the !

Kaysee Long kaysee at us.ibm.com
Tue Feb 5 14:48:28 EST 2002


Hi I am compiling the newest version of sudo and a security doc (outside of
sudo) said this:

Commands sshould not be subtracted from ALL using "!" because the user
could copy the command to a different name or path and then run it.  If
this method is used it must be done with this exposure in mind.  For
example:
user  ALL = ALL, !/usr/bin/vi

Does this hold true and how would I do it a different way?

example if I need the shells command change from :

Cmnd_Alias SHELLS=/usr/bin/ksh, /usr/bin/csh, /usr/bin/sh, /usr/bin/rsh, \
/bin/ksh, /bin/csh, /bin/sh, /bin/rsh

%kaysee       ALL=ALL,!SHELLS







More information about the sudo-users mailing list