Restrict sudo -i

Linux and Unix-Like Red Hat
1

Hi,

I wanted add a group to the sudoers file so they can run sudo commands and blocked su command but it seems they can just run sudo -i to switch to root which defeats my purpose.
Is it possible to block sudo -i with the help of sudoers file or any other way.
Please advise.

The below doesn't seem to work

Cmnd_Alias NSU = /bin/su
Cmnd_Alias NVSU = /usr/bin/sudo -i *
%support-group  ALL=(ALL) ALL, !NVSU, !NSU

---------- Post updated at 11:07 AM ---------- Previous update was at 11:00 AM ----------

Or Even better if any user tries to switch to root always ask for root password, is that achievable?

2

They can do alot more then issuing sudo -i to escalate privileges to root.

Can you elaborate what do user need to do that it requires sudo to be used ?
Giving super user privilege to users should be avoided if possible. root account and commands should be used by administrators only.

Run your applications under user not root, since this is the purpose of multiuser operating system....

Regards
Peasant.