How-To Prevent command execution in vi - SUDO
Toni L. Harbaugh-Blackford
harbaugh at abcc.ncifcrf.gov
Tue Mar 16 10:43:55 EST 2004
David-
Many commands provide shell escapes like vi does. You can't allow users
to run these commands with sudo, because there is no way to stop them from
using a shell escape. The only way to restrict an account the way you want
to is to either give it a restricted shell *or* provide a chroot jail.
Toni
On Tue, 16 Mar 2004 David.Knight at clubcorp.com wrote:
> ALl,
> I am currently in to process of implementing SUDO on my Tru64
> Servers. However, I have one question:
> 1) I need to be able to lock down accounts to the point of only allowing
> them access to a very very limited command set I.E Just "ls" "pwd" "cd"
> and "vi" however I have found that SUDO is mainly to allow users access
> to commands ran by other users. so I figured that I could write a script
> to force them to use sudo or a limited command set however I find that if
> you allow some one access to the "vi" command they can execute any command
>
> the wish by doing a :! and the command. I have been unable to find any
> options to SUDO either on compile time or execution nor with vi that will
> prevent this from happening. any help would be grateful.
>
> Thanks in advance,
> David Knight
>
> ____________________________________________________________
> sudo-workers mailing list <sudo-workers at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-workers
>
-------------------------------------------------------------------
Toni Harbaugh-Blackford harbaugh at abcc.ncifcrf.gov
System Administrator
SAIC/NCI Frederick Advanced Biomedical Computing Center
More information about the sudo-users
mailing list