restriction by UID range?

Brown, Tony TBrown2 at
Fri Sep 13 15:19:33 EDT 2002

I could be wrong but if you have Solaris 9, why not use RBAC ... seems that this would be easier to pull of with that.

-----Original Message-----
From: bergman at [mailto:bergman at]
Sent: Friday, September 13, 2002 2:15 PM
To: sudo-users at
Subject: restriction by UID range?

I'd like to set up sudo (v. 1.6.6, under Solaris 9) so that trusted users can 
spawn a shell as another user, but only if the named user has a UID within a 
certain range.

In this hypothetical environment, user "joe" would be able to run anything 
(including spawning a shell) as any of the webaccounts (30000 >= UID >= 65536).

	#cat /etc/passwd	# hypothetical password file
	homepage:x:30025:30001:Home Page:/export/htdocs/homepage:/bin/bash
	webmaster:x:30026:30001:Web Master:/export/htdocs/webmaster:/bin/bash

	#cat /etc/sudoers	# hypothetical sudoers config
	Runas_Alias WEBACCOUNTS=#[30000-65535]


Is this possible, without a wrapper script?



sudo-users mailing list <sudo-users at>
For list information, options, or to unsubscribe, visit:

This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged and confidential.  If the reader of this e-mail message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is prohibited. If you have received this e-mail in error, please notify us immediately by telephone at (312) 695-9166, indicating the sender's name, and destroy all copies of the transmittal. Thank you.

More information about the sudo-users mailing list