[sudo-users] restricting access to commands
codejodler at gmx.ch
Fri May 26 16:35:36 EDT 2006
I'm sorry this question is rather about su than sudo,
or about execute permissions generally.
There is a guest account on my working box, a relict from
the time when occasional visitors without laptop were doing
their own stuff there. I kept it as unprivileged to eventually
validate remote access and permissions.
Yesterday i was puzzling about restricting access to some
programs for this account only. For example, i hope it can
live without 'su' (even X and desktop session ?), and i can
setup anything more with sudo instead.
I also don't want this account to be able list dotfiles at all.
I was thinking about replacing these commands (su and ls)
with custom aliases or functions, but my first trials lead to
lots of confusing errors, including a crashing session with
locked keyboard and mouse (!) so i had to reboot.
I think i need a better understanding.
Does sudo rely on 'su' ?
What is the difference at all between sudo and su -c ?
What would be a good approach to prohibit certain commands ?
More information about the sudo-users