[sudo-users] sudoers file config

David tee david_teee at yahoo.com
Wed Oct 27 23:35:42 EDT 2004

I have configured sudo in one mf my server. The contents of sudoers file as follows.
# Host alias specification
Host_Alias      DBSRV = SOLDBPRO01, SOLDBPR02

# User alias specification
User_Alias      SYSADMINS = raj_p yong_wee, john_w
# Cmnd alias specification
Cmnd_Alias      REBOOT = /usr/sbin/reboot, /usr/ucb/fastboot, \
        /usr/sbin/shutdown, /usr/sbin/init, /usr/sbin/halt, /usr/ucb/fasthalt
Cmnd_Alias      SU = /usr/bin/su
Cmnd_Alias      PASSWD = /usr/bin/passwd [A-z]*, !/usr/bin/passwd *root*
Cmnd_Alias      SHELLS = /usr/bin/csh, /usr/bin/sh, /usr/bin/tcsh, \
                /usr/bin/ksh, /usr/bin/bash, /usr/bin/zsh, /usr/bin/rsh
Cmnd_Alias      DENYSUDO = /usr/bin/visudo

# User privilege specification
root            ALL = ALL
When the user "yong_wee" login, he is able to modify the /etc/sudoers file with "sudo vi /etc/sudoers". It is not only with "vi", the user is able use all the commands(i.e mv, rm, more, etc) on "/etc/sudoers" file. Not only "yong_wee" ID, but also other IDs are able to do thi. Please let me know how can I prevent this and keep the /etc/sudoers file safe.
Thanks in advance. 

Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.

More information about the sudo-users mailing list