[sudo-users] sudo interactive + ldap`
Mark
mark at mbfk.net
Mon Jul 17 10:42:10 EDT 2006
Hello All,
I'm currently running Sudo version 1.6.8p9 on HPUX 11i and 11.0 in combination with Netscape
Directory Server 6.1 and 6.11.
Everything works just fine, I have the users in the same ldapdirectory as the sudo cn=default and
and a number of roles.
There's one thing I recently found and it's puzzling me..
I've created a number of roles for different types of operators on our systems.
Some roles have rights to some/all commands but 'su' and all shells.
This because all command's they perform as root have to be logged.
Now it turns out they can still do this, getting a rootshell that is, by issuing 'sudo -i'.
So the questionn is : Is there a way to prevent this ?
And the second question : how do I do this in the LDAP configuration ?
Thanks for your ideas on this.
Greetz,
Mark Benschop
More information about the sudo-users
mailing list