[sudo-users] sudoers file config
David tee
david_teee at yahoo.com
Wed Oct 27 23:35:42 EDT 2004
Hi,
I have configured sudo in one mf my server. The contents of sudoers file as follows.
# Host alias specification
Host_Alias DBSRV = SOLDBPRO01, SOLDBPR02
# User alias specification
User_Alias SYSADMINS = raj_p yong_wee, john_w
# Cmnd alias specification
Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/ucb/fastboot, \
/usr/sbin/shutdown, /usr/sbin/init, /usr/sbin/halt, /usr/ucb/fasthalt
Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias PASSWD = /usr/bin/passwd [A-z]*, !/usr/bin/passwd *root*
Cmnd_Alias SHELLS = /usr/bin/csh, /usr/bin/sh, /usr/bin/tcsh, \
/usr/bin/ksh, /usr/bin/bash, /usr/bin/zsh, /usr/bin/rsh
Cmnd_Alias DENYSUDO = /usr/bin/visudo
# User privilege specification
root ALL = ALL
SYSADMINS BDSRV = ALL, !REBOOT, !SU, PASSWD, !SHELLS, !DENYSUDO
When the user "yong_wee" login, he is able to modify the /etc/sudoers file with "sudo vi /etc/sudoers". It is not only with "vi", the user is able use all the commands(i.e mv, rm, more, etc) on "/etc/sudoers" file. Not only "yong_wee" ID, but also other IDs are able to do thi. Please let me know how can I prevent this and keep the /etc/sudoers file safe.
Thanks in advance.
Regards
David
---------------------------------
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
More information about the sudo-users
mailing list