[sudo-users] Disabling "sudo su" but allow everything else?
jimmy.cr4ckc0rn at gmail.com
Mon Aug 2 12:59:21 EDT 2010
I know it's not the preferred way to go about doing things but I've
got a group of people that ssh into systems with a designated user
account and I want to allow them to do everything on the system other
than doing a 'sudo su' and 'sudo su -'. I've tried the following but
can't seem to get it to work:
User_Alias OKGUYS = userone, usertwo
Cmnd_Alias NON=!/usr/bin/sudo su, !/usr/bin/sudo su -
OKGUYS ALL = NOPASSWD: ALL, NON
Is there a way to actually do this?
More information about the sudo-users