how to restrict shell access?


#1

Is there any way to restrict ADMIN level users from executing shell commands ?
I’m chief information officer, and we are going to implement and deploy VYOS as our primary router at branches,
in my research, I’ve found out, admin users can execute shell commands !
We have to allow our branches administrators to configure VYOS routers, but not access to OS nor access to the system files.
our security policy preventing us from delegating access from linux administrators to network administrators

please guide me


#2

You may try to change the /etc/sudoers.d/vyatta file


#3

nah, ain’t working at all

execute vtysh

going to quagga, now you are able to configure routing and etc … full access to configuration,
But no shell access, non of shell commands like ls, cat, sudo, and … working

looking for something like that