[sudo-users] preventing user "bob" from executing sudo at all

Charles Marshall charles at wozi.com
Tue Mar 2 21:11:40 EST 2010

The best way to prevent a user from ever having any permissions to sudo anything is to just to never put the user in the file, and avoid putting him in any groups which are enabled for any operations.

As for the preventing him from running setUID programs, I don't know that there is a good way to prevent that, because since it's setUID it doesn't need sudo to execute them.  Others can correct me if I'm wrong, but removing the setuid bits from those things probably won't do any good for your other users, and may impact normal operation of the system.  

Hope this helps,

On Mar 2, 2010, at 7:45 PM, Felipe Alvarez wrote:

> Hi list
> I want to prevent 'bob' from using sudo entirely. What should I type
> into /etc/sudoers (via visudo)? I want 'bob' to never gain root
> privileges, never use 'su', and never run anything as root user.
> Perhaps not related to sudo but ... If possible, I'd also like to
> prevent 'bob' from running mount, passwd, or any setUID program.
> Felipe
> ____________________________________________________________ 
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

Charles Marshall
charles at wozi.com

More information about the sudo-users mailing list