Disable SU access for sudo users

11. January 2017 AWS, CentOS, RHEL 4
Disable SU access for sudo users

Some times you need to disable sudo su – access on your environment so that the users will use sudo command always and they will not switch to any other users account unnecessarily

Lets see how to do it

  • Edit the /etc/suoders by running visudo
    visudo
  • Add the below Command Alias
    Cmnd_Alias BLOCKSU = /bin/su
  • If you want to block SU for only a particular user, you can use the below entry.
    user1 ALL=(ALL) NOPASSWD: ALL, !BLOCKSU
  • If you want to block it for all the users via a group like wheel, Then the below entry change will do the job
    %wheel ALL=(ALL) ALL

    to
    %wheel ALL=(ALL) ALL, !BLOCKSU

    Update: This is not a bulletproof solution, You can find ways to bypass this in the comment section.

0 0 votes
Article Rating
Subscribe
Notify of
guest
4 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
yyagol
yyagol
3 years ago

bypass very easy ,
As regular user run

cp /bin/su /bin/mysu
chmod +x /bin/mysu
sudo mysu –

0
Reply
Jobin Joseph
Author
Jobin Joseph
3 years ago
Reply to  yyagol

Is it working for you if you set the recommendation like in the blog post ?

0
Reply
Christian B
Christian B
3 years ago

Bypassed with a simple “sudo sudo su”

0
Reply
Ales
Ales
3 years ago

bypass if you use sudo -i

0
Reply
wpdiscuz   wpDiscuz