restrict sudo su
 

Hi,
I want to know the best practice for security, restrict sudo su.

Hi bediinderjit, and welcome to LQ.

Can you please explain a bit more about what it is you are trying to do. Do you want to restrict root access to users on your system?

https://www.youtube.com/watch?v=o0purspHg-o
https://www.bsdcan.org/2014/schedule...can%202014.pdf
https://www.4armed.com/blog/su-youre-doing-it-wrong/

Yep. Those cover all the details. The default misconfigurations bother a lot of people. I even wrote a short rant myself about how to avoid misconfiguring sudoers.

bediinderjit, the links pan64 points to will show you how to configure sudo correctly. As you have noticed, probably with Ubuntu, many distros have it badly misconfigured by default and it is up to you to fix the distro's mistakes. The one key point to remember is that you may whitelist programs and their options, blacklisting does not and cannot work. So begin your plans for configuration by deciding which things you specifically wish to allow and then adding them in one at time.

looks like a single-post-member again. Anyway, the sequence "sudo su" is deprecated and also you can say "bad practice". You need to configure your system to not allow this at all.

I've wondered about that. When I need to escalate, I've always just used su -

The sudoers man page is also a great resource.