[sudo-users] sudoRunAsUser negation

Thomas Harrison pjcp64 at gmail.com
Wed Jul 10 16:03:56 MDT 2019

If a      sudo -l -G somegroup      option were available it might be
easier to wrap your brain around...

On Wed, Jul 10, 2019, 15:18 Todd C. Miller <Todd.Miller at sudo.ws> wrote:

> There are various ways you might use this, though the most
> straight-forward is probably in conjunction with "ALL".
> However, for sudoRunAsUser (but not sudoRunAsGroup) you could also
> use it along with groups or netgroups just as you would for sudoUser.
> That is, something like this ought to work as well:
> sudoRunAsUser: %somegroup
> sudoRunAsUser: !thatguy
> where you could run commands as any user in "somegroup" except for
> "thatguy" (don't be that guy).
> I'm not sure how useful this really is, but under the hood sudoRunAsUser
> is handled more or less the same as sudoUser so you get negation
> for free.
>  - todd
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> https://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list