I am using rhel7.2 in our envirement.I do not want any user on system to “su” to 2 specific users say “user3 and user4”.But “user3 and user4” can “su” to any user in the system.
Let me explain my requirement in detail.Lets say i have 4 users on servers say user1,user2,user3 and user4.
Say i logged in to server with user 1 or user2.
”
My requirement is that it cannot switch user “su ” to user” user 3 and user4″.But if i logged in server using “user3” or “user4”,I can switch user “su” to user 1 or user2.In a nutshell
Login as User1 on server> su – user3 ——-This should not work
Login as User3 on server> su – user1 ——–This should work
Answer
I suspect you have not asked the question you want answered. Specifically, I suspect you’re asking about how to control access to sudo su foo; but I will answer the question as asked.
To prevent user1 doing su user3, do not give user1 user3’s password. It’s as simple as that.
If instead you want to control user1’s ability to sudo su user3, which is a completely different thing, then do not give them that privilege in sudoers. Praveen P’s answer is pretty good on that, though you are on a short highway to failure if you think you can meaningfully grant people rights to sudo everything, then take away a few commands (off the top of my head, I can think of five or so different ways to change root’s password in the context of the sudoers file (s)he quotes). Generally, only give people privilege to do the things they need to do.
Attribution
Source : Link , Question Author : Ankush kalra , Answer Author : MadHatter
