[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

configuring sudo access for some users

Hi friends,

I want to configure sudo access for some users on my system. I am currently using FC7 on my system. What they require (I mean users) is to do all the things except they cannot su/su- to become anyother user or root user, they should not be able to change anybody's password or atleast root's password, cannot modify /etc/sudoers and  etc/pam.d/su files . I have a script which can extract all commands issued with "sudo" but if these users become root then I won't be able to know who has done what.

I have already restricted su/su - access by editing /etc/pam.d/su  and uncommenting the below line:

# Uncomment the following line to require a user to be in the "wheel" group.
auth            required        pam_wheel.so use_uid

Authentication on my system is done through LDAP but also Use MD5, Use Shadow and Local Authorization is sufficient options are enabled so that local user for ex myself can login without authenticating to LDAP. Users for which i want to configure sudo access will all be authenticated through LDAP.

Currently I have added these 2 lines in /etc/sudoers (I used visudo command to edit this file)

test ALL=(ALL) ALL, !/usr/bin/su
test2 ALL=(ALL) ALL, !/usr/bin/su

Both test and test2 are able to become root when they use "sudo su - " but they are not able to become root user when they issue "su -". How do I restrict these users not to become root or any other user through sudo su - and also these users should not able to change their or other users passwords on this system.

Thanks & Regards

Ankush Grover

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]