sudo-users Digest, Vol 6, Issue 6
Ladner, Eric (Eric.Ladner)
Eric.Ladner at chevrontexaco.com
Tue Jun 10 09:52:40 EDT 2003
Restricting things a user can't run usually doesn't work very well (as
you've illustrated below) unless it's a really really big list.
Consider the following:
sudo perl -e "system('cp /usr/bin/sh /var/tmp/xxx'); system('chmod 4777
Not to mention there are about a thousand other ways to do that using
other utilities (awk, vi, etc.)
Instead, consider building up a list of things that your approved sudo
folks CAN run. That way you have a semi-managable list of things you
can watch, rather than worrying about every little command on the
From: Molumuri, Janardhan [mailto:mjanar at corp.untd.com]
Sent: Tuesday, June 10, 2003 01:46
To: 'sudo-users at sudo.ws'
Subject: RE: sudo-users Digest, Vol 6, Issue 6
Any body has any ideas for this ?
Sorry, user test is not allowed to execute '/usr/bin/sh' as root
>ln -s /usr/bin/sh ./test1
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
More information about the sudo-users