I have created a couple of users who use their SSH Keys to log in on a server.
I don't want any user to have root access, i.e, no user should be able to do sudo su or su - another user.
When I check the user, I can see only these
id user
uid=1001(user) gid=1001(user) groups=1001(user)
I have checked across the internet, I found how to disable sudo access for users with a password but I want to disable it for users who are using their SSH keys to log in?
I want to disable sudo and su access for user that log in using SSH. How will I do it?
Edit 01:
I have done the following;
sudo deluser user sudo
/usr/sbin/deluser: The user is not a member of group `sudo'.
and
sudo gpasswd -d user sudo
Removing the user from group sudo
gpasswd: the user is not a member of 'sudo'
After that, I checked
sudo -l -U user
User may run the following commands on the server:
(ALL) NOPASSWD: ALL
User is still able to run sudo su and get root access.
EDIT 02:
@Panki, The snippet
visudo
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL: ALL) ALL
/etc/sudoersfile allows anybody without a password to run every command asroot. This is a very bad idea for obvious reasons. You should edit the file (usevisudofor this) and restore a sane state.(ALL) NOPASSWD: ALLcomes from somewhere. If it's not directly in thesudoersfile then maybe the file contains#includeor#includedir(they are not comments). Learn what they do (seeman 5 sudoers), locate files/directories they point to and investigate. If you need to change anything, usevisudo -f.