Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

5
  • 1
    What do you want? do you unprivillgae root user from a normal user, or do you want to ban user from login?or want to lower privilllage than root? Commented Sep 29, 2013 at 13:10
  • 3
    If you are trying to restrict users from using sudo to run certain commands, it's better to whitelist the commands you want them to be able to run rather than blacklist a handful. There are so many ways to get a shell via sudo if they can run any other command. Commented Sep 29, 2013 at 13:14
  • Only those users who are in the sudoers file will be able to run sudo and you need the user's password to switch users with su. I don't understand what more you need. Commented Sep 29, 2013 at 13:34
  • @terdon, I checked this also but the thing is this that even though if the user is not is the sudoers file and he can run the su command and knows the password he can switch to root and I dont want this to happen. Its always better to secure the system than working hours to rescue it. Commented Sep 29, 2013 at 13:48
  • 2
    Why does your user know the root password in the first place? Securing the system means making sure nobody has the root password. You can also disable the root account completely in which case su will do nothing. If you start with a compromised root account you will never have a secure system. Commented Sep 29, 2013 at 14:08