0

I want to prevent users using "sudo rm" form anywhere.
I have edited sudoers:

Members of the admin group may gain root privileges

%admin ALL=(ALL) ALL,!/bin/rm

And ok:

derek@derek-desktop:~$ sudo rm

Sorry, user derek is not allowed to execute '/bin/rm' as root on derek-desktop.

But I create a test.sh with a rm command

derek@derek-desktop:~$ cat test.sh
rm --help

It show me the rm help. Seems sudoers can't prevent this behavior. I want to disable all the users running rm from sudo.
Can you help me? Thanks in advance!

Improve this question
0

1 Answer 1

Reset to default
1

What you have added to the sudoers works fine. It prevents users in the admin group from running sudo rm anywhere on the server. However, it doesn't stop them from running rm

If you change test.sh to have sudo rm --help this will error.

If you don't trust a user to run the rm command maybe you could create an if statement in the global bash.bashrc such as....

group=`groups`
if [[ $group == *admin* ]] ; then
        alias rm=''
        alias unalias=''
fi

Hope this offers a somewhat alternative to your question.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.