LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-13-2018, 04:40 AM   #1
bediinderjit
LQ Newbie
 
Registered: Jun 2018
Posts: 1

Rep: Reputation: Disabled
restrict sudo su


Hi,
I want to know the best practice for security, restrict sudo su.
 
Old 06-13-2018, 05:04 AM   #2
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 19 MATE
Posts: 5,061
Blog Entries: 2

Rep: Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648
Hi bediinderjit, and welcome to LQ.

Can you please explain a bit more about what it is you are trying to do. Do you want to restrict root access to users on your system?
 
Old 06-13-2018, 07:01 AM   #3
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 10,858

Rep: Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232
https://www.youtube.com/watch?v=o0purspHg-o
https://www.bsdcan.org/2014/schedule...can%202014.pdf
https://www.4armed.com/blog/su-youre-doing-it-wrong/
 
1 members found this post helpful.
Old 06-13-2018, 08:23 AM   #4
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Ubuntu, Devuan, OpenBSD
Posts: 3,120
Blog Entries: 3

Rep: Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363Reputation: 1363
Yep. Those cover all the details. The default misconfigurations bother a lot of people. I even wrote a short rant myself about how to avoid misconfiguring sudoers.

bediinderjit, the links pan64 points to will show you how to configure sudo correctly. As you have noticed, probably with Ubuntu, many distros have it badly misconfigured by default and it is up to you to fix the distro's mistakes. The one key point to remember is that you may whitelist programs and their options, blacklisting does not and cannot work. So begin your plans for configuration by deciding which things you specifically wish to allow and then adding them in one at time.
 
1 members found this post helpful.
Old 06-13-2018, 12:18 PM   #5
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 10,858

Rep: Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232Reputation: 3232
looks like a single-post-member again. Anyway, the sequence "sudo su" is deprecated and also you can say "bad practice". You need to configure your system to not allow this at all.
 
Old 06-13-2018, 06:01 PM   #6
scasey
Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.4
Posts: 973

Rep: Reputation: 322Reputation: 322Reputation: 322Reputation: 322
Quote:
Originally Posted by pan64 View Post
looks like a single-post-member again. Anyway, the sequence "sudo su" is deprecated and also you can say "bad practice". You need to configure your system to not allow this at all.
I've wondered about that. When I need to escalate, I've always just used su -
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict Sudo from a Particular IP NP72132 Linux - Security 4 11-04-2017 09:35 AM
Restrict a group of users to sudo su as root mslinux1 Linux - Security 9 08-16-2017 02:41 PM
Restrict SUDO Access maddyfreaks Linux - Newbie 8 02-25-2012 01:32 PM
Can sudo restrict certain commands? Thaidog Linux - Security 3 01-30-2009 11:24 AM
restrict root shell using sudo ElectroLinux Linux - Security 2 03-30-2007 05:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration