[sudo-users] sudoers question
Andrew Hall
halla3 at corp.earthlink.net
Mon Dec 13 14:30:17 EST 2004
Greetings,
I have what I hope is a very simple question. I have a User_Alias, and
a few Cmnd_Alias'.
One of the command Alias' I have is a list of shells, that I deny use of
with !.
So my command alias looks like:
Cmnd_Alias SHELLS = /bin/bash, /bin/bash2, /bin/ash, /bin/bsh,
/bin/tcsh, /bin/csh, /bin/ksh, /bin/zsh
and my user priv looks like:
DEVELOPER ALL = (ALL) ALL, !DISALLOWED_CMDS, !SHELLS
Now what happening is that users are either 1, using /usr/local/bin/zsh
or coping zsh (or there perferred shell) to a local dir and executing
it, and sudo is allowing the command.
Please forgive if I am wrong, but I thought if I had an alias w/ ! and
that alias contained zsh that ALL instances of zsh would be denied.
Can can I keep users from getting a root shell?
Drew
More information about the sudo-users
mailing list