[sudo-users] consultatio about edition for files

Todd C. Miller Todd.Miller at courtesan.com
Mon May 12 09:11:38 MDT 2014

The way you are trying to do this is not secure as the user will
be able to start a shell from /bin/vi and run any command as root.

This is what "sudoedit" is for.  E.g.

%admbackup ALL = sudoedit /opt/tivoli/tsm/client/oracle/bin64/*.opt

would allow users in group admbackup to run:

$ sudoedit /opt/tivoli/tsm/client/oracle/bin64/*.opt

the editor will run as the user (not root) and after the edit is
complete, sudo will copy the edited file back to the original path.

Note that for sudoedit rules you should not use a fully-qualified
path, just "sudoedit".

 - todd

More information about the sudo-users mailing list