[sudo-users] restrict shell out to root using sudo
Muhammad Habib
mhabib73 at gmail.com
Tue Jul 6 20:52:36 EDT 2010
Hi,
I am looking for restricting users to do shell out in their scripts. For
example , I have script1 which I have given user "userA" to run using sudo
e.g. sudo script1.
and script is owned by root as well so user cannot update the script.
However, user can edit with sudoedit as well. Now , if user modifies this
script to call /bin/sh , he gets the root access when he runs the script
i.e. "sudo script1". I tried to stop it using "NOEXEC" function but that
will cause this script1 to run OK , but all commands in this script (eg. ps
, uname etc.) will fail to run as well.
script1 is as follows:
==============================
#!/bin/ksh
uname >> /tmp/myhost
ps -ef | grep db >> /tmp/myproc
/bin/sh
===============================
Thanks
Habib
--
This communication contains confidential information intended only for the
persons to whom it is addressed. Any other distribution, copying or
disclosure is strictly prohibited. If you have received this communication
in error, please notify the sender and delete this e-mail message
immediately.
Le présent message contient des renseignements de nature confidentielle
réservés uniquement à l'usage du destinataire. Toute diffusion,
distribution, divulgation, utilisation ou reproduction de la présente
communication, et de tout fichier qui y est joint, est strictement
interdite. Si vous avez reçu le présent message électronique par erreur,
veuillez informer immédiatement l'expéditeur et supprimer le message de
votre ordinateur et de votre serveur.
More information about the sudo-users
mailing list