[sudo-users] sudoRunAsUser negation
pjcp64 at gmail.com
Wed Jul 10 16:03:56 MDT 2019
If a sudo -l -G somegroup option were available it might be
easier to wrap your brain around...
On Wed, Jul 10, 2019, 15:18 Todd C. Miller <Todd.Miller at sudo.ws> wrote:
> There are various ways you might use this, though the most
> straight-forward is probably in conjunction with "ALL".
> However, for sudoRunAsUser (but not sudoRunAsGroup) you could also
> use it along with groups or netgroups just as you would for sudoUser.
> That is, something like this ought to work as well:
> sudoRunAsUser: %somegroup
> sudoRunAsUser: !thatguy
> where you could run commands as any user in "somegroup" except for
> "thatguy" (don't be that guy).
> I'm not sure how useful this really is, but under the hood sudoRunAsUser
> is handled more or less the same as sudoUser so you get negation
> for free.
> - todd
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
More information about the sudo-users