how to restrict shell access?

p3rtinax · February 12, 2018, 1:46pm

Is there any way to restrict ADMIN level users from executing shell commands ?
I’m chief information officer, and we are going to implement and deploy VYOS as our primary router at branches,
in my research, I’ve found out, admin users can execute shell commands !
We have to allow our branches administrators to configure VYOS routers, but not access to OS nor access to the system files.
our security policy preventing us from delegating access from linux administrators to network administrators

please guide me

ArneO · February 12, 2018, 1:51pm

You may try to change the /etc/sudoers.d/vyatta file

p3rtinax · February 12, 2018, 4:49pm

nah, ain’t working at all

execute vtysh

going to quagga, now you are able to configure routing and etc … full access to configuration,
But no shell access, non of shell commands like ls, cat, sudo, and … working

looking for something like that