AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
#Power
 View Only

  • 1.  Configuring SUDOERs File -> Limiting use of "Sudo su"

    Posted Thu July 12, 2012 02:10 PM

    Originally posted by: Chipotleisdelicious


    This seems like it should be obvious, but I'm not an AIX administrator. I've read the man page for sudo (http://www.gratisoft.us/sudo/sudoers.man.html) and haven't been able to figure something out. I've noticed that certain users in AIX have the ability to type 'sudo su' and then run whatever they want as 'SU', but defeating the point in SUDO.

    Is it possible to do something to limit the ability to 'sudo su' and force users to 'sudo command' so that we can log it properly?
    #AIX-Forum


  • 2.  Re: Configuring SUDOERs File -> Limiting use of "Sudo su"

    Posted Thu July 12, 2012 08:42 PM

    Originally posted by: ColombianJoker


    Don't enable all commands for the user, enable only some commands (except su)
    #AIX-Forum


  • 3.  Re: Configuring SUDOERs File -> Limiting use of "Sudo su"

    Posted Mon July 23, 2012 11:55 PM

    Originally posted by: SystemAdmin


    Ensure that any lines like:

    <login> ALL = (ALL) ALL

    have been commented out, and that there are not entries for /usr/bin/su unless these are similar to:

    <login> ALL = /usr/bin/su - <admin>

    where <admin> is an administrative login, not root. Be careful that there are no directories in the allowed commands; as, if there is an editor in the directory, then the user can usually gain root access from it.
    #AIX-Forum


Related Content