sudoers file config help
Maubert, Pierre
p-maubert at ti.com
Wed Sep 19 02:45:08 EDT 2001
David,
This line below let's you doin any su * you want but it blocks su root or su
- or su or su - root
Cmnd_Alias SU=/usr/bin/su [A-z]*,/bin/su [A-z]*,/sbin/su [A-z]*,/usr/bin/su
- [A-z]*,/bin/su - [A-z]*,/sbin/su - [A-z]*,!/usr/bin/su root,!/bin/su
root,!/sbin/su root,!/usr/bin/su - root,!/bin/su - root,!/sbin/su - root
_________________________
Pierre Maubert, System Administrator
Texas Instruments France
Tel: +33 (0)4 93 22 26 81
Fax: +33(0)4 92 02 46 69
Email: Pierre Maubert < mailto:p-maubert at ti.com <mailto:p-maubert at ti.com> >
_________________________________
-----Original Message-----
From: Parson, David [mailto:David.Parson at PacifiCorp.com]
Sent: Wednesday, September 19, 2001 2:12 AM
To: sudo-users at courtesan.com
Subject: sudoers file config help
I need assistance in setting up the sudoers file in such a way that the user
can run any commands on the
local machine except su to root {any shell of course}. I see a way to do
this, but the syntax that I use if not correct.
Any recommendations ?
This must be secure - in other words no way can this person or persons get
to any root shell.
I am sure that I can use the same syntax to restrict activities such as "su
- something" in the case where I need to do this as well.
-------------------------------------------------------
Dave Parson
PacifiCorp - Unix Enterprise & SAP
825 NE Multnomah St. LCT: 800
Portland Oregon 97232
503-849-4522
--------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/sudo-users/attachments/20010919/19b77145/attachment.html>
More information about the sudo-users
mailing list