Prevent a user using sudo
Solution 1
Open System Settings from an admin account.
Click User Accounts
, then the Unlock at the top corner. Enter your password.
Click the account you wish to change, then click the word Administrator, next to Account Type.
Change it to Standard, and they won't be able to use sudo
or run any system changing programs, such as in Software Centre, they won't be able to install anything from it, just browse.
Solution 2
By default, on Ubuntu, any Linux user which is member of the group sudo
or admin
is allowed to use sudo to run any commands as root on the system.
But this can be more complex than that.
In fact, the authorizations to use sudo are defined into the /etc/sudoers
file. You must edit this file using the visudo command as root.
The default behaviour I've expressed at the beginning of this answer is represented by the line :
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
Short overview of this syntax :
- First ALL : indicate that members of this group can run sudo from any host
- Second ALL : command will be run as the specified user (by default it is root) with
sudo -u <username>
- The third ALL (on the line with
%sudo
) specify that the group can also set when running sudo (sudo -g <group name>
) - The last ALL indicate that any command present on the system can be run by the concerned users.
Therefore, the syntax (see man visudo for more example) would allow you to specify restriction in a sense that :
- A given user is given sudo priviledge
- A user or group may be restricted to use only some command
- A user or group may be restricted to change to a specify user only
Restrictive example :
operator ALL=(root) /sbin/reboot
which allows the user operator
to run only the command /sbin/reboot
as root.
Related videos on Youtube
Comments
-
Mohammad Reza Rezwani over 1 year
Can we restrict a user and do not let him to go to the root mode. For example, when he inter
sudo su
, The system tells him you can not access the root?-
TuKsn almost 10 yearsSorry i am now confused because i have a user on a Virtualbox who is not in sudo group, but can do sudo.
-
TuKsn almost 10 yearsOk I solved it, there was an entry in the sudoers file
username ALL=(ALL:ALL) ALL
in this case the user can do sudo without being member of the sudo group. But normally the link from Jacob Vlijm should reach. To be sure you can look into the sudoers file withsudo visudo
if there any entry for the user. If not he should not be able to do sudo if he is not in the sudo group.
-
-
Mohammad Reza Rezwani almost 10 years+100 thanks but that will be more interesting if someone suggest command line approach