How to config sudoers file?

0

I'm using ubuntu server 12.04 LTS

I want to know how to configure my sudoers file (obviously, using visudo), to permit an user to run commands like root (doing something like "sudo service x restart") but without the permission to be root (doing "sudo su").

In the sudoers file, we have the follow lines:

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

I've tried to put my user in both of the groups, but in both of they, the user can being root doing "sudo su".

Any tips on how to configure the sudoers file to make my webserver really secure when using the terminal with users that can run root commands?

BigBlast

Posted 2013-04-15T03:17:51.203

Reputation: 103

Answers

3

In that case you will need to provide an explicit list of things that would be OK to run.

%sudo   ALL=(ALL:ALL) /usr/sbin/service * restart, /path/to/command options, ...

tink

Posted 2013-04-15T03:17:51.203

Reputation: 1 419

Asked: 2013-04-15T03:17:51.203

Viewed: 591 times

Active: 2013-04-15T11:21:27.733