Denying execution of certain commands
Raymond.Vicari at Dialogic.com
Tue Aug 29 15:34:47 EDT 2000
Can someone help me with this one?
I am allowing most users access to almost all commands with the exception of
a few. Example:
I don't want the users to be able to change ownership (chown) of their
.profile file. I made the entry
!/bin/chown *.profile in visudo. This works fine, but since chown appears
in other directories such as
/usr/bin/chown, if they issue the command "sudo /usr/bin/chown <user>
.profile", it allows them to execute
the command. Do I have to put an entry in for each directory the system
puts a command (including
an entry to stop a person from copying a command to another directory and
issuing it from there), or is there
a string I can put in that covers the command in all appearances of it?
Anyone's help would be greatly appreciated.
More information about the sudo-users