[sudo-users] Host negation

Michael Ströder michael at stroeder.com
Wed Sep 14 02:05:09 MDT 2016

Gunjan Varshney wrote:
> A role superadmins (example, I created this role in sudoers) should be 
> applicable to certain hosts but not others. I know CIDR of 'other hosts' but 
> on these hosts I do not want super admins.

I suspect that if you don't know the IP addresses of all allowed hosts you can
also not be sure that the set of 'other hosts' is not extended later without you
noticing it.

Yet another case which clearly shows:
In general rule negation is bad practice!

Ciao, Michael.

More information about the sudo-users mailing list