Some times you need to disable sudo su – access on your environment so that the users will use sudo command always and they will not switch to any other users account unnecessarily
Lets see how to do it
- Edit the /etc/suoders by running visudo
visudo
- Add the below Command Alias
Cmnd_Alias BLOCKSU = /bin/su
- If you want to block SU for only a particular user, you can use the below entry.
user1 ALL=(ALL) NOPASSWD: ALL, !BLOCKSU
- If you want to block it for all the users via a group like wheel, Then the below entry change will do the job
%wheel ALL=(ALL) ALL
to
%wheel ALL=(ALL) ALL, !BLOCKSU
Update: This is not a bulletproof solution, You can find ways to bypass this in the comment section.
bypass very easy ,
As regular user run
cp /bin/su /bin/mysu
chmod +x /bin/mysu
sudo mysu –
Is it working for you if you set the recommendation like in the blog post ?
Bypassed with a simple “sudo sudo su”
bypass if you use sudo -i