(ALL, !root, !#0) as runas does not work as expected

Michael Coulter mjc at bitz.ca
Tue Dec 10 15:53:23 EST 2002

On Tue, Dec 10, 2002 at 12:41:56PM -0700, Todd C. Miller wrote:

> The "!#0" only prevents someone from running "sudo -u #0"

Is there a method of specifying a runas field that
prevents usage as any uid 0 account ?

To make thing easier, all the uid 0 accounts are of the format
??root or ?root. I tried a line like this with no luck stopping
usage as ??root type users.

user    ALL=(ALL , !#0, !root, ![A-z]*root) NOPASSWD: /bin/bash

Is this possible with sudo ?

More information about the sudo-users mailing list