[sudo-users] execute blocked command from a script
Ran.Li at rci.rogers.com
Wed May 24 17:16:08 EDT 2006
I m using ldap based sudo, basically it allows users to do anything
except some commands like "shutdown" (sudoCommand !/usr/sbin/shutdown).
As I did a test, when user execute "shutdown" command directly it will
give the proper output and will prevent user from doing so, "Sorry, user
is not allowed to execute '/usr/sbin/shutdown' as root on host"
however, if user uses vi to edit a file/script, insert line "shutdown"
and grant the execute permission to that script then it will be out of
My question is, other than grant the user specific commands they need,
is there a way to resolve this kind of issue? Thanks.
More information about the sudo-users