Is it possible to make it so a user can use the sudo command in terminal, but not have access to sites other then those allowed through parental controls, without a third party system?
Allow Sudo Privileges Without Site Access
parental-controlssudo
Related Question
- MacOS – blank Parental Controls log display
- MacOS – Allow access to www.bbc.co.uk/cbeebies, but not www.bbc.co.uk
- Access to sudo but not security and privacy or users and groups
- MacOS – How are Parental Restrictions Implemented
- Osascript is not allowed assistive access. (-1728)
- iOS – How to Whitelist Contacts in iMessage or Parental Controls
- Can’t open an app as root. Sudo command not found
- macOS High Sierra – Disable Parental Controls for Admin User
Best Answer
By adjusting the sudoers file (/etc/sudoers) with
sudo visudo
it should be possible to accomplish this. It is a hell of a job and you need a profound knowledge of all commands to fine-tune this while avoiding errors and loopholes though.You have to add the user to the User privilege specification section
Then use a whitelist (or a blacklist) of allowed (or disallowed) commands:
Examples:
whitelist
blacklist
You may mix whitelist and blacklist.
Please check
man sudoers
how to simplify things or narrow things down by configuring User, Runas, Host and Cmnd alias specifications.Check the accepted answer to the question How to prevent sudo users from running specific commands? for the pitfalls of configuring a simple command like
rnano
in the sudoers file.