[sudo-users] execute blocked command from a script
Ran Li
Ran.Li at rci.rogers.com
Wed May 24 17:16:08 EDT 2006
hello all,
I m using ldap based sudo, basically it allows users to do anything
except some commands like "shutdown" (sudoCommand !/usr/sbin/shutdown).
As I did a test, when user execute "shutdown" command directly it will
give the proper output and will prevent user from doing so, "Sorry, user
is not allowed to execute '/usr/sbin/shutdown' as root on host"
however, if user uses vi to edit a file/script, insert line "shutdown"
and grant the execute permission to that script then it will be out of
control.
My question is, other than grant the user specific commands they need,
is there a way to resolve this kind of issue? Thanks.
Regards,
Ran
More information about the sudo-users
mailing list