want sudo but not sudo su - how
Hauan, David
david.hauan at fairchild.af.mil
Mon Jun 14 07:47:27 PDT 2004
> -----Original Message-----
> From: John [mailto:lists at itconsultuk.net]
> Sent: Saturday, June 12, 2004 6:30 AM
> To: freebsd-questions at freebsd.org
> Subject: Re: want sudo but not sudo su - how
>
>
> On Sat, Jun 12, 2004 at 11:59:59AM +0000, Andy Smith wrote:
>
> > It might be best to just say "I don't want you doing this" and then
> > punish people who do, since you do have logs.
>
> yeah, thought this might be the case :| thanks for confirming it.
>
> > If you're trying to restrict what people can do with sudo it will be
> > better to explicitly list each binary they can run as root and make
> > sure there's no way they can modify those binaries.
>
> yeah, but too many binaries (or roles too diffuse, tightening
> up of which
> would be another way of handling it)
>
visudo and add
john ALL = /usr/bin/su [!-]*, !/usr/bin/su *root*
this will allow you to su to anyone but root
dave
More information about the freebsd-questions
mailing list