sudo help URGENT!!

Sai Balasubramanyam Garimella gsaibala at
Tue Dec 23 09:30:44 EST 2003

thanks todd , 

>>Sudo takes the last match so yes

was a significant  point to me..


-----Original Message-----
From: Todd C. Miller [mailto:Todd.Miller at]
Sent: Tuesday, December 23, 2003 7:22 PM
To: Sai Balasubramanyam Garimella
Cc: sudo-users at
Subject: Re: sudo help URGENT!! 

In message
<A74DA636A939D7118E4B00065B8E55B00BC0A358 at
	so spake Sai Balasubramanyam Garimella (gsaibala):

> Is it possible to have the following entries in for a user in sudoers
> gsaibala = (root) ALL
>            (root) !SHELLS
> 	      (xuser)"user"  	
> are they not mutually conflicting .

Sudo takes the last match so yes, you can do this kind of thing
(though your syntax is not correct).

However, note that it is trivial for a user to bypass things like
ALL,!SHELLS since there is nothing preventing him/her from copying
a shell to a different file or simply making a script or program
that executes a shell.  Also, many editors and paginators have
shell escapes.

 - todd

More information about the sudo-users mailing list