[sudo-users] Disable sudo -i
Mark Janssen
maniac.nl at gmail.com
Tue Apr 3 06:34:16 EDT 2012
On Tue, Apr 3, 2012 at 7:47 AM, Gurveer Singh <singh.gurveer88 at gmail.com>wrote:
> Hello Everyone,
>
>
> Does anyone know, how to disable sudo -i.
> Because i gave sudo ALL permission to a user and Now user is able to get
> root prompt using " *sudo -i* ".
That's what 'ALL' does...
It also allows the following (non complete list) of ways of getting a root
shell:
sudo -s
sudo $EDITOR (and then shell-escape)
sudo ~user/some-shell-script that exec's a shell
sudo visudo (and then edit their rights)
sudo vi /etc/passwd, and create/edit a root-equivalent account
etc...
Basically, don't give users 'ALL' rights if you don't want to give them the
root password or equivalent.
--
Mark Janssen -- maniac(at)maniac.nl
Unix / Linux Open-Source and Internet Consultant
Maniac.nl Sig-IO.nl Vps.Stoned-IT.com
More information about the sudo-users
mailing list