How to Block ‘su’ Access for Sudo Users

Linux TLDR
Last Updated:
Reading time: 1 minutes

In UNIX/Linux, su is the most powerful command that allows you to access the root account or another user’s account with their account password.

Although you can easily restrict or disable su command access for a specific user with sudo privileges by following the steps in this article.

Tutorial Details

DescriptionBlock ‘su’ Access to Sudo Users
Difficulty LevelModerate
Root or Sudo PrivilegesYes
Host System and ArchitectureUbuntu 22.10 (x64)
OS Compatibility Ubuntu, Manjaro, Fedora, etc.
Prerequisitesvisudo
Internet RequiredNo
Discussed Tools in this Articlenano

How to Block ‘su’ Access for Sudo Users

You need to modify the “/etc/sudoers” file in order to prevent or block sudo users from accessing the su command.

Also Read: Difference Between Su, Sudo Su, Sudo -i, and Sudo -s

But first, take a backup of this file using the following command:

$ sudo cp /etc/sudoers /etc/sudoers.bak

And then open the file using any of the following commands:

$ sudo visudo

#OR

$ sudo nano /etc/sudoers

Create the following alias under the “#Cmnd alias specification“ comment section.

Cmnd_Alias DISABLE_SU = /bin/su

Output:

Creating an alias inside the sudoers file
Creating an alias inside the sudoers file in Linux

Then add the following line at the end of the file, replacing “linuxtldr” with the actual username.

linuxtldr ALL=ALL, !DISABLE_SU

Output:

Blocking su access for sudo users
Blocking su access to sudo users

Save and close the file, then restart the current session to reflect the changes.

Also Read: How to Switch to Root or Normal User Account in Linux

Next time, when you try to access the su command using sudo, you will be prompted with the following error:

Current logged-in user is disabled from accessing the su command
Current logged-in user is disabled from accessing the su command

That’s all for now; sayonara.

Join The Conversation

Users are always welcome to leave comments about the articles, whether they are questions, comments, constructive criticism, old information, or notices of typos. Please keep in mind that all comments are moderated according to our comment policy.