[sudo-users] sudoers question

Andrew Hall halla3 at corp.earthlink.net
Mon Dec 13 14:30:17 EST 2004


I have what I hope is a very simple question.  I have a User_Alias, and 
a few Cmnd_Alias'.

One of the command Alias' I have is a list of shells, that I deny use of 
  with !.

So my command alias looks like:

Cmnd_Alias SHELLS = /bin/bash, /bin/bash2, /bin/ash, /bin/bsh, 
/bin/tcsh, /bin/csh, /bin/ksh, /bin/zsh

and my user priv looks like:

Now what happening is that users are either 1, using /usr/local/bin/zsh 
or coping zsh (or there perferred shell) to a local dir and executing 
it, and sudo is allowing the command.

Please forgive if I am wrong, but I thought if I had an alias w/ ! and 
that alias contained zsh that ALL instances of zsh would be denied.

Can can I keep users from getting a root shell?


More information about the sudo-users mailing list