Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to disable sudo -i in sudoers file for users?
Operating Systems Linux Red Hat How to disable sudo -i in sudoers file for users? Post 302960709 by Aia on Wednesday 18th of November 2015 09:27:16 PM
Old 11-18-2015
Quote:
Originally Posted by shekar777
All,

I need to disable "sudo -i" and "su - " for all servers in our environment, We want to make sure no one run commands or delete files across environment using switching to root account. can you guys please lets me know if this is achievable.

Thanks and Regards
shekar
Anyone that can do su - needs to have the root password, therefore no setting can be done to disable it without having the ability to reverse it.
Anyone that can do sudo -i needs to be allowed as a sudoer, which means you can remove it from /etc/sudoers
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Removing users from sudoers - help needed

I'm trying to create a script to remove users from sudoers on multiple servers. I'm able to do this with a one-line script using sed, but only if it's on one server. Example: sed '/someuser/d' /host/local/etc/sudoers Also, I think the problem with this one-line script is that I would have to... (4 Replies)
Discussion started by: em23
4 Replies

2. Solaris

sudoers and sudo

Hi, on solaris 10, I have two users : user1 and user2 I want to create User_Alias and Cmnd_Alias to allow them to execute a command without prompting for sudo password. command I want these users should be able to run is '/usr/bin/su - abcd' . Also user1 and 2 need not type the 'abcd'... (6 Replies)
Discussion started by: upengan78
6 Replies

3. Solaris

sudo for users

Hello gurus, Is there a flag or switch that you can added to sudoers file to always have users type 'sudo' prior to running a command? (5 Replies)
Discussion started by: em23
5 Replies

4. Shell Programming and Scripting

How to sudo to multiple users?

Hi all, I have to create SSH public key for multiple users. Iam creating a script in which, through root, I have to switch to multiple accounts to create SSH keys and then transfer it to the respective servers. First I tried with single user id and everything worked fine. When I try to sudo... (1 Reply)
Discussion started by: deepakwins
1 Replies

5. Shell Programming and Scripting

Addsudoers: A script to add users or groups into /etc/sudoers

Well, sudo is a great tool for delegating permissions among admins. But, it's really hard to find a great tool which would give an interactive way of editing /etc/sudoers file. Now, when I say "editing", I really refer to add new groups, users, aliases in the /etc/sudoers file. visudo is great... (2 Replies)
Discussion started by: admin_xor
2 Replies

6. HP-UX

sudo/sudoers

Dear folks. Considering PCIDSS standards, i have requirment to use sudo(ers) to log everything a certain user executes with root privileges. Now, for an admin it's just a pain in the ass to prefix every command with sudo. Only way i can think of is making .aliases and with some awk magic... (6 Replies)
Discussion started by: Peasant
6 Replies

7. Linux

How to configure sudoers in order to hide some sudo commands.

Hi Unix.com people! :) My question, I think, it's easy to understand. I want to configure my sudoers file (/etc/sudoers) in order to hide automatically, some repetitive and annoying commands to be listed on auth.log (/var/log/auth.log). Anyone know something, or know where I can... (0 Replies)
Discussion started by: fefafefa
0 Replies

8. Solaris

Disable users to direct login

Hi all, how can I disable direct login to a Solaris system not only for root user but also for other accounts? Looking in google I came to the following: For telnet (/etc/default/login): disable root access> CONSOLE=/dev/console disable generic user> ? For ssh... (5 Replies)
Discussion started by: Evan
5 Replies

9. Solaris

Temporary disable of users

HI Gurus can I temporary disable users to connect to Solaris, need help Regards (3 Replies)
Discussion started by: smazshah
3 Replies

10. Solaris

Sudo Privileges & Sudoers Group

I'm looking for some suggestions to accomplish what a specific user needs, without adding them to the "sudoers" group. I have X user, that is requesting to be able to change file permissions on items owned by others and search directories where X user doesn't have access. I'm open to any... (2 Replies)
Discussion started by: Nvizn
2 Replies

LEARN ABOUT MOJAVE

dsenableroot

dsenableroot(8) 					    BSD System Manager's Manual 					   dsenableroot(8)

NAME

     dsenableroot -- enables or disables the root account.

SYNOPSIS

     dsenableroot [-d] [-u username] [-p password] [-r rootPassword]

DESCRIPTION

     dsenableroot sets the password for the root account if enabling the root user account.  Otherwise, if disable [-d] is chosen, the root
     account passwords are removed and the root user is disabled.

     A list of flags and their descriptions:

     -u username
	      Username of a user that has administrative privileges on this computer.

     -p password
	      Password to use in conjunction with the specified username.  If this is not specified, you will be prompted for entry.

     -r rootPassword
	      Password to be used for the root account.  If this is not specified for enabling, you will be prompted for entry.

EXAMPLES

     -dsenableroot
	      Your username will be used and you will be queried for both your password and the new root password to be set to enable the root
	      account.

     -dsenableroot -d
	      Your username will be used and you will be queried for only your password to disable the root account.

     -dsenableroot -u username -p userpassword -r rootpassword
	      The supplied arguments will be used to enable the root account.

     -dsenableroot -d -u username -p userpassword
	      The supplied arguments will be used to disable the root account.

Mac OS								  August 08 2003							    Mac OS
All times are GMT -4. The time now is 09:42 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy