[sudo-users] Restrict shells but allow execution of init scripts

JR Aquino JR.Aquino at citrix.com
Thu Jun 30 12:24:11 EDT 2011

On Jun 30, 2011, at 9:13 AM, Robert Petkus wrote:

> Folks,
> I'm looking for a way to restrict users from launching a root shell using sudo but would like to allow the execution of system init shell scripts.  What would be the most logical means to proceed?
> Currently, I have config lines like so:
> Cmnd_Alias      SHELLS = /usr/bin/*sh*, /sbin/*sh*, /bin/*sh*

I'm not sure how you could have assurances that the 'init' script couldn't execute / land the user in a shell of its own?

Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T:  +1 805.690.3478
jr.aquino at citrixonline.com

> Thanks in advance!
> Robert
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list