Denying execution of certain commands

Vicari, Raymond Raymond.Vicari at
Tue Aug 29 15:34:47 EDT 2000

Can someone help me with this one?

I am allowing most users access to almost all commands with the exception of
a few. Example:

I don't want the users to be able to change ownership (chown) of their
.profile file.  I made the entry
!/bin/chown *.profile in visudo.  This works fine, but since chown appears
in other directories such as
/usr/bin/chown, if they issue the command "sudo /usr/bin/chown <user>
.profile", it allows them to execute
the command.  Do I have to put an entry in for each directory the system
puts a command (including
an entry to stop a person from copying a command to another directory and
issuing it from there), or is there
a string I can put in that covers the command in all appearances of it?

Anyone's help would be greatly appreciated.


Ray Vicari

More information about the sudo-users mailing list