stopping shell execution from with vi editor as root

[Thomas Robinson]

Hi,

I'd like to give permissions to some users so that they can edit
specific files as root. Unfortunately in my simple set up they can also
execute the :! command and gain root shell access. Is there any way to
defeat this or should I implement a different method to enable users to
edit files as root?

My config looks roughly like the following:

Cmnd_Alias         ICANEDIT            /bin/vi /etc/some.conf

auser               myhost             = (root) ICANEDIT

Regards

Tom

Thomas Robinson
Ehbas Ltd
T: 01273 234 665
F: 01273 704 499


This e-mail message is meant solely for the person or organisation to whom it is adressed. The message may contain personal or confidential information, or information that is not public in nature. Ehbas Ltd accepts no responsibility for message content and possible attachments that are unlawful or of questionable decency. Further dissemination, publication or duplication of this message is strictly prohibited if the person or organisation receiving this message is not the intended recipient. In the event that you are not the intended recipient, we request you to refrain from using the content and to immediately inform the sender of the error by returning the message. Thank you for your co-operation.