How can I exclude a list of users?
Todd C. Miller
Todd.Miller at courtesan.com
Fri Apr 25 16:29:58 EDT 2003
In message <3E9D9C91.1070000 at partner.bmw.de>
so spake Herbert Wengatz (Herbert.Wengatz):
> The guys who need to use this account have to switch sometimes to
> any other account on the machine - but now comes the problem: we
> don't want them to become UID 0. So they shall not be able to switch
> to any operator-account, having UID 0.
>
> What I tried until now is:
>
> # List of hosts:
> Host_Alias APP_SUPP_HOSTS = A,B,C
>
> # List of operating accounts (all with UID 0):
> User_Alias OPER = root,oper1,oper2,oper3
>
> # and now I try to bring that together:
> projectaccount APP_SUPP_HOSTS = ALL,!OPER
>
> It seems to be syntactically OK, but it doesn't seem to work.
I think what you really want is something like this:
# List of hosts:
Host_Alias APP_SUPP_HOSTS = A,B,C
# List of operating accounts (all with UID 0):
Runas_Alias OPER = #0,root,oper1,oper2,oper3
projectaccount APP_SUPP_HOSTS = (ALL,!OPER) ALL
That would allow the "projectaccount" user to run any command on
the APP_SUPP_HOSTS hosts as any user *except* the ones in OPER.
- todd
More information about the sudo-users
mailing list