[sudo-users] allow / deny su
jan.albrecht at gmail.com
Thu Oct 19 12:07:47 EDT 2006
maybe anyone of you has an idea:
I wan't to allow some of my users to change users via su (to administer
their own users) but not change via su to root shell.
Now if I use this command alias:
Cmnd_Alias SU = !/bin/su, /bin/su %group, /bin/su - %group,
!/bin/su - root, !/bin/su root, !/bin/su -
it does not work.
In this case no su command is allowed (which does make sense as I
disallowed su) but in all other combinations it worked except for "sudo
-u root su". su assumes in this case root and switches to root shell.
And thats what I want to prevent.
Has anyone an idea how to solve this? Or maybe has an another idea?
More information about the sudo-users