(ALL, !root, !#0) as runas does not work as expected

Todd C. Miller Todd.Miller at courtesan.com
Tue Dec 10 16:01:18 EST 2002

In message <20021210205323.GD18149 at bitz.ca>
	so spake Michael Coulter (mjc):

> Is there a method of specifying a runas field that
> prevents usage as any uid 0 account ?

Not at this time.  This kind of thing requires some major
changes in the sudoers file parser.

> To make thing easier, all the uid 0 accounts are of the format
> ??root or ?root. I tried a line like this with no luck stopping
> usage as ??root type users.
> user    ALL=(ALL , !#0, !root, ![A-z]*root) NOPASSWD: /bin/bash

Wildcard matching is not done for usernames.

 - todd

More information about the sudo-users mailing list