Ask Your Question

"sudo /bin/bash" gives root shell to sudo user, how to prevent this?

asked 2016-04-26 07:16:33 -0500

suraj353 gravatar image

after "sudo /bin/bash" command, user gets root access, how to prevent this by adding lines to sudoers file ?

edit retag flag offensive close merge delete


but your user needs root access for other programs?

gobigobi66 gravatar imagegobigobi66 ( 2016-04-29 19:56:57 -0500 )edit

2 Answers

Sort by ยป oldest newest most voted

answered 2016-04-26 09:57:07 -0500

aeperezt gravatar image

updated 2016-04-26 11:34:48 -0500

florian gravatar image

You need to add !/bin/bash at the end of the %wheel line on the sudoers file so it looks like

%wheel  ALL=(ALL)       ALL, !/bin/bash

That will block users to use /bin/bash and sudo -s will not work but users can still use:

sudo su -

If you want to block that too add


to the end of the %wheel line as suggested on the bash issue.

Good luck

edit flag offensive delete link more



And after that user run something like sudo dnf -y install beesu && beesu - gnome-terminal or sudo dnf -y install fish && sudo /usr//bin/fish, or ... In my opinion, it is the wrong approach to create a "partial" root access.

Either your user needs root rights and you trust him or her. Then, grant the rights. If the person is not trusted or does not need root access, don't grant it.

florian gravatar imageflorian ( 2016-04-26 11:39:17 -0500 )edit

Or, if your user only needs root access for a few commands, take him/her out of wheel and give separate sudo access limited to what's really needed.

sideburns gravatar imagesideburns ( 2016-04-26 13:58:55 -0500 )edit

answered 2016-04-27 01:16:11 -0500

genodeftest gravatar image

Remove the user from sudoers file or uninstall sudo. Note: su and pkexec mostly do the same.

edit flag offensive delete link more

Question Tools

1 follower


Asked: 2016-04-26 07:16:33 -0500

Seen: 4,765 times

Last updated: Apr 27 '16