Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to restrict access to root user from different user in unix/linux with using 'SUDO SU' command

14 views
Skip to first unread message

kranthi kumar

unread,
Apr 14, 2015, 3:25:25 AM4/14/15
to
Dear All,
Actually in my Linux server is having 3 users whose are ( root,user1, user2).
User1,user2 doesn't have full privileges. But i can switch to root user from user1 with user1 password. How i can restrict switching to root with 'SUDO su' command.

Best Regeards
Kranthi.

Kaz Kylheku

unread,
Apr 14, 2015, 9:04:55 AM4/14/15
to
The commands which users can execute with sudo can be configured with the
"sudoers" configuration file.

$ man sudoers

Note that "su" is a red herring, because it is "sudo" which escalates privilege.
"su" just provides a way to get a shell. Any program which allows the execution
of arbitrary programs can be used to obtain a root shell, if that program can be
run using sudo.

For instance:

$ sudo vi
:!sh
# root!

If you can run a text editor as root:

$ sudo vi /etc/shadow
[ ... edit any user's password, incl root ... ]
$ su anyuser
password: [type new password you just created]

Basically, if you do not trust a user to have root privileges, but that user must
be able to do some admin tasks, you must severely restrict sudo to just run
a specific command or set of commands, and think very carefully about the
implications of those commands being run with privileges.
0 new messages