Some times you need to disable sudo su – access on your environment so that the users will use sudo command always and they will not switch to any other users account unnecessarily
Lets see how to do it
- Edit the /etc/suoders by running visudo
- Add the below Command Alias
Cmnd_Alias BLOCKSU = /bin/su
- If you want to block SU for only a particular user, you can use the below entry.
user1 ALL=(ALL) NOPASSWD: ALL, !BLOCKSU
- If you want to block it for all the users via a group like wheel, Then the below entry change will do the job
%wheel ALL=(ALL) ALL
%wheel ALL=(ALL) ALL, !BLOCKSU
Update: This is not a bulletproof solution, You can find ways to bypass this in the comment section.