Executing commands without sudo
Todd C. Miller
Todd.Miller at courtesan.com
Fri Aug 2 14:17:25 EDT 2002
In message <1028308640.1785.23.camel at gary>
so spake Gary Call (gcall):
> I just installed sudo on a SCO Openserver 5.05 server. The
> configuration file has been edited via visudo.
> Here's my problem:
> A user ("john") logs in. In visudo, his entry looks like:
> john ALL:/bin/mt,/bin/cpio
> When I log in as john, I get the following:
> prompt$ /etc/mount (this allows him to use mount)
Sure, but not as root (unless the user already is uid 0).
> prompt$ sudo /etc/mount (this denies him via sudo)
As it should based on the sudoers fragment you pasted above.
> Why is the user "john" able to execute everything when he is not
> prefixing the command with sudo? I was under the assumption that
> everything for "john" would be denied, unless he prefixed the command
> with sudo. Once he prefixes the command with sudo, he would then be
> allowed only /bin/mt and /bin/cpio.
I don't know why you expect that the user won't be able to run
commands w/o sudo. Sudo just lets a user run certain commands as
root (or another user). It doesn't affect normal execution of commands.
More information about the sudo-users