[sudo-users] Disable sudo -i

Mark Janssen maniac.nl at gmail.com
Tue Apr 3 06:34:16 EDT 2012

On Tue, Apr 3, 2012 at 7:47 AM, Gurveer Singh <singh.gurveer88 at gmail.com>wrote:

> Hello Everyone,
> Does anyone know, how to disable sudo -i.
> Because i gave sudo ALL permission to a user and Now user is able to get
> root prompt using " *sudo -i* ".

That's what 'ALL' does...

It also allows the following (non complete list) of ways of getting a root

sudo -s
sudo $EDITOR (and then shell-escape)
sudo ~user/some-shell-script that exec's a shell
sudo visudo (and then edit their rights)
sudo vi /etc/passwd, and create/edit a root-equivalent account


Basically, don't give users 'ALL' rights if you don't want to give them the
root password or equivalent.

Mark Janssen  --  maniac(at)maniac.nl
Unix / Linux Open-Source and Internet Consultant
Maniac.nl Sig-IO.nl Vps.Stoned-IT.com

More information about the sudo-users mailing list