[sudo-users] sudo and friends

jan kalcic jandot at googlemail.com
Thu Jan 18 14:32:00 EST 2007

Stanley, Jon wrote:
> Almost right:
> user	ALL=(root) <command>.
> There is a problem with /usr/bin/vi, as it's trivial in vi to do a shell
> escape and the user could do anything they wanted as root.  If you trust
> the user with root, then that's not a huge problem. 
>> -----Original Message-----
>> From: sudo-users-bounces at courtesan.com 
>> [mailto:sudo-users-bounces at courtesan.com] On Behalf Of jan kalcic
>> Sent: Thursday, January 18, 2007 9:50 AM
>> To: sudo-users at sudo.ws
>> Subject: [sudo-users] sudo and friends
>> Hi people,
>> I need to give access to all files under /etc/samba/* to a user using
>> sudo. I want him to be able to modify to all those files using vi and I
>> also want him to use the script /etc/init.d/smbd and nmbd with option
>> "status" only.
>> user ALL=/usr/bin/vi /etc/samba/*
>> user ALL=/etc/init.d/smbd status
>> user ALL=/etc/init.d/nmbd status
>> Is this configuration right or I've not understood nothing about sudo?
>> Regards,
>> Jan
>> ____________________________________________________________ 
>> sudo-users mailing list <sudo-users at sudo.ws>
>> For list information, options, or to unsubscribe, visit:
>> http://www.sudo.ws/mailman/listinfo/sudo-users

I felt that it was almost :)

I tried with (root) and without it but I get the following error:

Sorry, user user is not allowed to execute 'sudoedit
/etc/samba/smb.conf' as root on host.

What does (root) means?


More information about the sudo-users mailing list