[sudo-users] SUDO & noexec

Kevin Chadwick ma1l1ists at yahoo.co.uk
Tue Feb 18 11:39:42 MST 2014


previously on this list PASHIARDIS Charalambos contributed:

>  Is there a good way to have sudo just block
> interactive shell and allow other types of execs to go through?

Sudoedit is a prime example (vi without escape) but also you can have
multiple matching lines, some with noexec and others without but in any
case you have to be careful about what you run as root as always.

Otherwise I'm not sure and if the sudoers man page which is
well maintained doesn't say so and noone else speaks up, then likely
not.

You could use the power of groups as in grant permission to a group and
use sudo to that group which does not have exec permission on the
shells.

-- 
_______________________________________________________________________

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

In Other Words - Don't design like polkit or systemd
_______________________________________________________________________


More information about the sudo-users mailing list