In UNIX/Linux, su is the most powerful command that allows you to access the root account or another user’s account with their account password.
Although you can easily restrict or disable su command access for a specific user with sudo privileges by following the steps in this article.
|Description||Block ‘su’ Access to Sudo Users|
|Root or Sudo Privileges||Yes|
|Host System and Architecture||Ubuntu 22.10 (x64)|
|OS Compatibility||Ubuntu, Manjaro, Fedora, etc.|
|Discussed Tools in this Article||nano|
How to Block ‘su’ Access for Sudo Users
You need to modify the “/etc/sudoers” file in order to prevent or block sudo users from accessing the su command.
Also Read: Difference Between Su, Sudo Su, Sudo -i, and Sudo -s
But first, take a backup of this file using the following command:
$ sudo cp /etc/sudoers /etc/sudoers.bak
And then open the file using any of the following commands:
$ sudo visudo #OR $ sudo nano /etc/sudoers
Create the following alias under the “#Cmnd alias specification“ comment section.
Cmnd_Alias DISABLE_SU = /bin/su
Then add the following line at the end of the file, replacing “linuxtldr” with the actual username.
linuxtldr ALL=ALL, !DISABLE_SU
Save and close the file, then restart the current session to reflect the changes.
Also Read: How to Switch to Root or Normal User Account in Linux
Next time, when you try to access the
su command using sudo, you will be prompted with the following error:
That’s all for now; sayonara.
Join The Conversation
Users are always welcome to leave comments about the articles, whether they are questions, comments, constructive criticism, old information, or notices of typos. Please keep in mind that all comments are moderated according to our comment policy.