Disable SU access for sudo users

Some times you need to disable sudo su – access on your environment so that the users will use sudo command always and they will not switch to any other users account unnecessarily

Lets see how to do it

Step 1: Edit the /etc/suoders by running visudo

# visudo

Step 2: Add the below Command Alias

Cmnd_Alias BLOCKSU = /bin/su

If you want to block SU for only a particular user, you can use the below entry.

user1 ALL=(ALL) NOPASSWD: ALL, !BLOCKSU

If you want to block it for all the users via a group like wheel, Then the below entry change will do the job

%wheel ALL=(ALL) ALL

to

%wheel ALL=(ALL) ALL, !BLOCKSU