How to config sudoers file?

Posted on

Problem :

I’m using ubuntu server 12.04 LTS

I want to know how to configure my sudoers file (obviously, using visudo), to permit an user to run commands like root (doing something like “sudo service x restart”) but without the permission to be root (doing “sudo su”).

In the sudoers file, we have the follow lines:

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

I’ve tried to put my user in both of the groups, but in both of they, the user can being root doing “sudo su”.

Any tips on how to configure the sudoers file to make my webserver really secure when using the terminal with users that can run root commands?

Solution :

In that case you will need to provide an explicit list of things that would be OK to run.

%sudo   ALL=(ALL:ALL) /usr/sbin/service * restart, /path/to/command options, ... 

Leave a Reply

Your email address will not be published.