Sunday, September 24, 2023
 Popular · Latest · Hot · Upcoming
rated 0 times [  2] [ 0]  / answers: 1 / hits: 2839  / 1 Year ago, sat, september 10, 2022, 12:46:28

I'd like to disable getting root at all for users who ssh in - including "sudo su" cause that's pretty much the same thing... Can this be done? Assume that I'M not ssh'ing in, and have physical access to the machine, but want to prevent other users from gaining root without physical access.

More From » ssh


I can't think to a generic way of having the same user able to do sudo in a graphical terminal (which is a virtual tty) and not on a ssh connection --- that in the end is just another kind of virtual tty.

What I can think as an approximate solution is:

  1. have trusted users that can do sudo(1), call them alpha and beta

  2. have users that can't do sudo(1), call them aleph y bet

Now, forbid ssh login to alpha y beta using the DenyUsers directive in /etc/ssh/sshd.conf:

DenyUsers alpha beta 

If you want that the user alpha y aleph can share files, you can make them the same group or members of an additional group and adjust the file permissions accordingly.


(1) Just a reminder: a user can do sudo if it's a member of the group sudo or adm (depending on Ubuntu version). To remove the ability for an user to do sudo:

gpasswd -d user sudo 
gpasswd -d user adm

and to enable it:

gpasswd -a user sudo 
gpasswd -a user adm

(one or the other --- check with groups which is the correct group in your system).

[#22320] Saturday, September 10, 2022, 1 Year  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.

Total Points: 298
Total Questions: 114
Total Answers: 139

Location: Samoa
Member since Mon, Nov 8, 2021
2 Years ago