In UNIX/Linux, su is the most powerful command that allows you to access the root account or another userβs account with their account password.
Although you can easily restrict or disable su command access for a specific user with sudo privileges by following the steps in this article.
Tutorial Details
| Description | Block βsuβ Access to Sudo Users |
| Difficulty Level | Moderate |
| Root or Sudo Privileges | Yes |
| OS Compatibility | Ubuntu, Manjaro, Fedora, etc. |
| Prerequisites | visudo |
| Internet Required | No |
How to Block βsuβ Access for Sudo Users
You need to modify the β/etc/sudoersβ file in order to prevent or block sudo users from accessing the su command.
But first, take a backup of this file using the following command:
$ sudo cp /etc/sudoers /etc/sudoers.bakAnd then open the file using any of the following commands:
$ sudo visudo
#OR
$ sudo nano /etc/sudoersCreate the following alias under the β#Cmnd alias specificationβ comment section.
Cmnd_Alias DISABLE_SU = /bin/suOutput:
Then add the following line at the end of the file, replacing βlinuxtldrβ with the actual username.
linuxtldr ALL=ALL, !DISABLE_SUOutput:
Save and close the file, then restart the current session to reflect the changes.
Next time, when you try to access the βsuβ command using sudo, you will be prompted with the following error:
Thatβs all for now; sayonara.
Join The Conversation
Users are always welcome to leave comments about the articles, whether they are questions, comments, constructive criticism, old information, or notices of typos. Please keep in mind that all comments are moderated according to our comment policy.