[sudo-users] sudoRunAsUser negation
Todd C. Miller
Todd.Miller at sudo.ws
Wed Jul 10 14:17:05 MDT 2019
There are various ways you might use this, though the most
straight-forward is probably in conjunction with "ALL".
However, for sudoRunAsUser (but not sudoRunAsGroup) you could also
use it along with groups or netgroups just as you would for sudoUser.
That is, something like this ought to work as well:
sudoRunAsUser: %somegroup
sudoRunAsUser: !thatguy
where you could run commands as any user in "somegroup" except for
"thatguy" (don't be that guy).
I'm not sure how useful this really is, but under the hood sudoRunAsUser
is handled more or less the same as sudoUser so you get negation
for free.
- todd
More information about the sudo-users
mailing list