Executing commands without sudo

Todd C. Miller Todd.Miller at courtesan.com
Fri Aug 2 14:17:25 EDT 2002

In message <1028308640.1785.23.camel at gary>
	so spake Gary Call (gcall):

> I just installed sudo on a SCO Openserver 5.05 server.  The
> configuration file has been edited via visudo. 
> Here's my problem:
> A user ("john") logs in.  In visudo, his entry looks like:
> john	ALL:/bin/mt,/bin/cpio
> When I log in as john, I get the following:
> prompt$ /etc/mount  (this allows him to use mount)

Sure, but not as root (unless the user already is uid 0).

> prompt$ sudo /etc/mount (this denies him via sudo)

As it should based on the sudoers fragment you pasted above.

> Why is the user "john" able to execute everything when he is not
> prefixing the command with sudo?  I was under the assumption that
> everything for "john" would be denied, unless he prefixed the command
> with sudo.  Once he prefixes the command with sudo, he would then be
> allowed only /bin/mt and /bin/cpio.

I don't know why you expect that the user won't be able to run
commands w/o sudo.  Sudo just lets a user run certain commands as
root (or another user).  It doesn't affect normal execution of commands.

 - todd

More information about the sudo-users mailing list