[sudo-users] Sudo with directory allows .. to be added. How do I avoid this.
Art A
arthur.2007 at yahoo.com
Fri Nov 19 12:52:52 EST 2010
In sudoers:
%mygrp ALL=sudoedit /var/opt/perf/*
-----
this works
sudo -e /var/opt/perf/perfd.ini
This also works: (app-defaults is a subdirectory)
sudo -e /var/opt/perf/app-defaults/../../../../etc/passwd
So my question is how can I allow someone to edit any file in a directory without putting every file in the sudoers. I have read the documentation and tried [!.] but it didn't work for me. What I would settle on is a why to say any pattern without a '..' in it is valid.
Thanks in advance for any help.
Art
More information about the sudo-users
mailing list