[sudo-users] Restrict shells but allow execution of init scripts
rpetkus at bnl.gov
Thu Jun 30 12:13:55 EDT 2011
I'm looking for a way to restrict users from launching a root shell
using sudo but would like to allow the execution of system init shell
scripts. What would be the most logical means to proceed?
Currently, I have config lines like so:
Cmnd_Alias SHELLS = /usr/bin/*sh*, /sbin/*sh*, /bin/*sh*
POWERUSERS ..., !SHELLS
Thanks in advance!
More information about the sudo-users