Help

Blocking sudo access

mykool
New Contributor III

Posted on ‎01-20-2021 11:08 AM

We are currently trying to allow user's to be admin's but blocking off certain access to the OS. Is there a way to block sudo access for an admin account? Most of our users don't need to access the terminal, so I can block it completely if I have to, but would like to just dumb down their access.

0 Kudos
3 REPLIES 3

don_cochran
New Contributor III

Posted on ‎01-21-2021 12:05 PM

Have you considered using the Restricted Software feature to restrict Terminal commands or the entire Terminal app

0 Kudos

patgmac
Contributor III

Posted on ‎01-21-2021 12:49 PM

You could modify /etc/sudoers. I'm not sure if any recent versions of macOS changed our ability to edit that file or if it's SIP protected, but back in the old days I used to push out a modified version of that.

0 Kudos

Dylan_YYC
Contributor III

Posted on ‎01-21-2021 12:56 PM

Maybe a better approach would be to only allow admin access when requested? Jamf had made a scrip to do that https://github.com/jamf/MakeMeAnAdmin

0 Kudos