In UNIX/Linux, su is the most powerful command that allows you to access the root account or another user’s account with their account password.
Although you can easily restrict or disable su command access for a specific user with sudo privileges by following the steps in this article.
|Description||Block ‘su’ Access to Sudo Users|
|Root or Sudo Privileges||Yes|
|OS Compatibility||Ubuntu, Manjaro, Fedora, etc.|
How to Block ‘su’ Access for Sudo Users
You need to modify the “
/etc/sudoers” file in order to prevent or block sudo users from accessing the su command.
But first, take a backup of this file using the following command:
$ sudo cp /etc/sudoers /etc/sudoers.bak
And then open the file using any of the following commands:
$ sudo visudo #OR $ sudo nano /etc/sudoers
Create the following alias under the “
#Cmnd alias specification“ comment section.
Cmnd_Alias DISABLE_SU = /bin/su
Then add the following line at the end of the file, replacing “
linuxtldr” with the actual username.
linuxtldr ALL=ALL, !DISABLE_SU
Save and close the file, then restart the current session to reflect the changes.
Next time, when you try to access the “
su” command using sudo, you will be prompted with the following error:
That’s all for now; sayonara.