Question : Prevent sudoer users from using SU

If I have a group of users I want to all to use all commands, but I want them to use sudoers for auditing purposes, how can I set it up so that they cannot use SU and bypass sudo and the logging?
I am using the very primative ALL for them right now

# %ITstaff ALL=(ALL) NOPASSWD: ALL

Answer : Prevent sudoer users from using SU

You can't prevent people from using su by editing sudoers!

What you want is (maybe) to disable su to all users but root. This is done by editing the /etc/pam.d/su file and adding (or removing a comment)

auth required pam_wheel.so

Have a look at the file, some additional options are available.

But you still might want to allow only the exact commands with sudo together with the su restriction.

//jonas

Random Solutions

Batch file to create a web page thru cgi

ghost 11.5 suite 2.5 failure to make usb bootable disk

Imap to Exchange 2007 - Microsoft Transporter Suite 401 error

Outlook 2007 Attachments Won't Open

How to quickly clean up Lotus Notes Groups - remove bad email addresses

Exchange 2003 NLB/FE and BE server

Flash XmlSocket Receiving Data Issue Only When Run as Web Site <policy-file-request/> Problem

event id 37 - Out of process application /LM/W3SVC/1/Root terminated unexpectedly

how to run a very large .SQL file as part of a DTS package or Job?

Javascript menu positioning - need to make it relative to a cell in a table not absolute.