[sudo-users] Restrict shells but allow execution of init scripts
JR Aquino
JR.Aquino at citrix.com
Thu Jun 30 12:24:11 EDT 2011
On Jun 30, 2011, at 9:13 AM, Robert Petkus wrote:
> Folks,
> I'm looking for a way to restrict users from launching a root shell using sudo but would like to allow the execution of system init shell scripts. What would be the most logical means to proceed?
>
> Currently, I have config lines like so:
> Cmnd_Alias SHELLS = /usr/bin/*sh*, /sbin/*sh*, /bin/*sh*
> POWERUSERS ..., !SHELLS
I'm not sure how you could have assurances that the 'init' script couldn't execute / land the user in a shell of its own?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T: +1 805.690.3478
jr.aquino at citrixonline.com
http://www.citrixonline.com
> Thanks in advance!
> Robert
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list