pll at mclinux.com
Mon Apr 9 11:47:28 EDT 2001
In a message dated: Mon, 09 Apr 2001 11:16:24 +0200
Xavier Mertens said:
>In a sudoers file, I grant access to the vi command to a group "X".
>Those guys does not have rights to use a shell.
>$ sudo vi
>In vi: :sh
>=> root shell!
>How can I fix this?
Don't allow them to run vi. Replace vi with something like vim and
use the 'rvi' symlink to vi which will disallow access to external
programs like the shell.
You could also write a wrapper around vim and use the -S option and
replace the normal vi with the wrapper, moving the real vi to
something else which isn't allowed by sudo.
vim with the rvi symlink is standard on most Linux systems.
It may look like I'm just sitting here doing nothing,
but I'm really actively waiting for all my problems to go away.
If you're not having fun, you're not doing it right!
More information about the sudo-users