[sudo-users] Disabling root to execute vi
Matthew Hannigan
mlh at zip.com.au
Mon Nov 24 18:36:03 EST 2008
On Mon, Nov 24, 2008 at 09:01:58AM -0200, Valdemir Santos wrote:
> Hi:
> Can you tell me how disable root to execute vi ?
> I put this line with no success...
>
>
> Cmnd_Alias ADMCMD = !/usr/bin/vi,!/usr/xpg4/bin/vi,!/usr/ucb/vi,!/bin/vi, ALL
Two points.
1. There should be a big sign on the front of sudo saying:
DO NOT USE THE EXCLUDE FEATURE (ie. !)
It's just too hairy and prone to misconfiguration and misunderstanding.
Relatedly:
2. sudo is for ALLOWING extra access not restricting.
Just don't give access to vi in the first place,
i.e. DO NOT USE 'ALL' unless you mean ALL
Apart from that, what do you mean 'disable root'?
Do you mean disable normal uses to run vi as root?
Or do you really mean disable root?
More information about the sudo-users
mailing list