDT 2006

I'm sorry this question is rather about su than sudo,
or about execute permissions generally. 

There is a guest account on my working box, a relict from 
the time when occasional visitors without laptop were doing 
their own stuff there. I kept it as unprivileged to eventually 
validate remote access and permissions.

Yesterday i was puzzling about restricting access to some
programs for this account only. For example, i hope it can 
live without 'su' (even X and desktop session ?), and i can
setup anything more with sudo instead. 
I also don't want this account to be able list dotfiles at all.

I was thinking about replacing these commands (su and ls)
with custom aliases or functions, but my first trials lead to
lots of confusing errors, including a crashing session with 
locked keyboard and mouse (!) so i had to reboot. 
I think i need a better understanding.
Does sudo rely on 'su' ? 
What is the difference at all between sudo and su -c ? 
What would be a good approach to prohibit certain commands ?


More information about the sudo-users mailing list