On 21.09.23 18:21, Nathanaƫl Blanchet via FreeIPA-users wrote:

I don't want my users to become root with simply executing the 'sudo
-i' command so they can execute all root commands. Users should only
execute with sudo the allowed defined commands.
I'm able to prevent them from executing 'sudo su -', but I didn't find
any informations about forbidding 'sudo -i'.

There is not good solution for.

You can try something like

username ALL=(ALL)  ALL, !/usr/bin/bash, !/usr/bin/vi

But you have to specify all dangerous command like vi, strace and so on.
So please avoid this. To be safe, you have to define a whitelist of commands. Or to trust your users.

Best regards
Ulf
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to