Ask Your Question
0

"sudo /bin/bash" gives root shell to sudo user, how to prevent this?

asked 2016-04-26 07:16:33 -0600

suraj353 gravatar image

after "sudo /bin/bash" command, user gets root access, how to prevent this by adding lines to sudoers file ?

edit retag flag offensive close merge delete

Comments

but your user needs root access for other programs?

gobigobi66 gravatar imagegobigobi66 ( 2016-04-29 19:56:57 -0600 )edit

2 Answers

Sort by ยป oldest newest most voted
3

answered 2016-04-26 09:57:07 -0600

aeperezt gravatar image

updated 2016-04-26 11:34:48 -0600

florian gravatar image

You need to add !/bin/bash at the end of the %wheel line on the sudoers file so it looks like

%wheel  ALL=(ALL)       ALL, !/bin/bash

That will block users to use /bin/bash and sudo -s will not work but users can still use:

sudo su -

If you want to block that too add

,!/usr/bin/su

to the end of the %wheel line as suggested on the bash issue.

Good luck

edit flag offensive delete link more

Comments

2

And after that user run something like sudo dnf -y install beesu && beesu - gnome-terminal or sudo dnf -y install fish && sudo /usr//bin/fish, or ... In my opinion, it is the wrong approach to create a "partial" root access.

Either your user needs root rights and you trust him or her. Then, grant the rights. If the person is not trusted or does not need root access, don't grant it.

florian gravatar imageflorian ( 2016-04-26 11:39:17 -0600 )edit

Or, if your user only needs root access for a few commands, take him/her out of wheel and give separate sudo access limited to what's really needed.

sideburns gravatar imagesideburns ( 2016-04-26 13:58:55 -0600 )edit
0

answered 2016-04-27 01:16:11 -0600

genodeftest gravatar image

Remove the user from sudoers file or uninstall sudo. Note: su and pkexec mostly do the same.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-04-26 07:16:33 -0600

Seen: 3,820 times

Last updated: Apr 27 '16