To restrict use of the sudo command, I believe you need a rule like <user> <host>=(<asUser>:<asGroup>) <command> where ALL indicates authorized to run the command on any host, as any user, and as any group. In your case you may limit any of these three by replacing ALL in the appropriate position (or leaving out the asUser or asGroup); so jdd ALL=(ALL:ALL) /usr/bin/sudo -i or jdd remoteserver=(someuser:somegroup) /usr/bin/sudo -i The command must be fully qualified, and if you want to restrict a comand's arguments you must specify them in the rule; e.g. in the example above, the sudo command is only authorized to run with the -i option present. See the man (5) sudoers file for examples, in the section Runas_Spec for more details. HTH, Leslie On 2023-08-18 02:42:12 jdd@dodin.org wrote:
Hello,
If I write in the sudoers file:
jdd ALL=(ALL:ALL) NOPASSWD: ALL
I can use any root command from my jdd account (through ssh).
I would like to be only able to use "sudo -i" and I can't
my goal is to be able to go full root if necessary, but not execute any other command to prevent environment (and others) problem
how can I achieve this
thanks jdd -- Platform: Linux Distribution: openSUSE Leap 15.4 - x86_64