[bob@localhost ~]$ su - user01
Password:
By default, all users can use the su command. We can
/etc/sudoersdisable sucommands in .[user01@localhost ~]$ su -
Password:
Disable su access for normal users
To disable su access for normal users, first, backup the following /etc/sudoersoriginal files as follows:
[bob@localhost ~]$ sudo cp -p /etc/sudoers /etc/sudoers.back
[sudo] password for bob:visudo[bob@localhost ~]$ sudo visudo
## Command AliasesCmnd_Alias DISABLE_SU = /usr/bin/su
Then add the following line at the end of the file, replacing the username bob with the user whose su access needs to be disabled:
bob ALL=(ALL) NOPASSWD: ALL, !DISABLE_SU
save and exit
[bob@localhost ~]$ sudo su - user01
Sorry, user bob is not allowed to execute '/bin/su - user01' as root on localhost.localdomain.
Disable su access for user group
You can also disable su access for user groups. For example, to disable su access for all users in the group wheel, execute the following command:
[bob@localhost ~]$ sudo visudo
%wheel ALL=(ALL) ALL, !DISABLE_SU
save and exit~
END
Official site: www.linuxprobe.com
Linux Command Encyclopedia: www.linuxcool.com
Teacher Liu Trent QQ: 5604241
Linux technical exchange group: 3762708
(New group, in the hot group...)
Readers who want to learn the Linux system can click the "Read the original text" button to learn about the book "Linux should be learned like this", and it is also very suitable for professional operation and maintenance personnel to read, becoming a high-value reference book to assist your work!