vi shell

Paul Lussier pll at
Mon Apr 9 11:47:28 EDT 2001

In a message dated: Mon, 09 Apr 2001 11:16:24 +0200
Xavier Mertens said:

>In a sudoers file, I grant access to the vi command to a group "X".
>Those guys does not have rights to use a shell.
>$ sudo vi
>Password: xxx
>In vi: :sh
>=> root shell!
>How can I fix this?

Don't allow them to run vi.  Replace vi with something like vim and 
use the 'rvi' symlink to vi which will disallow access to external 
programs like the shell.

You could also write a wrapper around vim and use the -S option and 
replace the normal vi with the wrapper, moving the real vi to 
something else which isn't allowed by sudo.

vim with the rvi symlink is standard on most Linux systems.

	It may look like I'm just sitting here doing nothing,
   but I'm really actively waiting for all my problems to go away.

	 If you're not having fun, you're not doing it right!

More information about the sudo-users mailing list