rvim

[Jeff Kennedy]

Overwriting a file is less of a concern (I have backups and they would
be fired).  The real issue is getting a root shell, with all the
priveledge it provides.  As long as they can *only* edit files and not
break out into an open root environment then I'm ok with that.

Thanks for the idea though.  I think I might write a wrapper that they
use for rvim; something like 'jumpstart_edit' where jumpstart_edit is
just a script where they can choose which file to edit with rvim.  They
run the script as themselves and once a file is chosen it runs 'sudo
rvim <file>'.  Think that would work?

~JK

"King, Daniel" wrote:
> 
> rvim, and even rview will allow writing out files - any file on the system if they are executed as root.  Are you more concerned about malice or stupidity?
> 
> malice == :w!/dev/dsk/xxxx
> 
> A. Daniel King, System Analyst
> Fiserv - Atlanta Center
> 1475 Peachtree Street, NE - Suite 700
> Atlanta, GA 30309
> 404-873-2851 x2034
> 
> -----
> Date: Mon, 24 Jun 2002 07:41:22 -0700
> From: "Jeff Kennedy" <jlkennedy at amcc.com>
> Organization: AMCC
> To: Sudo List <sudo-users at courtesan.com>
> Subject: rvim
> 
> I wanted to get some confirmation that I'm not missing anything.  We
> want interns to be able to edit certain files like hosts and ethers but
> obviously do not want them to have any root capability.  With 'sudo vi'
> they have the ability to execute shell commands as root or simply break
> out into a root shell.
> 
> Using rvim I was unable to do the above-mentioned things but wanted to
> make sure I'm not missing a gotcha.  No ':!' commands were allowed nor
> was a shell escape.
> 
> Anything else I might be missing?  Not counting root shell scripts that
> -----
> 
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

-- 
=====================
Jeff Kennedy
Unix Administrator
AMCC
jlkennedy at amcc.com