Block a command

Question

I don't want any admin users in my system to execute the following command other than root.

"sudo cp /etc/sudoers "

Is it possible to block it for admin users only?

I have tried lot but didn't get anything?

The line: Is it possible to block it for admin users only? seems a bit strange, non-admins won'be able to run with sudo anyway? — Jacob Vlijm, Aug 12 '14 at 11:16

score 2 · Answer 1 · answered Aug 12 '14 at 11:20

2

If you don't trust someone to have full shell access on your system, don't give them shell access at all.

You want to stop cp command what about other commands that acts like cp , what about if admins use scp command .

Am not saying its impossible to block this command , but a play around trick will defeat your goal .

answered Aug 12 '14 at 11:20

nux

2

"Am not saying its impossible to block this command" yes it is. Any sudo account will be able to re-do any alterations root made. The only way to do this is by "obscurity" and that is not going to stop an informed user. – Rinzwind Aug 12 '14 at 11:35
what about changing permissions on commands binaries – nux Aug 12 '14 at 11:37
1

I can change those back if I have a sudo account. All I need to do is sudo su and provide my sudo password. – Rinzwind Aug 12 '14 at 11:49
then its not impossible , but you can reverse changes – nux Aug 12 '14 at 11:56
1

That is doing it "by obscurity". That never works. It will even make things worse: I reset the change back after I am done with whatever I want to do and you will never find out I did... No, changing admin pwd and NOT handing it out is the sane option. – Rinzwind Aug 12 '14 at 12:00

1 Answers1