shells and pipes
Paul M . Lambert
plambert at plambert.net
Wed Jun 14 14:18:09 EDT 2000
First, nvi has a -S option that prevents shell escapes. There may be
a way to hardcode this when compiling it. It would be pretty straightforward
to write a wrapper that prepends the -S option to the given arguments.
Second, when you type:
sudo foo | bar
the shell you're in splits that into two commands and does the pipe. That's
why bar is run as you. This is reasonably obvious if you think of how a
shell works.
To make bar above run as root, use:
sudo sh -c 'foo | bar'
This only works if you have access to a shell. If you do not, use:
sudo foo | sudo bar
For a redirect, use dd:
sudo foo > bar
writes bar as you, not as the sudo'd user.
sudo foo | sudo dd of=bar
writes bar as the sudo'd user.
--plambert
On Wed, 14 Jun 2000, Hanson, James J wrote:
> Hello,
>
> I've got a few questions:
>
> 1) How can you stop users from shelling out of such things a vi
> session and starting a new shell as root
>
> 2) Redirects and pipes seem to lose the root permissions, anyway
> around this
>
> 3) I have aliases configured to do sudi='sudo -u informix', which seems
> to work fine unless I try to use sudi in a shell script. Am I forced
> to source in this alias with every script I attempt this
>
> This tool is makes it so much easier to work wearing dual hats, like
> sys admin and dba. I can execute one command as root and the next as
> Informix, all from my own private user/history etc....!!! Thanks for
> the great utility!
>
>
> Jim
--
I hate bombs, terrorism, fear, plans, future and past injustices, manifestos,
popular sentiment, ignition, timetables, meetings, and poorly adjusted
weasels. A warm hello to my friends and fans in domestic surveillance!
More information about the sudo-users
mailing list