sudo help URGENT!!
Sai Balasubramanyam Garimella
gsaibala at corp.untd.com
Tue Dec 23 09:30:44 EST 2003
thanks todd ,
>>Sudo takes the last match so yes
was a significant point to me..
-Sai.
-----Original Message-----
From: Todd C. Miller [mailto:Todd.Miller at courtesan.com]
Sent: Tuesday, December 23, 2003 7:22 PM
To: Sai Balasubramanyam Garimella
Cc: sudo-users at sudo.ws
Subject: Re: sudo help URGENT!!
In message
<A74DA636A939D7118E4B00065B8E55B00BC0A358 at HYDMAIL2.hyd.corp.int.untd
.com>
so spake Sai Balasubramanyam Garimella (gsaibala):
> Is it possible to have the following entries in for a user in sudoers
file.
>
> gsaibala = (root) ALL
> (root) !SHELLS
> (xuser)"user"
>
> are they not mutually conflicting .
Sudo takes the last match so yes, you can do this kind of thing
(though your syntax is not correct).
However, note that it is trivial for a user to bypass things like
ALL,!SHELLS since there is nothing preventing him/her from copying
a shell to a different file or simply making a script or program
that executes a shell. Also, many editors and paginators have
shell escapes.
- todd
More information about the sudo-users
mailing list