On Linux we authenticate users against AD. The AD users are not listed on /etc/passwd.
We are about to deploy a NFS solution to mount some extra space for each group of users.
If a user(A) with sudo su privileges goes to root, then he can impersonate user(B) just by su user(B) and going to the NFS.
Is there any way to disallow root to su user if the user is not listed on /etc/passwd ?