1

Can I have two users, one above other, but all can run all sudo commands and run all sudo applications, except user below, is not allowed specific small group of actions,set by user above. Ideally, both are admins, but one is not allowed all actions. For example, both have same privileges, except user below is not allowed only to edit /etc/hosts file.

Improve this question
3
  • I think you should have two groups and change owner of hosts file so that only the allowed admin can edit that. Is that what you want?
    – Saeed
    Commented Jan 24, 2022 at 17:47
  • 2
    If all sudo commands are allowed, the user can also remove any restrictions
    – Virsacer
    Commented Jan 24, 2022 at 17:47
  • To enlarge upon what @Virsacer said: there are dozens (maybe hundreds) of questions on this site about how to allow a user to do "anything and everything, except for X, Y and Z" in sudo, and the answer almost always is that it's impossible. If you give a user broad administrative rights, they can break through and gain full power.
    – G-Man Says 'Reinstate Monica'
    Commented Feb 11, 2022 at 21:27

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .