When i have install ubuntu at that time create admin user, Now my plan is to remove sudo access from this user and added custom sudofile for this user.
First I remove sudo group from this user:
$ sudo cat /etc/group | grep admin
admin:x:1000:
$ sudo cat /etc/group | grep sudo
sudo:x:27:
Even there is no entry on sudofile :
$ sudo cat /etc/sudoers | grep -v "#"
root ALL=(ALL:ALL) ALL
My custom sudo file :
$ sudo cat /etc/sudoers.d/custom | grep -v "#"
Host_Alias HOSTNAME = myhost
Cmnd_Alias ARCH = /bin/tar, /bin/gzip, /bin/gunzip
...
...
root ALL = (ALL) ALL
admin HOSTNAME = NOPASSWD: ARCH,...,...
Interesting thing is that to prevent service which not define on customsudo file.
$ sudo /etc/init.d/virtualbox status
[sudo] password for admin:
Sorry, user admin is not allowed to execute '/etc/init.d/virtualbox status' as root on myhost.
Issue is that, still able to edit /etc folder and created another test user which working fine means who can't edit /etc and other operations !
My goal is to privent to edit /etc directory but able to access /var/log/ and other general directory and operation, here we can define service to allow but Can we define the directory and any other way ?
