[sudo-users] SUDO: NOEXEC over ssh -t user at host
Gary C. New
garycnew at yahoo.com
Mon Jul 25 11:56:10 EDT 2011
Recently, I've successfully been able to implement the NOEXEC tag with the more and less commands on my localhost. However, I'm now attempting to allow a user sudo access to a remote machine using sudo /usr/bin/ssh -t.
gary ALL=(gnutech) NOPASSWD:NOEXEC: /usr/bin/ssh -t guest at host more /var/logs/syslog
I'm able to remotely more the syslog, but I'm able to execute the shell escape and obtain a remote shell as the guest user.
sudo -u gnutech /usr/bin/ssh -t guest at host more /var/logs/syslog
Is it possible to inforce the NOEXEC feature remotely over ssh?
I'm using sudo-1.6.8 --with-noexec on RHEL 4.
Thank you for your assistance.
More information about the sudo-users