(ALL, !root, !#0) as runas does not work as expected
Todd C. Miller
Todd.Miller at courtesan.com
Tue Dec 10 16:01:18 EST 2002
In message <20021210205323.GD18149 at bitz.ca>
so spake Michael Coulter (mjc):
> Is there a method of specifying a runas field that
> prevents usage as any uid 0 account ?
Not at this time. This kind of thing requires some major
changes in the sudoers file parser.
> To make thing easier, all the uid 0 accounts are of the format
> ??root or ?root. I tried a line like this with no luck stopping
> usage as ??root type users.
> user ALL=(ALL , !#0, !root, ![A-z]*root) NOPASSWD: /bin/bash
Wildcard matching is not done for usernames.
More information about the sudo-users