[sudo-users] HOWTO put many editors easily

Matthew Stier Matthew.Stier at fnc.fujitsu.com
Wed Nov 17 17:40:19 EST 2004 

I hope that you are aware that there is an inherent weakness in giving 
users access to editors.

Then can always close the file they have to specify on the commandline, 
and open any other one, that file permissions grant them access to.

There is another inherent weakness in 'vi'.  You can spawn subshells; 
and thus do whatever you want.


Ladner, Eric (Eric.Ladner) wrote:

>If the sudoers file supported full regular expressions, you could do
>something like this:
>
>Cmnd_Alias    RESOLV = /usr/bin/@(gedit|vim|vi|whatever)
>/etc/resolv.conf
>
>But it doesn't so you can't.
>
>In situations like this, I always take the hard ass approach and say
>"ok, you can either edit it with VI or GEDIT.  That's it."  If they
>don't know VI, they can use GEDIT.  Or maybe use VI and NANO.
>
>Eric Ladner, Systems Analyst 
>RFMS IT Support
>
>
>-----Original Message-----
>From: sudo-users-bounces at courtesan.com
>[mailto:sudo-users-bounces at courtesan.com] On Behalf Of Edilmar Alves -
>Lista
>Sent: Wednesday, November 17, 2004 3:58 PM
>To: sudo-users at sudo.ws
>Subject: [sudo-users] HOWTO put many editors easily
>
>
>If I have to allow users to edit the file /etc/resolv.conf, I do this:
>Cmnd_Alias      RESOLV = /usr/bin/gedit /etc/resolv.conf, /usr/bin/vim 
>/etc/resolv.conf
>
>Is there some way to create something like this:
>Cmnd_Alias      RESOLV = /usr/bin/gedit OR /usr/bin/vim OR ... OR ... 
>/etc/resolv.conf
>to specifically put many editors, 3 or more?
>
>____________________________________________________________ 
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:
>http://www.sudo.ws/mailman/listinfo/sudo-users
>
>
>
>____________________________________________________________ 
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:
>http://www.sudo.ws/mailman/listinfo/sudo-users
>  
>

-- 
Matthew Lee Stier                 *  Fujitsu Network Communications
Unix Systems Administrator        |  Two Blue Hill Plaza
Ph: 845-731-2097 Fx: 845-731-2011 |  Sixth Floor
Matthew.Stier at fnc.fujitsu.com     *  Pearl River, NY 10965

More information about the sudo-users mailing list