sudoers config

Parson, David David.Parson at
Tue Oct 23 15:57:04 EDT 2001


I hope it's obvious to someone out there as to why the following won't work.
In other words I can still do " sudo su - root ", "sudo su - {and get to

I also tried to block vi usage with the following:
!/*/vi  {which does not block using vi}

The intent is to let the Alias do most root activity except for the obvious

*** START ***

# Cmnd alias specification
Cmnd_Alias NMS = /usr/bin/[a-z]*, /usr/sbin/[a-z]*,
!/usr/local/sbin/visudo,!/usr/sbin/vx*, !/usr/bin/vi, !/*/sh, !/*/ksh,
!/*/csh, !/*/init, !/*/reboot, !/*/visudo, !/*/shutdown, !/*/halt, !/*/bash,
!/sbin/su "", !/usr/bin/su "", !/sbin/su -, !/usr/bin/su -, !/sbin/su.static
"", !/usr/bin/su.static "",!/sbin/su.static -, !/usr/bin/su.static -,
!/sbin/su root, !/usr/bin/su root, !/sbin/su - root, !/usr/bin/su - root,
!/sbin/su -[a-z]*, !/usr/bin/su -[a-z]*,!/sbin/su.static -[a-z]*,
!/usr/bin/su.static -[a-z]*, /usr/bin/su - [a-z]*, /usr/bin/su [a-z]*

** END **

-----Original Message-----
From: Matthew Hannigan [mailto:mlh at]
Sent: Wednesday, October 17, 2001 1:06 PM
To: Parson, David
Cc: 'Sreenivasan, Rohit G'; 'sudo-users at'
Subject: Re: Question Regarding X environment

You have to look after Xauth stuff as well.
You _do_ use xauth don't you?
It'd be a nice feature for sudo to support this.
Though sadly it opens up a security hole, in that
you could manipulate X into running commands that
would be unlogged by sudo. Perhaps an option would be


> "Parson, David" wrote:
> You need to set your DISPLAY variable and export it.  There are many
> ways to determine what to set it to, but the easiest would be to login
> as your regular user and "echo $DISPLAY", then once you su ?? just set
> it back to the same.
> Depending on the shell that you are using, something like the
> following:
> echo $DISPLAY <CR>  {as yourself before you su}
> After you su ...
> export DISPLAY
> {where xxx is the proper setting}
> _-D Parson
> -----Original Message-----
> From: Sreenivasan, Rohit G [mailto:rohit.g.sreenivasan at]
> Sent: Wednesday, October 17, 2001 10:17 AM
> To: 'sudo-users at'
> Subject: Question Regarding X environment
> Hi,
>  When i sudo to another user or account, i am not able to run any of
> the
> x-(commands) like xlock,xauotlock,xdu,xcopy etc.., is this a security
> feature for the sudo or is there a wrapper around this to allow users
> to
> sudo and still be able to run the x environment.
>   I am running this on Solaris 2.5 , and the Sudo version 1.5.6p6 .
> Thanks,
> Rohit...
> ____________________________________________________________
> sudo-users mailing list <sudo-users at>
> For list information, options, or to unsubscribe, visit:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/sudo-users/attachments/20011023/53936681/attachment.html>

More information about the sudo-users mailing list