We need to add few users to the sudoers file on Linux. They should be able to to anything root can except the following:
- Should not modify, read, delete
/nfsshare/config
- Should not modify, read, delete
/etc/passwd
- Should not mount anything
- Should not change root password
- Should not edit
/etc/sudoers
or runvisudo
to add other users
Is this possible?
Best Answer
I am, basically, in agreement with Wissam Al-Roujoulah on this.
Do you, really need to do this? Maybe there are other ways, using
acl
or regular UNIX permissions.As Wissam Al-Roujoulah has already pointed out, trying to "blacklist" certain commands, is in reality a really bad idea (read below from
man sudoers
, emphasis mine):Instead you can specify a "whitelist", e.g. the actual commands the users are allowed to run. Something like this:
The above will allow
user1
to shut down. You can add more commands in a comma separated list.Read more about this here.