I want to setup a VPS that is is open to a few people for them to execute a program. They will connect via SSH. Is there a way for me to keep them from running root commands (sudo, su)?
I tried installing Openssh-server on my laptop running ubuntu 14.04.3 and tried connection via my phone using my password and even though I had PermitRootLogin set to no, I was able to run sudo commands.
Maybe you want to check out this link.
The point is that PermitRootLogin diasbles login via the user root. This is a security risk. However, your normal user can always login an then escalate to root (e.g. via sudo). An attacker would need two sets of passwords: your user's and root's password, which makes it harder (given you have sane password policies).
If you want to disable a user from sudo you have to take this priviledge from him. However, this woud request you doing it on your laptop you want to connect to. AND FURTHER, this will disable your user to use sudo on your laptop -- so careful: you might lock yourself out of the system when your only user is removed. (This link might be helpful)
sudofor the altogether? – muru Feb 20 '16 at 09:41sudoaccess in the first place? Via a group? Via individual entries to/etc/sudoers? – muru Feb 20 '16 at 09:51sudoaccess, so no problem there. – muru Feb 20 '16 at 09:58