[sudo-users] su except root
Nick Hasser
nick.hasser at gmail.com
Tue Jul 7 16:28:36 EDT 2009
Thornton, Don wrote:
> Add the folling lines (visudo) to your /etc/sudoers file:
>
> User_Alias NON_ROOT = APistocc, DThornto
>
> Cmnd_Alias SU_TO_ROOT = /usr/bin/su, /usr/bin/su -, /usr/bin/su root,
> /usr/bin/su - root
>
> NON_ROOT ALL=(ALL) ALL, !SU_TO_ROOT
>
I'm fairly new to configuring sudo, so maybe I'm missing something here,
but this does not prevent me from su'ing to root since I can:
$ cp /usr/bin/su $HOME/su
$ cd $HOME
$ sudo ./su -
The more secure implementation would to be whitelist a set of commands
instead of blacklisting the su command, correct?
Nick
More information about the sudo-users
mailing list