[sudo-users] sudoRunAsUser negation
Michael W. Lucas
mwlucas at michaelwlucas.com
Wed Jul 10 13:53:20 MDT 2019
Hi,
I'm trying to wrap my brain around sudoRunAsUser|Group and negation.
Negation seems to have an obvious use in sudoUser: "allow this group,
except this person."
Why would you use negation in a sudoRunAsUser, though? I mean:
sudoRunAsUser: postgres
sudoRunAsUser: mysql
sudoRunAsUser: !mysql
I read this as "allow running as postgres."
Or is it a way of explicitly rejecting certain access in this
sudoRole, more like:
sudoRunAsUser: !root
sudoRunAsUser: postgres
sudoRunAsUser: mysql
Or something else?
Any enlightenment appreciated.
Thanks,
==ml
PS: Yes, this is for the new edition of sudo mastery. I am sadly
limited by not having a multibillion-dollar employer to experiment on,
as I did in the first edition. ;-)
--
Michael W. Lucas https://mwl.io/
author of: Absolute OpenBSD, SSH Mastery, git commit murder,
Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc...
More information about the sudo-users
mailing list