So here's the problem. We've got the /etc/sudoers file set up so that users can run commands from /bin like "cat" or "mkdir" without entering a password.
The problem is that the "su" command is also in /bin, so if they enter "sudo su", it gives them root access without a password.
Here's the /etc/sudoers file:
Defaults targetpw %users ALL=(ALL) ALL root ALL=(ALL) ALL support ALL=(ALL) NOPASSWD: /sbin/, /bin/, /opt/, /etc/init.d/, /elo/ support ALL=(ALL) NOPASSWD: /usr/bin/mysql
Is there a way I can deny /bin/su while still allowing the rest of the /bin commands?