[sudo-users] sudoers question: ALL - but restrict su -
Carville, Stephen
scarville at LANDAM.com
Thu May 29 20:52:10 EDT 2008
> -----Original Message-----
> From: sudo-users-bounces at courtesan.com [mailto:sudo-users-
> bounces at courtesan.com] On Behalf Of Ladner, Eric (Eric.Ladner)
> Sent: Thursday, May 29, 2008 4:13 PM
> To: dave.parson at daimler.com; sudo-users at sudo.ws
> Subject: Re: [sudo-users] sudoers question: ALL - but restrict su -
>
> don't forget to restrict "sudo vi /etc/sudoers" ;)
I've been using sudo for close to ten years now and I've never seen a
solution to this that can't be bypassed by a knowledgeable user in a few
minutes. Now when I really need this level of access control I turn on
selinux and start setting up ACL's.
>
> Eric Ladner
> Systems Analyst
> Chevron Products Company
>
> -----Original Message-----
> From: sudo-users-bounces at courtesan.com
> [mailto:sudo-users-bounces at courtesan.com] On Behalf Of
> dave.parson at daimler.com
> Sent: Thursday, May 29, 2008 4:50 PM
> To: sudo-users at sudo.ws
> Subject: [sudo-users] sudoers question: ALL - but restrict su -
>
> I know this has been discussed before, but there seems to be more than
> one
> way to configure this - I would like to be a secure as possible.
>
> Problem: Allow a user ALL commands, but "not" allow a root shell
> (perhaps
> later on don't allow vi as well). So commands like "su root" "su -"
> "su"
> whould not be allowed, but all other commands would.
>
> Perhaps there is a better way than how I am trying to implement this
?.
>
>
> David
>
>
>
> If you are not the intended addressee, please inform us immediately
> that
> you have received this e-mail in error, and delete it. We thank you
for
> your cooperation.
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
> No virus found in this incoming message.
> Checked by AVG.
> Version: 8.0.100 / Virus Database: 269.24.4/1473 - Release Date:
> 5/29/2008 7:53 PM
More information about the sudo-users
mailing list