I'm trying to devise a new sudoers configuration while building a new SOE and would like to force everyone (including system administrators) to use rootsh in favour of doing things like sudo -s, sudo bash, sudo tcsh and so forth. Effectively, use sudo to use any shell other than rootsh.
Is there a way to allow users to run anything they want except shells.
I've seen this question in different forms on various forums. Each time, the result never seems to be a full answer. I would like to prevent users from being able to sudo to root while maintaining the ability to sudo to other users. As tedious a task as this is I already know I can lock out editing the sudoers file and from running sudo bash|sh|etc.