[sudo-users] consultatio about edition for files

federico montaldo fmontaldo3 at gmail.com
Mon May 12 09:20:49 MDT 2014

HI todd,

Thanks for your repply. If i put this entries in sudo:

Cmnd_Alias ADMBKUP  /usr/bin/dsmc,\
/bin/vi /opt/tivoli/tsm/client/ba/bin/dsm.sys,\
/bin/vi /opt/tivoli/tsm/client/ba/bin/dsm.opt,\
/bin/vi /tsmlogs/logs/dsmerror.log,\
/bin/vi /tsmlogs/logs/dsmsched.log,\
/sbin/initctl start dsm-sched

But when I want to add the line as an example that you passme. Sudo
reply with an error in the first line of the Cmnd_Alias.

On Mon, May 12, 2014 at 12:11 PM, Todd C. Miller
<Todd.Miller at courtesan.com> wrote:
> The way you are trying to do this is not secure as the user will
> be able to start a shell from /bin/vi and run any command as root.
> This is what "sudoedit" is for.  E.g.
> %admbackup ALL = sudoedit /opt/tivoli/tsm/client/oracle/bin64/*.opt
> would allow users in group admbackup to run:
> $ sudoedit /opt/tivoli/tsm/client/oracle/bin64/*.opt
> the editor will run as the user (not root) and after the edit is
> complete, sudo will copy the edited file back to the original path.
> Note that for sudoedit rules you should not use a fully-qualified
> path, just "sudoedit".
>  - todd

More information about the sudo-users mailing list