(ALL, !root, !#0) as runas does not work as expected
mjc at bitz.ca
Tue Dec 10 15:53:23 EST 2002
On Tue, Dec 10, 2002 at 12:41:56PM -0700, Todd C. Miller wrote:
> The "!#0" only prevents someone from running "sudo -u #0"
Is there a method of specifying a runas field that
prevents usage as any uid 0 account ?
To make thing easier, all the uid 0 accounts are of the format
??root or ?root. I tried a line like this with no luck stopping
usage as ??root type users.
user ALL=(ALL , !#0, !root, ![A-z]*root) NOPASSWD: /bin/bash
Is this possible with sudo ?
More information about the sudo-users