vi and sudo
Allan.Marillier at dana.com
Allan.Marillier at dana.com
Wed Jun 5 12:52:27 EDT 2002
Yes - if you compile vim for any platform and set up your sudoers so that
the user can access rvim but not vi, they can not get any shell access. Any
shell
access attempt e.g.
Esc :ls
Esc :sh
etc results in an error message "E145: Shell commands not allowed in rvim"
"Jeff Kennedy"
<jlkennedy at amcc. To: Allan.Marillier at dana.com
com> cc: tom.robinson at ehbas.com, sudo-users at sudo.ws,
gsaoutine at yahoo.com
06/05/02 09:17 Subject: Re: vi and sudo
AM
I know this is an old post but I have a question on this. Is Allan
saying that vim compiled for Solaris will allow file editing as root
*without* allowing a shell escape? So in essence I can allow interns to
add jumpstart clients by editing the RCS host file without worrying
about them breaking out and munging something else?
Thanks.
~JK
Allan.Marillier at dana.com wrote:
>
> vi on Linux is very often vim, which gives you the rvi
>
> You can go to http://www.vim.org and download the latest source
> for vim and compile it for any platform. I've built it with no trouble
> on HP-UX and AIX, and also use precompiled vim executables on
> my PC under Windows. (Adding some class and power to the OS!)
>
> vim also gives you a GUI environment if you want it (gvim) and has a
rgvim
> version as well, to give a restricted GUI vi.
>
> vim has a number of benefits over stock vi, including providing simple
> file locking - ensuring that two people don't vi the same file at the
same
> time
> and trash each other's changes.
>
> (No - I have nothing to do with the vim project - I just believe it's a
> very good
> vi implentation.)
>
>
> "Thomas
> Robinson" To: <sudo-users at sudo.ws>
> <tom.robinson@ cc:
> ehbas.com> Subject: RE: vi and sudo
> Sent by:
> sudo-users-adm
> in at sudo.ws
>
>
> 04/23/02 04:46
> AM
>
>
>
> > dear list,
> >
> > i am new to sudo and recently installed it on sun
> > solaris 2.6. when i open vi while acting in the sudo
> > context, vi still seems lets me execute shell commands
> > as root.
>
> I'm not sure about Solaris, but linux has /bin/rvi and /bin/rview which
> restrict the use of such things as executing shells from within an
> editing session.
>
> Tom
>
> This e-mail message is meant solely for the person or organisation to
whom
> it is adressed. The message may contain personal or confidential
> information, or information that is not public in nature. Ehbas Ltd
accepts
> no responsibility for message content and possible attachments that are
> unlawful or of questionable decency. Further dissemination, publication
or
> duplication of this message is strictly prohibited if the person or
> organisation receiving this message is not the intended recipient. In the
> event that you are not the intended recipient, we request you to refrain
> from using the content and to immediately inform the sender of the error
by
> returning the message. Thank you for your co-operation.
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
--
=====================
Jeff Kennedy
Unix Administrator
AMCC
jlkennedy at amcc.com
More information about the sudo-users
mailing list