Is it possible (how?) to restrict a user to only be allowed to make use
of its sudo usage permission if working at the physical console, not
granting to this user sudo permission when i.e. logged in via ssh? To
keep it simple, I could imagine to even have all sudo for all users
deactivated automatically as soon as a remote connection by ANY user is
detected.
The idea behind this: I have the root account already deactivated, and
am using in principal only one main user who also has the sudo
permissions for being able to do all the system administration, exactly
as Debian was setting this up automatically during the system
installation. If I now this main user ssh access to the system, then I
would like to asure that some security is in place, at least concerning
such simple restrictions like not offering sudo. Coming physically back
to the system could then be checked in the log files if meanwhile
unwanted ssh login or activity took place because I assume that at least
the log files cannot have been manipulated.
- [OT] sudo: restrict to physical console only? Marco Möller
- Re: [OT] sudo: restrict to physical console only? Keith bainbridge
- Re: [OT] sudo: restrict to physical console only... Marco Möller
- Re: [OT] sudo: restrict to physical console only? tomas
- Re: [OT] sudo: restrict to physical console only... Marco Möller
- Re: [OT] sudo: restrict to physical console ... tomas
- Re: [OT] sudo: restrict to physical console ... Greg Wooledge
- Re: [OT] sudo: restrict to physical cons... Marco Möller
- Re: [OT] sudo: restrict to physical cons... tomas
- Re: [OT] sudo: restrict to physical... John Hasler
