I'm trying to devise a new sudoers configuration while building a new SOE and would like to force everyone (including system administrators) to use rootsh in favour of doing things like sudo -s, sudo bash, sudo tcsh and so forth. Effectively, use sudo to use any shell other than rootsh.
Is there a way to allow users to run anything they want except shells.
I've seen this question in different forms on various forums. Each time, the result never seems to be a full answer. I would like to prevent users from being able to sudo to root while maintaining the ability to sudo to other users. As tedious a task as this is I already know I can lock out editing the sudoers file and from running sudo bash|sh|etc.
When you invoke sudo, it prompts for password and then checks the /etc/sudoers configuration file to see if the user is permitted access to run the command. /etc/sudoers is the sudo configuration file that enables certain users or groups to run certain commands.
In my linux system i have two sudo users and another root. When i want to switch from sudo user to Root user, and put command SU to switch to root then system ask for Root user password.But when i enter same command with SUDO, like sudo su then my user switches to Root user and don't ask for Root user Password.
Tested on Ubuntu and Fedora, same behavior on both platform.