|
|
|
|
|
|
by tremon
1248 days ago
|
|
|
I'm not sure what point you're trying to make, but: $ sudo /bin/sh -c su -
It's never useful to deny certain commands to a user if that user is allowed to open a shell. Any shell. So you probably want to change that first line to (ALL : ALL) NOEXEC: ALL
and provide a whitelist for all tools that do spawn children as part of their normal operation (such as apt, dpkg, and probably half of all unix tooling). |
|
|