Sudo conundrum
Todd C. Miller
Todd.Miller at courtesan.com
Sat Mar 15 19:56:54 EST 2003
In message <75014BFE3D0905438C4B6EF4C49E5FC6CA363E at usbumail2.newsedge.com>
so spake "Monappallil, George" (George.Monappallil):
> As you can see I have tried to restrict the users under DEV to use commands
> listed under command alias TS and not use commands listed under NOTS.
> However, the interesting part is that, when I log in as a user that is
> listed under DEV (for example "robs") I can run any command, even those that
> are not listed under TS if I don't precede the command with "sudo". Example:
> User robs# mount /u01
>
> As you can see, I haven't used "sudo" to precede the command above. Is this
> a loophole ?
If you don't prefix the command with sudo then you won't have
any additional rights or privileges. However, based on your prompt
it looks like you are already root when you are doing your tests,
so of course you can do rootly things like "mount /u01".
- todd
More information about the sudo-users
mailing list