[sudo-users] allow / deny su

Jan Albrecht jan.albrecht at gmail.com
Thu Oct 19 12:07:47 EDT 2006

Hi all,

maybe anyone of you has an idea:

I wan't to allow some of my users to change users via su (to administer
their own users) but not change via su to root shell.
Now if I use this command alias:

Cmnd_Alias      SU =    !/bin/su, /bin/su %group, /bin/su - %group,
!/bin/su - root, !/bin/su root, !/bin/su -

it does not work.
In this case no su command is allowed (which does make sense as I
disallowed su) but in all other combinations it worked except for "sudo
-u root su". su assumes in this case root and switches to root shell.
And thats what I want to prevent.

Has anyone an idea how to solve this? Or maybe has an another idea?


More information about the sudo-users mailing list