how to prevent ./*
Martin Vazquez
mtrash1 at hotmail.com
Wed Nov 12 07:31:23 EST 2003
Hi Rahul,
Thank you very much for your answer.
Unfortunately, I did not express myself correctly in my initial mail. When I
configure !/usr/bin/XX, then the users are still alowed to do sudo ./XX,
because ./does not match with /usr/bin.
Any further idea?
Thanks again
Martin
>From: "Rahul" <shadhanker at gmx.net>
>To: "Martin Vazquez" <mtrash1 at hotmail.com>,<sudo-users at sudo.ws>
>Subject: Re: how to prevent ./*
>Date: Wed, 12 Nov 2003 14:41:58 +0530
>
>Hello Martin,
>
>You can configure sudoers files with "!/usr/bin/XX
>But make sure that the user(whose in the sudoers file) are using
>$ sudo ./XX [or]
>$ sudo /usr/bin/XX
>
>NOT just
>
>$./XX or
>$/usr/bin/XX
>
>Hope this helps and let me how it works.
>
>Thanks and Regards,
>-sadha
>
>
> > Can anyone tell me how to configure sudoers in order to prevent someone
>from
> > doing ./* ?
> > I am trying to prevent someone from executing a command XX, so I
>configured
> >
> > !/usr/bin/XX
> >
> > but still that user can go and do cd /usr/bin, ./XX.
> >
> > I cannot seem to put ! ./XX in sudoers, I get a syntax error.
> >
> > Can anyone tell how to do it?
> >
> > By the way, is it possible to include subdirectories when putting
>wildcards?
> > For instance, I would like !/usr/* to prevent from doing everything
>under
> > /usr, including subdirectories. Any idea?
> >
> > Thanks a lot
> >
> > Martin
> >
> > _________________________________________________________________
> > Protect your PC - get McAfee.com VirusScan Online
> > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> >
> > ____________________________________________________________
> > sudo-users mailing list <sudo-users at sudo.ws>
> > For list information, options, or to unsubscribe, visit:
> > http://www.sudo.ws/mailman/listinfo/sudo-users
> >
>
>
>---
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.534 / Virus Database: 329 - Release Date: 10/31/2003
>
_________________________________________________________________
Great deals on high-speed Internet access as low as $26.95.
https://broadband.msn.com (Prices may vary by service area.)
More information about the sudo-users
mailing list