shells and pipes

[Paul M . Lambert]

First, nvi has a -S option that prevents shell escapes.  There may be
a way to hardcode this when compiling it.  It would be pretty straightforward
to write a wrapper that prepends the -S option to the given arguments.

Second, when you type:

sudo foo | bar

the shell you're in splits that into two commands and does the pipe.  That's
why bar is run as you.  This is reasonably obvious if you think of how a
shell works.

To make bar above run as root, use:

sudo sh -c 'foo | bar'

This only works if you have access to a shell.  If you do not, use:

sudo foo | sudo bar

For a redirect, use dd:

sudo foo > bar

writes bar as you, not as the sudo'd user.

sudo foo | sudo dd of=bar

writes bar as the sudo'd user.

--plambert


On Wed, 14 Jun 2000, Hanson, James J wrote:

> Hello,
> 
> I've got a few questions:
> 
> 1) How can you stop users from shelling out of such things a vi 
>    session and starting a new shell as root 
> 
> 2) Redirects and pipes seem to lose the root permissions, anyway
>    around this
> 
> 3) I have aliases configured to do sudi='sudo -u informix', which seems
>    to work fine unless I try to use sudi in a shell script.  Am I forced
>    to source in this alias with every script I attempt this
> 
> This tool is makes it so much easier to work wearing dual hats, like
> sys admin and dba.  I can execute one command as root and the next as
> Informix, all from my own private user/history etc....!!!  Thanks for
> the great utility!
> 
> 
> Jim
-- 
I hate bombs, terrorism, fear, plans, future and past injustices, manifestos,
popular sentiment, ignition, timetables, meetings, and poorly adjusted
weasels.  A warm hello to my friends and fans in domestic surveillance!