[sudo-users] preventing user "bob" from executing sudo at all

Felipe Alvarez felipe.alvarez at gmail.com
Wed Mar 3 05:20:37 EST 2010

> The best way to prevent a user from ever having any
> permissions to sudo
> anything is to just to never put the user in the file,
> and avoid putting him in any groups which are
> enabled for any operations.

Thank you for all the replies
Bob doesn't exist, so he hasn't done anything wrong. I'm working on a
security project, and need to secure the server from local accounts,
not only Web/PHP/SQL attacks, but shell access, too. I need to lock
down the account as much as possible.
Is there a way to stop "sudo -s" or "sudo -i"
Does sudoers prevent _everyone_ from using sudo, except for the users
and the binaries (or scripts, files, executables) that I explicitly
allow? Does this mean "sudo -s" and/or "sudo -i" are _disabled_ by
default, until I explicitly enable them?


More information about the sudo-users mailing list