[OT] sudo: restrict to physical console only?

To: debian-user@lists.debian.org
Subject: [OT] sudo: restrict to physical console only?
From: Marco Möller <talby@debianlists.mobilxpress.net>
Date: Tue, 4 Aug 2020 09:47:24 +0200
Message-id: <[🔎] 10c1aea2-ce0c-dfed-9e4b-88fa6890e7db@debianlists.mobilxpress.net>

Is it possible (how?) to restrict a user to only be allowed to make useof its sudo usage permission if working at the physical console, notgranting to this user sudo permission when i.e. logged in via ssh? Tokeep it simple, I could imagine to even have all sudo for all usersdeactivated automatically as soon as a remote connection by ANY user isdetected.The idea behind this: I have the root account already deactivated, andam using in principal only one main user who also has the sudopermissions for being able to do all the system administration, exactlyas Debian was setting this up automatically during the systeminstallation. If I now this main user ssh access to the system, then Iwould like to asure that some security is in place, at least concerningsuch simple restrictions like not offering sudo. Coming physically backto the system could then be checked in the log files if meanwhileunwanted ssh login or activity took place because I assume that at leastthe log files cannot have been manipulated.

Reply to:

Follow-Ups:
- Re: [OT] sudo: restrict to physical console only?
  - From: Keith bainbridge <keithrbau@gmail.com>
- Re: [OT] sudo: restrict to physical console only?
  - From: <tomas@tuxteam.de>
- Re: [OT] sudo: restrict to physical console only?
  - From: Andy Smith <andy@strugglers.net>
- Re: [OT] sudo: restrict to physical console only?
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: VMs on external storage CPU overloading
Next by Date: Re: Systemd leaves uninterruptible processes
Previous by thread: Qwerty to _ ? - Colemak, Workman, Maltron and more ...
Next by thread: Re: [OT] sudo: restrict to physical console only?
Index(es):
- Date
- Thread