sudo help URGENT!!

Todd C. Miller Todd.Miller at
Tue Dec 23 08:51:38 EST 2003

In message <A74DA636A939D7118E4B00065B8E55B00BC0A358 at
	so spake Sai Balasubramanyam Garimella (gsaibala):

> Is it possible to have the following entries in for a user in sudoers file.
> gsaibala = (root) ALL
>            (root) !SHELLS
> 	      (xuser)"user"  	
> are they not mutually conflicting .

Sudo takes the last match so yes, you can do this kind of thing
(though your syntax is not correct).

However, note that it is trivial for a user to bypass things like
ALL,!SHELLS since there is nothing preventing him/her from copying
a shell to a different file or simply making a script or program
that executes a shell.  Also, many editors and paginators have
shell escapes.

 - todd

More information about the sudo-users mailing list