Admin user command usage restrictions

Dpu · September 16, 2011, 6:30am

Hi,
I need to work on restricting the Linux commands to the ADMIN user to some extent. It means for example, Admin users should not use passwd command to change the password of "root" or other important accounts like oracle, etc.,
So, I want to know which commands should be restricted upto which extent to the Admin user.
The main important commands I want to restrict are below:
passwd, authconfig, shutdown, reboot, ksu, su, killall, mount, umount, poweroff, nice, htpasswd, renice, fdisk, chsh, touch, umask, poweroff, halt...

Need to restrict these in the sudoers file.
plz help me in this....

venikathir · September 16, 2011, 8:56am

yes you should use sudoers file for this

Dpu · September 17, 2011, 12:51am

Thanks for the response venikathir...
But i want to know upto which extent should i restrict the admin user and how to do it in the sudoers file.:wall:

ahamed101 · September 17, 2011, 5:07am

I don't think you can restrict any commands using sudoers. Sudoers is basically used for providing special permissions to run commands for normal users.

--ahamed

Dpu · September 19, 2011, 6:02am

We can restrict the users for not using some of the commands using sudoers file Ahamed101.
But I want to know how to do that and also upto which extent.

ctsgnb · September 19, 2011, 6:13am

sudoers file does not restrict the access of a user.

sudoers file is used to allow users to run some commands as root (depending on what rules are specified in it).