On Tue, Feb 05, 2008 at 08:04:29PM +0000, Josh Welch wrote:
> Note that the proper approach here would be to simply disallow doing a  
> sudo to su if you're on a multi-user system where such things matter.  
> One of the nice things about sudo is that you can specify with a fair  
> degree of granularity what users are allowed to issue what commands as  
> the superuser.

The problem with the blacklist route of dealing with sudo, is
that there are often holes.  Many programs allow you to run shell
commands (vi, emacs, etc.), so you really need to restrict their
usage as well, if you are going to go this route.

-- 
Jim Crumley                  |Twin Cities Linux Users Group Mailing List (TCLUG)
Ruthless Debian Zealot       |http://www.mn-linux.org/ 
Never laugh at live dragons  |