Unable to remove sudo access from ubuntu user

Question

When i have install ubuntu at that time create admin user, Now my plan is to remove sudo access from this user and added custom sudofile for this user.

First I remove sudo group from this user:

$ sudo cat /etc/group | grep admin
admin:x:1000:

$ sudo cat /etc/group | grep sudo
sudo:x:27:

Even there is no entry on sudofile :

$ sudo cat /etc/sudoers | grep -v "#"
root    ALL=(ALL:ALL) ALL

My custom sudo file :

$ sudo cat /etc/sudoers.d/custom | grep -v "#"
Host_Alias HOSTNAME = myhost

Cmnd_Alias ARCH = /bin/tar, /bin/gzip, /bin/gunzip
...
...
root ALL = (ALL) ALL
admin HOSTNAME = NOPASSWD: ARCH,...,...

Interesting thing is that to prevent service which not define on customsudo file.

$ sudo /etc/init.d/virtualbox status
[sudo] password for admin: 
Sorry, user admin is not allowed to execute '/etc/init.d/virtualbox   status' as root on myhost.

Issue is that, still able to edit /etc folder and created another test user which working fine means who can't edit /etc and other operations !

My goal is to privent to edit /etc directory but able to access /var/log/ and other general directory and operation, here we can define service to allow but Can we define the directory and any other way ?

Why don't add that [ configuration ] to the already existing sudo file ? — George Udosen, May 09 '17 at 07:42
This looks like a rehash of your previous question. If you want to create a user account that can start and stop services and read log files without full super-user privileges, please do precisely that. Don't create completely new sudoers rules from scratch if all you want to do is grant or revoke user privileges. See How do I run specific sudo commands without a password? — David Foerster, May 10 '17 at 13:13

Unable to remove sudo access from ubuntu user

0 Answers0