Blocking sudo access

New Contributor III

We are currently trying to allow user's to be admin's but blocking off certain access to the OS. Is there a way to block sudo access for an admin account? Most of our users don't need to access the terminal, so I can block it completely if I have to, but would like to just dumb down their access.


New Contributor III

Have you considered using the Restricted Software feature to restrict Terminal commands or the entire Terminal app

Contributor III

You could modify /etc/sudoers. I'm not sure if any recent versions of macOS changed our ability to edit that file or if it's SIP protected, but back in the old days I used to push out a modified version of that.

Contributor III

Maybe a better approach would be to only allow admin access when requested? Jamf had made a scrip to do that