[sudo-users] sudoRunAsUser negation

Todd C. Miller Todd.Miller at sudo.ws
Wed Jul 10 14:17:05 MDT 2019

There are various ways you might use this, though the most
straight-forward is probably in conjunction with "ALL".

However, for sudoRunAsUser (but not sudoRunAsGroup) you could also
use it along with groups or netgroups just as you would for sudoUser.
That is, something like this ought to work as well:

sudoRunAsUser: %somegroup
sudoRunAsUser: !thatguy

where you could run commands as any user in "somegroup" except for
"thatguy" (don't be that guy).

I'm not sure how useful this really is, but under the hood sudoRunAsUser
is handled more or less the same as sudoUser so you get negation
for free.

 - todd

More information about the sudo-users mailing list