Page 1 of 1
Remove user SU access
Posted: 08 Dec 2008, 11:07
by Kasyx
Is there any way to remove the ability to SU on a per-user basis? The users are not part of the wheel group, so I am not really sure how to go about doing this. There are roughly 50 users that I need to remove su access for, and none of them are part of the wheel group which is odd.
Is there some command or something that can give users su access or something?
*sigh*
Re: Remove user SU access
Posted: 08 Dec 2008, 12:24
by Nuke
There must be a way. The 2nd user on my our home ubuntu pc can't SU while the first I created can. Will ask the other guys is is just out atm, he will most likely know, he told me where to enable the SU access.
Re: Remove user SU access
Posted: 08 Dec 2008, 12:44
by Kasyx
Awesome, thanks
Re: Remove user SU access
Posted: 08 Dec 2008, 13:28
by rustypup
my first choice would be to simply chown the sudo executable, changing ownership to the admin group...
<edit>
actually... before going there, have you checked the sudoers file?
</edit>
Re: Remove user SU access
Posted: 09 Dec 2008, 11:14
by Kasyx
sudoers file is empty except for two lines allowing snmpd and snmptrap. Looks like changing the access on the sudo executable is the best bet.
Thanks for the help
Re: Remove user SU access
Posted: 09 Dec 2008, 11:33
by rustypup
Kasyx wrote:Looks like changing the access on the sudo executable is the best bet.
no!... it's the quick and nasty approach...
first try using
visudo to repair the damaged sudoers file... if the issue persists, then fiddle with ownership...
be warned... recovering from a mucked sudoers file is... fun... use nano or visudo...
Re: Remove user SU access
Posted: 09 Dec 2008, 11:40
by Kasyx
Oh great! Well as long as it is FUN!
Hehe, I will give it a shot and see what I can sort out. Thanks
Re: Remove user SU access
Posted: 20 Dec 2008, 11:58
by lethe377
What worries me is that you have 50 users with access to a shell. If they don't need access to bash, give them a false shell.