On 21.09.23 18:21, Nathanaƫl Blanchet via FreeIPA-users wrote:
I don't want my users to become root with simply executing the 'sudo
-i' command so they can execute all root commands. Users should only
execute with sudo the allowed defined commands.
I'm able to prevent them from executing 'sudo su -', but I didn't find
any informations about forbidding 'sudo -i'.
There is not good solution for.
You can try something like
username ALL=(ALL) ALL, !/usr/bin/bash, !/usr/bin/vi
But you have to specify all dangerous command like vi, strace and so on.
So please avoid this. To be safe, you have to define a whitelist of
commands. Or to trust your users.
Best regards
Ulf
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue