Can we restrict a user and do not let him to go to the root mode. For example, when he inter sudo su, The system tells him you can not access the root?
Asked
Active
Viewed 7,681 times
1
Tim
- 33,500
Mohammad Reza Rezwani
- 10,706
2 Answers
6
By default, on Ubuntu, any Linux user which is member of the group sudo or admin is allowed to use sudo to run any commands as root on the system.
But this can be more complex than that.
In fact, the authorizations to use sudo are defined into the /etc/sudoers file. You must edit this file using the visudo command as root.
The default behaviour I've expressed at the beginning of this answer is represented by the line :
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
Short overview of this syntax :
- First ALL : indicate that members of this group can run sudo from any host
- Second ALL : command will be run as the specified user (by default it is root) with
sudo -u <username> - The third ALL (on the line with
%sudo) specify that the group can also set when running sudo (sudo -g <group name>) - The last ALL indicate that any command present on the system can be run by the concerned users.
Therefore, the syntax (see man visudo for more example) would allow you to specify restriction in a sense that :
- A given user is given sudo priviledge
- A user or group may be restricted to use only some command
- A user or group may be restricted to change to a specify user only
Restrictive example :
operator ALL=(root) /sbin/reboot
which allows the user operator to run only the command /sbin/reboot as root.
1
Open System Settings from an admin account.
Click User Accounts, then the Unlock at the top corner. Enter your password.
Click the account you wish to change, then click the word Administrator, next to Account Type.
Change it to Standard, and they won't be able to use sudo or run any system changing programs, such as in Software Centre, they won't be able to install anything from it, just browse.
Tim
- 33,500